Proxy+UPS
see also see also Proxy
apps
webmin :10000 (TSL/SSL)
squid with daily adblocker-urls (80/443 transparent, 8080/8443 standard)
pihole as dns adblocker (53, 80/443)
pdns dns cache (53)
pvr for mediathek etc.
logrotate
failban
ssh knocking ports
ids / ips
rootkit checker
filesystem
btrfs compress filesystem
zfs compress fs + 2nd drive cache ssd → hdd
usv/ups
ups/usv - lan cable off → shutdown in 10min when (blocker-file not exists) or (wlan usb not exists) otherwise enable wlan (when exists and promote in cloud private ip?)
lan by power-ethernet with remote switched outlet (manual on / off by user, shutdown by lan-off detection)
behaviour
vm: lan off → shutdown 10min → write zerofile (for better backup-compression of vm file), each time a new till no empty space (leave space when shutting down for next bootup)
raspi: lan off → log file entry / remove blocker file → shutdown 10min
parameters
blocker file (like /etc/nossh) to prevent shutdown by lost lan connection
no graphical mode (server mode)
hardened?
no mitigations (url boot parameter fast linux?)
squid as proxy port 80
squid as transparent proxy (ssl bump, ssl/tls certs of squid in client installed)
web-cache promotion by lan ad (proxy file?)
hardware
vm without hyperthreading on host (bios, ht intel, smt amd)
raspi 2 + usv battery (compiler help by PC)
little ssd as cache, hdd as big storage (media, web cache squid)
usb tv with remote control for pvr
linux distro
vm gentoo 64 / 32 (compiler help for arm raspi)
raspi2 gentoo 32 (64?)
nice to have
raspi camera / motion detection
automation / repeatable
script / log
ansible