I view podman as a mostly drop in replacement for docker but it doesn’t have a daemon (for better and worse). I wouldn’t recommend using podman for you right now. I’d strongly recommend docker-compose (not docker run).
If you’re ever stuck trying to convert a docker run command to a compose.yml file, composerize.com is helpful.
I have about 20 services on my machine so I’m going to need to open a ton of ports (ssh, SSL, multiple higher number ports since some services require several ports). At that point, what is the point of a firewall if so many ports are open? With so many ports open, it seems like a firewall doesn’t add much security vs the complexity it adds.
I had a similar journey and recommend it. I started with Open Media Vault with docker containers configured via a GUI, then to Debian + docker compose, then to Debian deployed with Ansible + docker compose, and now I’m with NixOS + podman compose. The first jump to Debian was the most intimidating for me learning CLI commands for the first time and not having defaults chosen for me, but it was liberating to finally learn the actual tools and not just learn a GUI abstraction for tools.
I’ve seen some interesting development with Music Assistant but I haven’t personally used it. It’s not sure if it can be commanded using the cast button.
My server is only available on my LAN and via a VPN. Is fail2ban applicable? Or is it mainly for public facing servers?