I have been considering just installing Debian on a small PC then the jellyfin media player application set to auto start. I can think of a few different ways to get this done maybe with a couple user accounts.
I like the idea of being able to change the application that automatically starts. Maybe I want to try Kodi again. I would just change the startup app.
Get your firewall right then maybe add fail2ban.
You could also consider IDs/IPs on your primary router/firewall if this is internal. If not you can install surricata on a public server. Obviously if you go with something as powerful as surricata you no longer need fail2ban.
Keep a sharp eye on any users with sudo. Beyond that consider docker as others have mentioned.
It does add to security because it allows the developers a bit more control of what packages are utilized for their applications. It creates a more predictable environment.
It seems that way but it performs better than zfs on top of zfs. The only os I ran into that with was opnsense when I was playing with a virtualized firewall.
Within guests these days I just use XFS, UFS, or NTFS depending on the os. The hypervisor can have zfs or ceph.
That’s what I said. Cow on top of cow is bad. Pretty sure ext4 isn’t on option on opnsense. UFS or zfs. Which is the only reason I mentioned it at all when presented with that choice.