I use Podcast Addict on Android.

Six one way half a dozen the other.

I personally would go down the proxmox lxc route using the Proxmox Helper Scrips the get the containers up and running.

You are going to need to provide a significant more amount of information. Like guide are you using, which specific step isn’t working, what error messages are you getting.

Go onnnn.

My god, he never took middle school hygiene. He never saw the propaganda films.

That comes to mind.

I think of it like Bethesda games.

It’s passable for what you want, but the real value is the plugins that can fix what problems you have.

But all those plugins also have security vulnerabilities that need to be managed.

Just don’t look behind the curtain to see what the CEO is up to.

I would have a standalone Forgejo server to act as your infrastructure server. Make it separate from your production k8s/k3s environment.
If something knocks out your infrastructure Forgejo instance then your prod instance will continue to work. If something knocks out your prod, then your infrastructure instance is still there to pull on.

One of the reasons I suggest k8s/k3s if something happens k8s/k3s will try to automatically bring the broken node back online.

If I am understanding correctly I would run Forgejo in a k8s/k3s pod

This will be your starting point but you would have to modify the setup to bring it into k8s or k3s

https://forgejo.org/docs/next/admin/installation-docker/

What I have seen people do in the past is use ansible secrets to secure the env file.

So only when the playbook is running does the env get decrypted.

Digital Ocean has an extensive how to on it.

https://www.digitalocean.com/community/tutorials/how-to-use-vault-to-protect-sensitive-ansible-data

I’d agree with that.

Average gaming PC.

128GB ram and a 4070 12GB. Doesn’t sound average.

I assume you have root login denied in your ssh config, other things would be having fail2ban and some geofencing (blocking IPs from countries you know you are never going to log in from).

40? Kinda curious what you are running now.

I would make a new volume on the nas for testing purposes. Give it enough space to hold some data but no where near enough for your production data.

Do you not normally read patch notes before patching?

As long as it doesn’t end in ;

A VPN doesn’t have to merge networks, you can still keep them as 2 separate broadcast domains. like your house could be 192.168.1.0/24 while your parents could be 192.168.5.0/24

Why no VPN? It is what the tech is for, making a private Network between places.

If you are both behind cgnat then you will need a third place to relay through like a dirt cheap VM or VPS.

Using public property for private usage likely fall on the bad side of acceptable use policies.

Don’t forget the exorbitant fees by Red Hat.