Andromxda

You could add secureblue. I would put it in the same category as GrapheneOS and Vanadium.

Chromium-based browsers have arguably better security than Firefox. https://madaidans-insecurities.github.io/firefox-chromium.html

Vanadium further improves Chromium's security by disabling the JS JIT Compiler, using a hardened memory allocator (GrapheneOS hardened_malloc) enabling ARMv8.5 MTE, and applying other hardening patches (https://github.com/GrapheneOS/Vanadium/tree/main/patches).

The secureblue project maintains a hardened Chromium build for Linux called Trivalent, which uses most of the patches from Vanadium, among others. You can get it from their repo: https://repo.secureblue.dev/secureblue.repo

your (very expensive) license is tied to a USB stick

Not true. You can link it to your Unraid.net account using Unraid Connect: https://docs.unraid.net/account/link-key/

Sure, it's not perfect, but still the best option for beginners.

Unraid is great for beginners.

HomeBox is perfect for your use case. You could also try InvenTree, but I think HomeBox is going to better suit your needs.

Thankfully though, the US != the entire world

You don't have to download anything, there are amazing streaming sites: https://fmhy.net/videopiracyguide

it would all be P2P backed up

It literally is. https://help.archive.org/help/archive-bittorrents/

That's why GrapheneOS had this feature for a long time, but with the ability to disable it. It also allows you to set the time period after which the reboot is initiated yourself. You can go as low as 10 minutes, or as high as 72 hours.

The GrapheneOS team is working on finding a suitable OEM that would be able to release flagship hardware with security comparable to a Pixel, and GrapheneOS preinstalled.

And they're even working on releasing phones that come with GrapheneOS preinstalled

Not the one who originally asked the question, but thanks, that looks very promising