for a homelab I don’t think it’s feasible to fully review the source code of everything you install

Here’s what you can actually do:

• Consider if you actually need the application and stop applications you don’t use
• Don’t allow public access unless it is necessary, consider VPN/reverse proxies with client authentication (if supported)
• isolate applications that don’t need to talk to each other
• • see also rootless podman, firewalls, virtual machines, etc
• • don’t forget network access, if everything runs on 127.0.0.1 and every service shares it then they can all talk to each other! (See also network namespaces or VMs)
• Don’t reuse passwords
• keep software up to date
• actually evaluate the quality of the project if it needs access to sensitive information
• • see open issues, closed issues that stand out
• • check for audits or at least a history of good effort™

Sure you wont always catch ai slop this way but you don’t need to read a line of code to at least be reasonably sure your arr stack won’t get to the family photos.