A second device on site is still infinitely more resilient than just letting it rock. Most use cases where a backup would help can be covered by an occasional one way sync or scheduled copy to a USB drive. Offsite is for catastrophes like your home burning down or flooding.

you’re not particularly worried about “someone”, you’re worried about bots that are scanning IP ranges and especially default ports. A lot of people will install a program, not really understand what it does, and forward a port because the setup told them to. Then proceed to never update the program (or it’s a poorly secured program in the first place).

if they got in…

You’re trusting Jellyfin to not have some form of privilege escalation attack available. I’m not saying they do have one or that anyone’s exploiting it in the field, but yeah. Also if your Jellyfin admin account is allowed to download subtitles to content folders, a “just fuck shit up” style vandal-hacker could delete your media probably. If you mount the media read-only that wouldn’t be a concern.

Do note that without that layer you were using Pangolin for, your system might be compromised by a vulnerability in Jellyfin’s server or a brute force attack on your Jellyfin admin account.

Everyone I know that actually keeps backups has the same kind of story. It’s sad that no matter how many other people talk about keeping backups, it always takes a tragic loss like this to get people to buy hardware/subscriptions.

I settled on Tubesync. Pinchflat mysteriously stopped downloading new vids from a playlist I had it monitor. Surely I could have fixed it by checking logs or whatever but Tubesync has the exact same feature list and no downsides, so I just killed my pinchflat container and spun up tubesync.

Can “your apps” access it when their device isn’t on your home LAN?