Since you already got some replies, a bit of a different approach would be to set those services up using Docker and having Tailscale as a sidecar to each one of those.
You will then be able to access each one as a seperate device. immich.*.ts.net etc.
I’ve been wanting to buy a Pixel for a while now (for GrapheneOS), but there’s always something that bothers me too much.
This time around, the Pixel 9 pro sounds like it will be great, but I’ll be waiting to see Google’s custom SoC using TSMC for the Pixel 10.
I could always just get the 9 later at a lower price or used.
Google is also giving support for its Pixel devices since the Pixel 8 line.
And their Pixel 8a is also going to get 7 years of support, which is neat.
Hopefully others follow.
Just want to add that at the moment AV1 is only beneficial for encoding to lower bitrate videos.
It’s still better to use x265 for high bitrate.
Just be aware that for a period of time the MX 500 had many reports of high failure rate. Not sure if it was due to a change of components or firmware.
Example post about it: https://www.reddit.com/r/sysadmin/comments/whr5ek/crucial_mx500_historically_good_recent_batches/
An article (In Portuguese).
And another post about it.
Personally I use Newmaxx’s site and spreadsheet which has more indepth information about the SSDs like their controllers and NAND type - https://borecraft.com/
You can also check their subreddit for some reviews and such.
That and some stats from Backblaze and general reviews.
And I use price trackers to make sure I’m getting a good price.
I don’t like going by specific brands, because they all have some less ideal models and some of them tend to change some of the components after a while.
Tailscale funnel lets you expose services to the internet without opening any ports.
There’s also the option of inviting your friends to your Tailscale network and limiting them to specific services. But they’ll have to install it on their devices.
Just chiming in about Tailscale.
The initial connection uses their server just to reach / connect to the other peer. After that, the peers are connected directly and all communication is direct.
I might have misunderstood you, but data transferred inside the tailnet will always be encrypted by Tailscale.
So if you’re connected to a public wifi and someone’s looking at your traffic, accessing a random http site would be clear text, but accessing an http site inside your tailnet will be encrypted.
Unless you define an exit node and tell Tailscale to use it. And then all your traffic will be encrypted from the view of the one looking at your traffic logs from the public wifi (and clear text from the exit node to the random http site).
There’s no need, but if you really want to, you can do it through Tailscale - Provision TLS certificates for your internal Tailscale services
Transcend ssd220s (4tb SATA) can be found for really nice prices.
Even had a thread about this one on Lemmy cuz I wasn’t sure how good it is (it’s great).
Another option: Pine64’s board
Yup.
Tailscale has some documentation about it, and also a bunch of examples (And apparently one specific to Immich).