run it at work. I would say it bit too heavy and too much for home usage.
TheHolm
joined 1 year ago
Event already past us. But nothing stops from similar events happen in the future.
Put docker to ZFS ( you should do it anyway regardless of encryption) and use ZFS native encryption. Benefits over other filesytems that you can load/unload decryption keys to sensitive data only when need to access it. And you can backup it in encrypted form, so you backup software will never see plain text. You can do similar stuff with VeraCrypt or other encrypted volumes and bind mount.
Do not see it is possible. You need a LAN gateway in Aunt's network. SmartTV usualy do not support any VPN services. It does not need to be same box as router.
If Aunt's internet have a fixed ip, than you can expose you Plex server and other things to internet and allow access only from that IP. If Aunt's internet has dynamic IP but you can somehow use Dynamic DNS to trace it ( many SOHO routers support it out of box) and than configure FW on your home network to open ports only to IP it get on DNS. It is more tricky and IP on you r FWwill not be updated instantly if Aunt's IP changed.
Proper RA VPN is right way to do it unless you need to use it with dumb smart tv ( i guess Google TV stick allow to install VPN software on them ). Wireguard/Tailscale/Headscale/Nebula are all fine it just depends how much infra you want to manage. But in all this case VPN softwere need to be installed on each endpoint.
Are you running LAN-to-LAN between your and aunt's ? Where RA VPN is coming into picture? Whole network setup is bit unclear form your description
Do you own IPv4 address space as individual? I do not think it will happen in his era. Just pick ISP which provides internet services to businesses only (probably as colo), so you IP will not get listed as "residential" and start building up reputation. Secondary MX on cheap VPS is fine.