Are you using anything to defend against bots?

FAT32 is still a very common filesystem for flash drives and memory cards because it works on everything. Lots of people are likely to run into the 4GB file size limit.

Sure, their gear is a bit expensive, but their layer 3 switches are energy efficient and quiet. You can get an old, used switch for a lot less, but it will be expensive to run and the fans will be loud.

You can get conductive paint for RFI shielding. It’s very conductive, so make sure that the case can’t come in contact with any circuit boards or it will short out. Make sure the paint is compatible with the type of plastic you print the case out of too.

They also make ESD safe filament, but it’s $150+ a roll.

Are those mechanical hard drives? If so, I would want a fan moving air across them. Also keep in mind that most filament is not ESD safe.

SSHFS is slower than NFS due to the encryption and FUSE. It’s not a huge difference with a modern CPU and a 1 gbps connection, but it can be significant with an older CPU or a faster network.

You can use NFS over the internet, but it will be a lot more work to secure it. It was intended for use over a LAN and performance may not be great over the internet, especially with high latency or packet loss.

NFS is the best option if you only need to access the shared drives over your LAN. If you want to mount them over the internet, there’s SSHFS.

A web server with directory listing enabled would work fine for that.

The setting to look for is “IPv6 privacy extensions”. That prevents your IP address from being tied to your MAC address. It should be enabled by default on any modern operating system. It can be set to either permanent or temporary.

IPv6 allows you to have multiple addresses on the same device. You can have a temporary address for all outbound connections and a fixed address for inbound connections.

You can put each service on a separate subdomain and they will work fine.

Most routers don’t support open source firmware. If you want privacy and firmware updates, it needs to be supported by OpenWRT.

A mechanic’s stethoscope will make it pretty easy to figure out where the noise is coming from.

You don’t need a static IP address, but you do need a public IP address. You can use dynamic DNS to avoid having to keep track of your IP address. FreeDNS will work fine for a basic setup.

Wireguard is one of the easiest VPN servers to use. If you’re not using your ISP’s router, it may even have Wireguard built in.

You can find used Thinkcenters pretty cheap with AMD CPUs. I recently got an M75s Gen2 with a Ryzen 3 4350G for around $100.

LTO tape is good for 30 years when properly stored. You should be transferring the data to a newer format much sooner than that anyways. LTO drives are only backwards compatible for 1 or 2 versions, so you probably won’t be able to find a working drive that can read your tape 30 years later.

Switch to IPv6 only and the port scans will go away. The address space is so big that port scanning is difficult, so the usual bots don’t bother.

That uses proof of work rather than just detecting and blocking the bots.

The Pi Zero 2w will provide more than enough performance to stream a movie over Wireguard.

How much throughput do you need? The Pi Zero 2w will be fine on a DSL or cable connection, but it will limit your bandwidth on fiber.