Well it’s not open source that I see, so you’ll be doing significant development to match it. There are probably place clones that you can use as a start, then tie in OSM. But that’s far easier said than done.

If you’re adding drives with more capacity, why bother converting? Just create the new one, copy the data, then expand over the old disks.

Have backups for anything you can’t afford to lose, and be patient.

Is it just a sync thing, and more will come in over time? I’ve never played with hosting. But I do know you should check the logs.

Not everything runs in a container.

I don’t think you want two VPN services, I think you want one VPN service and plain network routing. Use the VPN server as the local gateway, and the VPN server routes that traffic up the tunnel.

I think you should seek someone with experience, a mentor. Otherwise it’s the blind leading the blind.

It would be easiest to just change the client addresses frequently. You should be able to configure that in your addressing system.

Add :ro for read-only.

I would complain to the developer. They’re the ones managing this process.

WAF and DMZ too.

Yes, those are the known vulnerabilities. We don’t know how many unknown vulnerabilities could be discovered in the future.

Firewalls can log dropped packets.

It depends on what you’re trying to do with it. Typically people only use Macs as servers when they’re doing development for Apple products.

Provide them with VPN access. If that’s too much for them, then they don’t get access. Tough. On the scale of security vs convenience, that’s nothing.

If you really really want, you should at least see if you can put a WAF in front, and put the server itself somewhere it doesn’t have access to the rest of your network (a DMZ) so that if and when it gets hacked, it doesn’t compromise the entire network.

Step one is check with the university IT department. Don’t put random unmanageable shit on other people’s networks.

Why a Mac running Linux? I can’t think of a use case for that.

I still don’t recommend putting jellyfin on the Internet. It’s not designed for it. There are some API endpoints you can access without authentication, not to mention potential authentication bypass vulnerabilities.

5 minutes is also probably too frequent. Leases are usually significantly longer. You might hit a rate limit and get blocked.

Probably through that link in your screenshot that says “logs”. Or directly on the server. Consult the documentation.

What’s in the logs?

If it’s on the Internet, yes.

Given the state of the Internet, you should keep a healthy level of paranoia. I always recommend exposing as little as possible, and that means using only a VPN and not putting jellyfin itself on the Internet.