Proxmox can run lxc containers natively.

Personally I keep a Debian VM for docker, a holdover from before hypervisors supported containers natively. I use docker compose and it Just Works™.

I don’t think jellyfin runs on DOS.

VPN. Jellyfin is not intended for direct exposure to the Internet.

You should run it in docker anyway for convenience. A reverse proxy is optional, but I use traefik also for convenience (so that I can just use domain names on the same port, and so that it can automatically fetch certs).

Devuan is Debian with sysv.

This shows that it has.

Intel’s current corporate nonsense doesn’t affect the quality of existing products. They will continue to be supported under Linux and BSD for a long time.

If you pass a whole raw disk, not virtualized, then TrueNAS should not complain. I don’t know if you can do that in proxmox, I haven’t tried.

Personally I’d get rid of TrueNAS. Even if docker is down, the VM with the data is still up and accessible over anything running on the VM, like scp via ssh.

Memtest? Boot a live image and stress test each component?

I don’t think it’s overheating, usually that presents as throttling followed by a thermal protection power off.

Well it’s not open source that I see, so you’ll be doing significant development to match it. There are probably place clones that you can use as a start, then tie in OSM. But that’s far easier said than done.

If you’re adding drives with more capacity, why bother converting? Just create the new one, copy the data, then expand over the old disks.

Have backups for anything you can’t afford to lose, and be patient.

Not everything runs in a container.

I don’t think you want two VPN services, I think you want one VPN service and plain network routing. Use the VPN server as the local gateway, and the VPN server routes that traffic up the tunnel.

Why are there vigilantes, Roblox?

I think you should seek someone with experience, a mentor. Otherwise it’s the blind leading the blind.

It would be easiest to just change the client addresses frequently. You should be able to configure that in your addressing system.

WAF and DMZ too.

Yes, those are the known vulnerabilities. We don’t know how many unknown vulnerabilities could be discovered in the future.

Firewalls can log dropped packets.

Kid friendly, except the predatory parts.