I’m no security expert and my biggest concern with self-hosting is making a configuration error in the OS or some app, or missing a critical update that allows someone access to my personal data. In order to reduce the attack surface and management requirements my network can only be accessed through Wireguard. The random open WG ports do not respond to unauthenticated packets, so someone would have to have access to my configurations to be able to get past my firewall, at least in the absence of some yet unknown vulnerability. Of course that won’t prevent mistakes being made on PCs (especially Windows) but it’s one less thing to worry about.

Wireguard clients on our PCs and phones make connecting and accessing media and files a breeze. There are no third parties involved so enshittification by some company’s security breach or sudden monthly fee isn’t going to happen.

I have a Bosgame mini-PC that is completely inaudible unless you get close to it. Power draw is <15 watts under light load meaning that even with the high electricity rates where I live it costs less than $3.50 a month to operate. I’ve avoided hard drives because I don’t want to listen to them whine, so no comment there. Two simultaneous 1080p Jellyfin streams increase CPU utilization by less than a percent and it still is under 5% with a couple of other Docker containers running.

Good luck setting everything up to your liking.

Started with it on a server but moved it to my Openwrt router. If the router’s up the tunnel’s up.