To piggyback off the mention of security, I personally feel a little icky having ports open to the world on my home network. I would definitely recommend OP to look into using a VPN to connect back to the home network. Easy-to-use options like Tailscale and ZeroTier exist, or if they want they could roll their own with Wireguard (not sure what exactly is involved doing this, I went the easy route)
I have an alt account on sh.itjust.works for whenever lemmy.world is down. I'd love to know what you dislike about them so I can determine whether or not I should have a different alt instance. I'm pretty OOTL when it comes to instance drama
I do the wrong thing and chmod 777 all my media folders. If someone is that far into my network I'm probably screwed anyways
Not a dumb question at all! It can take some time to really wrap your head around this stuff
If you want Plex to be able to serve media all the time (even when your main PC is off or you're switching between your Linux and Windows installs) then you'd have to run it on the NAS. You may be able to keep the *arr stack on your Linux drive if you don't care about uptime, since these programs really only need to run when you need media files managed. That being said, you might find it more simple to manage if you migrate all your workloads to the NAS
I currently have Plex running as an "app" on my TrueNAS SCALE NAS, which is just what they call containers/deployments. It runs very well, and I was even able to pass though a GPU for transcoding
I didn't see this mentioned so apologies if this is a duplicate, but keep in mind that for your *arr stack you will run into issues if you try to keep the config files on the NAS instead of stored locally to the server they run on. Radarr and Sonarr both use sqlite which does NOT like networked file storage due to the way it handles locking files. You can store the media that they handle on your new NAS just fine though!
Just to confirm, you don't have space next to your modem and/or router for the new Celeron box, correct?
I'm not sure how good of performance you would have if you run the firewall on the Celeron box connected to the LAN portion of your current router, but you could always give it a shot and if it doesn't work the way you'd like it to then you could try a different solution. From my understanding this setup would cause all traffic to go through your router at least 2x (even if it's only on layer 2 via the built-in switch.) it may not be that much of a drain though, I've never run a setup like that before
The best layout would be modem -> opnsense router -> Tplink device running in AP mode. From what you've said that doesn't sound feasible at this time. You might be able to utilize a bridge mode somehow, but at that point I'd be guessing since I don't remember much about the tplink consumer router capabilities
If you're comfortable running your own router, my suggestion would be to install Opnsense on the new celeron box (as long as it has multiple ports and all the drivers exist in FreeBSD) and keep the TPLink in AP mode so it only handles the wifi side of things Opnsense is incredibly powerful and should have no problem running as your DHCP/firewall/wg box. I don't run pihole anymore since it has an Adguard Home plugin you can set up, but I did find it a bit more challenging to configure than pihole was
One is a video game and the other is a company creating barriers to communication in an attempt to sell more devices. Not really equivalent imo