tychosmoose

For DIY consider a setup that supports ECC RAM to help prevent corruption. Any good server motherboard should do.

Unraid is pretty easy to get going on. That's probably the direction I would take in your situation.

Also, if you're not doing 3-2-1 backup now might be a good time to consider an off-site backup plan. That 4-bay Synology at a friend's house with a VPN path would be an option for critical data. You could give them some partitioned space on there and on your new NAS to compensate for the power usage. Setup Borg or Restic and it'll be encrypted on the remote NAS, and benefit from incremental and dedupe to minimize bandwidth usage.

Two of the things that I think are new vs the current system are:

Wallet: anonymous holding of currency without a custodian. You can't hold fiat currency digitally today without a bank or other entity providing that service.

Transfer: moving fiat currency anonymously and under your own direction without intermediaries. You can't make a digital payment or transfer in pure fiat currency today without that custodian providing the service (often through fee-based payment network). As a result, your identity is known when that transaction happens.

Ah, got it. That plan should be great. You can segment your own wired+WiFi network with that hardware, and even do Wireguard from the hAP ax2 to get whole-network egress via an outside VPN service at a good data rate, if you want.

The other devices you might consider as the router are the GL-iNet Slate series. They will be slower as a VPN router, but they're pretty small and light. They come with a skinned OpenWRT, but in most cases you can install a build of the unmodified OS if you want.

Sure. That plan would work. You might want to be sure that this is permitted at your university.

Universities often have strict rules about what should connect to their networks.

That isn't what I would choose for your situation. CRS3xx switches are fast at switching (layer 1 & 2), but not as a NAT router, which you probably need.

Better to pick something from the Mikrotik Ethernet Routers range, assuming you don't want your personal LAN to have WiFi. The L009 or basic RB5009 are both good options in the same price range. Choosing depends on your upstream connection speed. Both are fanless.

Or pick a Home/Office Wireless device if you are permitted to have your own WiFi access point. The hAP ax2 is small, affordable and performs well at 1Gbps. If your upstream connection is 1Gpbs this is probably what I would choose even if you don't want WiFi as long as this is enough ports. Just turn off its WiFi radios to use it wired-only. If you have a 2.5Gbps upstream port then hAP ax3 is a better choice.

All the Mikrotik choices will require some learning if you want anything beyond a basic router configuration. But once you get it like you want it they are very solid and reliable.

OpenWRT and OPNSense are easier to jump into without a lot of effort, so if you don't want a networking hobby I would use one of them. Pick up pre installed device if you want it easy. Or get a mini PC with a few network ports and install the OS yourself to get more power for the money.

How about creating your own LAN within the untrusted network?

Something like an inexpensive OpenWRT router would do fine. Connect all your devices and the server to the router. They are now on a trusted network. Set up Wireguard on the OpenWRT router to connect to Proton so that your outbound traffic from all your devices is secured.

Yes indeed. Everyone arriving goes through immigration, collects bags, clears customs; and only then may proceed to the exit, or recheck bags and go back through security to catch a connecting flight.

The only exception is if you originated at a pre-clearance airport and did the immigration stuff before departure. But that means you still need a visa. And it's only at a handful of airports in Canada, Ireland, UAE and the Caribbean.

In the US, if you land, you must pass through immigration.

~~At least I'm not aware of any airports where there is an international terminal like you find elsewhere in the world. Ours require entry to the country even if you are connecting to another international flight.~~

Edit: yep, none have this.