Tailscale serve might work; I haven't tried it so I don't know what it's capable of.
Usually I'd recommend getting a real domain name and using Let's Encrypt. .com domains are around $10/year but some TLDs are even cheaper. If you don't mind which TLD you use, go to tld-list.com and sort by renewal price.
Edit: I forgot to mention - a server does not need to be publicly exposed to use Let's Encrypt. You can use a DNS challenge instead of a HTTP one.
Interesting! They used to have a warning about it. I guess they removed it at some point. It's referenced in this discussion for example: https://github.com/immich-app/immich/discussions/13008
Tailscale is great. You should use it. Most of their code is open-source. Their coordination server is closed-source, however there's a self-hostable open-source reimplemention called Headscale if you want a fully-open-source Tailscale stack.
Tailscale is a peer to peer VPN, meaning there's no central server like with OpenVPN. Systems on the VPN connect directly to each other. You can also use Wireguard in this way if you configure it as a mesh (every device on the VPN has every other device configured as a peer, and for each pair, at least one of them has the port open and forwarded). Tailscale is more reliable for that as it uses several NAT traversal techniques, so you don't need to open the port and it works even if both ends are behind NAT.
Immich doesn't rely on Tailscale; you can use any VPN. ~~They don't recommend exposing it to the public internet at the moment though, which is why you'd use a VPN~~ (edit: as per a reply, this is not the case any more). In general, never expose anything publicly unless it absolutely has to be (like a website that anyone can access). For giving access to friends, you can share a device with them via Tailscale and configure an ACL so they can only access particular services on it.
For the drives, I'd recommend ZFS instead of Ext4 or NTFS. ZFS can detect bitrot and corruption using checksums, which neither Ext4 nor NTFS can do. NTFS isn't recommended unless you're running Windows Server, but you already said you're using Proxmox.
IMO, use Syncthing instead of Nextcloud, unless you'll be using all the other apps that come with Nextcloud (calendar, office tools, chat, etc). Syncthing does one thing and it does it well, which is almost always better than using software that tries doing a large number of things. Consider Seafile too.
For backups, I'd recommend Borgbackup and Borgmatic. Get a cheap storage VPS to store it. You should be able to get a deal for less than $2/TB/month during the current Black Friday sales. Check LowEndTalk for deals. A Hetzner storage box would work great too.
This is probably a better analogy. Thanks.
Should the USPS/AusPost/your local postal service be allowed to cut off a household's postal service because someone received pirated CDs in the mail? That's essentially the same thing. If anything, internet access is more important than mail these days.
Unfortunately it looks like that one is for Apple devices, whereas I use Linux on desktop and Android on mobile.
There's some, but I haven't seen any that have the main features Plex and Plexamp have:
And probably other things I'm forgetting.
Thankfully CGNAT isn't as common in the USA as it is in other countries. In the US, ISPs generally either offer native IPv4 (most of the major ones), or only use IPv6 and provide IPv4 at all. The latter is the case with a lot of the mobile carriers, especially T-Mobile. Your phone only gets an IPv6 address, and their network uses 464XLAT to connect to legacy IPv4-only servers.
Do you have a CVE for this?
Plex still has the most fully-featured music streaming app (Plexamp)
Prices rarely, if ever, go down in a meaningful degree.
In 2011, there was a large flood in Thailand that impacted ~40% of hard drive manufacturing. As a result, hard drives significantly increased in price. This was back when SSDs weren't mainstream yet.
A year or two later, when manufacturing capacity was restored, prices were essentially back to what they were before the disruption.
Apart from disruptions like that, HDDs, SSDs, and RAM have always been going down in price.
California is doing this too, so "world's first" also confused me. The California version requires Doordash, Uber Eats, etc to pay 120% of the minimum wage for each hour the driver is working (from when they accept an order to when it's delivered, excluding waiting time), plus 35 cents per mile for miles driven during deliveries.
The current plan is for the floor to be 47 days. https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days, and this is not until 2029 in order to give people sufficient time to adjust. Of course, individual certificate authorities can choose to have lower validity periods than 47 days if they want to.
Essentially, the goal is for everyone to automatically renew the certificates once per month, but include some buffer time in case of issues.