It's worth the hassle. If you are obsessed with power consumption, consider the fact that Pis are very power inefficient. They draw less but also produce way less than other CPUs. Performance per Watt is shit. They were conceived as thinkerware. They are not reliable the way everyone here wants them to be.

Just to put your puny power concerns into perspective. My homelab draws around 130w on average. One big box with lots of HDDs, 2 Lenovo Tinies, networking.

My laptop draws more power in 24h than my homelab. If you have a desktop, the discrepancy is even bigger. Nearly anything in your household blows your setup out of the water. I live in a country with relatively high power costs and I can assure you, your concerns are nothing more than a thought experiment.

I would get the N100, get 2x2TB SSD as well as some smaller SSDs for VM and LXC storage. Create a hypervisor with the appliances you need - NAS, Docker, heck if the board has a free PCIe slot you can put a 4x1GbE NIC and spin up a networking VM too. This way you can streamline the maintenance - updates, backups, etc. And the best part is that this single box will be waaay above anything you have now.

Everyone jumps to parrot "Frigate" but Frigate is shit for live viewing and interactions. Live viewing is rudimentary, there is no PTZ control (as far as I know) and no voice communication.

It's strictly a smart NVR and as such it performs exceptionally well. It recognizes, records and marks events so that you can come later and find what you are looking for, very easily.

If you want interaction - live viewing, PTZ, Voice, you sholud look elsewhere. Shinobi supports PTZ, so does Blue Iris. Both can record audio but I'm not sure of broadcasting audio back to the cameras. Zoneminder is an option too, it supposedly supports them aswell but I have never tried it.

When I was setting up my CCTV, it was Shinobi vs Frigate. I had configured Shinobi and planned on deploying it but decided to try Frigate on a whim and never looked back.

In short, Frigate covers most needs perfectly but people shouldn't just parrot the same thing without answering within the context of the question.

I scrolled through the discussion and remembered why I love Docker. The only people who see Docker as a hurdle are those who haven't used it. Especially with these microservice apps.

I've have sites on Jekyll and Hugo. I prefer Hugo.

One of my Hugo sites is very heavy on images and although it's not a photography portfolio, it's a portfolio of progress photos. Almost 1500 images. Hugo builds the site and generates the thumbs in under 3min which is impressive, compared to other SSGs.

I use Go templating in other places so Hugo templates come a lot easier than Jekyll's. It's a bonus in my book.

I don't think such a thing exists. It clashes with the idea of selfhosting. You can shoestring a solution that will do what you ask but it won't be an appliance/application that someone else maintains.

Weekly unattended apt and docker updates are actually worse than manual ones. I update maybe once a month. Watchtower takes care or checking and downloading new updates but I'm the one to redeploy containers with the new image.

The closest thing that comes to mind is Portainer. It offers point 1, 4, 6. The Business edition has update checking built into the UI. The Community edition lacks update checking but you can substitute it (and improve on it IMO) with Watchtower.

Watchtower can check and download updates while you just click redeploy.

For backups, try Nautical Backup

This leaves only rollbacks unaddressed. But realistically, on a hands-off box, you won't need it and if you do, copying over from the backup will be enough.

TechnoTim on wildcard certs

Instead of using Duck DNS, buy a cheap domain, register it with Cloudflare, set up "cloudflared" which dynamically updates your DNS records - a DIY DDNS. You could even call it DDDNS. That way you are in control of the whole chain.

The others gave you a solution but note the following:

Jellyfin in a VM means that once you passthrough the GPU to the VM, you will lose graphical capabilities on the host. That could be a dealbreaker. Segmenting the GPU is inefficient.

I host my Jellyfin in a LXC because I can passthrough the GPU without reserving it to the LXC.

It's worth it. At some point you might enconter a service that requires SSL to work even on LAN. I treat them like pipes. The fewer pipes i need to pipe traffic through, the easier it is.

I use split DNS to access services locally, over the internet and via VPN. Everything is behind a Traefik proxy that uses wildcard certs. It enforces SSL for everything and I have just one pipe to think about.