That reminds me … another annoying thing Google did was list my private jellyfin instance as a “deceptive site”, after it had uninvitedly crawled it.

A common issue it seems.

cgnat

Ew

What I used to do was: I put jellyfin behind an nginx reverse proxy, on a separate vhost (so on a unique domain). Then I added basic authentication (a htpasswd file) with an unguessable password on the whole domain. Then I added geoip firewall rules so that port 443 was only reachable from the country I was in. I live in small country, so this significantly limits exposure.

Downside of this approach: basic auth is annoying. The jellyfin client doesn’t like it … so I had to use a browser to stream.

Nowadays, I put all my services behind a wireguard VPN and I expose nothing else. Only issue I’ve had is when I was on vacation in a bnb and they used the same IP range as my home network :-|

This is how I found out Google harvests the URLs I visit through Chrome.

Got google bots trying to crawl deep links into a domain that I hadn’t published anywhere.

all you need is to get a static IP for your home network

Don’t even need a static IP. Dyndns is enough.

Trim support is standard. Any kernel released in the past 15 years or so will have trim support built in. So that’s not something you should worry about.

How trimming is triggered is another matter, and is distro dependent. On Arch and Debian at least there is a weekly systemd timer that runs the fstrim command on all trimmable filesystems. You can check it if’s enabled with: systemctl list-unit-files fstrim.timer. I can’t tell how other distributions handle that. On Debian derived ones, I imagine it’s similar, on something like Slackware, which is systemd-less and more hands-off in its approach, you may have to schedule fstrim yourself, or run it manually occasionally.

There is also the discard mount option that you can add in /etc/fstab, which enables automatic synchronous trimming every time blocks are deleted, but its use is discouraged because it carries a performance penalty.

Hope that answers your question.