I can play zero dawn on mine and boy did it make train rides tolerable.

RouterOS has WG built in as well as ZeroTier. RouterOS has become quite powerful lately, but make sure you have at least an ARM/ARM64 CPU for it.

All of my remote routers are running RouterOS without anything on top of it. RouterOS is powerful enough for anything I throw on it. But I am using much beefier routers, I have 2 x 5009 and a HAP AX3 which have plenty of flash and ram ro run the additional packages I need.

As for normal computers, I have it on a UPS and I backup core files to off-site areas. Additionally, I buy SSDs that have a little bit of powerloss protection.

I’ve never had issues with mini PCs but I’ve had issues with PIs. I’ve since switched to high endurance SD cards for my Pis and they’ve been rock solid. One’s actually semi exposed to the elements for about a year now without a hiccup.

With RouterOS you can still use DoH with either a self hosted list or a selected ad list. If you want to selfhost a DNS server I’d just host a Adguard Home instance on a VPS for all of your devices.

I also have 2 VPN system for my remote management on 2 separate systems. I learned that the hard way when one of my clients is 8 timezones away.

My ISP blocks all outgoing ports. Maybe I’m not trying hard enough but anything I try port forwarding ends up getting blocked.

Minecraft and port 80 are the 2 I’ve tried and they’ve been unresponsive

I’m using the rb5009 but im using RouterOS not openwrt. Any reason why you’d want to do that?

I personally think if you’re buying a purpose built hardware and then putting your own software on it, you should move to a mini computer with OpnSense.

I’m switching my immich instance to an SSD one and switching my VPN from zerotier to tailscale.

Hopefully that means my Immich will be a little more reactive.

I self host satisfactory. It’s going swimmingly.

Stopping down doesn’t always give you sharper images. You may run into diffraction softening.

Focusing and then stopping down may shift your focal plane. Try to focus at your chosen aperture.

Try to use the electronic shutter function for astro photography. Even the shutter moving across the sensor can cause vibrations.

The 500 rule is useful for astro, but with modern higher resolution sensors, the NPF rule is better suited.

Not getting amazing astro shots? You may need to modify or buy a camera that is sensitive to Hα (Hydrogen-alpha) removing the infrared/IR filter off your camera will allow you to shoot full spectrum. Although you will need something to only allow 450 to 520nm and from 640 to 690nm into your sensor.

Sensors will always have dead or stuck pixels. You can take 10-20 black frames to try to help your image processor find and erase them.

Optical vignetting is common when you shoot wide open. Stop down 2-3 stops from your max aperture to try and remove the effect.

Shooting expired film is fine, just make sure you over expose 1 stop per decade it’s expired. So a 20 year old film, shoot 2 stops over exposed.

It’s hard to explain from scratch.

Caddy is a reverse proxy software that essentially redirects traffic from a certain port to another port. For example external:port => internal:port. It also enables SSL encryption meaning everything will be encrypted en route between the external and the user.

VPS is a virtual private server. Just someone else’s computer you can expose to the Internet.

Tailscale is a mesh VPN that uses wire guard as its transport. I use this to tunnel between my VPS and my Immich server to hide my home IP and to allow encrypted traffic between my Immich server and my VPS.

A zero-day (also known as a 0-day) is a vulnerability in software or hardware that is typically unknown to the vendor and for which no patch or other fix is available. The vendor thus has zero days to prepare a patch, as the vulnerability has already been described or exploited.

There’s no fix other than security through layers.

Pretty much I have caddy on a VPS that’s pointing to my internal IP using a tailscale tunnel. You are still exposing the web gui to the Internet so I just changed authentication to OAuth to mitigate since risk. There is still a possibility of attacks via zero days, but my immich is on a VM and I’m creating firewall rules to just allow certain ports out.