Anything that is exposed is done through nginx proxy manager and 2FA is enforced on those apps either through the app or through Authelia.
Some of the exposed apps are shared with friends and family so easier to expose securely than mess with VPN for them.
Anything else is only accessible via VPN on my router.
I need to look at tailscale.
Some systems support MFA eg vaultwarden. For that I use the built in MFA with Yubikeys.
For things that are not MFA supported but I need them to be open I put them behind Authelia and Nginx Proxy Manager.
Authelia config makes sense now. It was confusing at first however the custom config required on NPM still confuses me.
Anything else stays off the internet and I can access via vpn back into my LAN.
After picking up a set of Hue bulbs and using them for a while I wanted to do more in terms of automation especially when arriving home etc. I found home assistant and never looked back.
Back then I was using a raspberry pi but upgraded to a dedicated Debian box a year later to which I’m not running around 50 containers.
Since having a device that can natively watch x265 I only get that format now. I’m not sure of the quality is better vs x264 but for TV shows the disk space reduction makes up for any quality loss. Movies might be different and it depends on the film but I’m still only getting 1080p rips so again maybe the quality is that important compared to 4K?
Orion Browser allows full extensions such as ublock origin. That helps but I found even if the steam plays on the iOS device the Airplay stream won’t work due to some odd encoding the website is doing.