Sheogorath on Nostr: Yes, something I also do and recommend is to isolate it network-wise from the home ...
Yes, something I also do and recommend is to isolate it network-wise from the home network.
My jellyfin gets its volumes from outside the container, can't talk to anything but DNS internally and the web to get plugins and metadata and all that. So unless one gets a container breakout, internal systems should be fine.
https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/blob/968c44f00a1027a084076b958c1081aa82ad7894/apps/k8s01/jellyfin/kustomization.yaml
My jellyfin gets its volumes from outside the container, can't talk to anything but DNS internally and the web to get plugins and metadata and all that. So unless one gets a container breakout, internal systems should be fine.
https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/blob/968c44f00a1027a084076b958c1081aa82ad7894/apps/k8s01/jellyfin/kustomization.yaml