You can set up firewall rules to redirect the traffic destined for public DNS servers to your internal DNS server.

Not sure how to construct that rule in the unifi firewall but it comes down to "any outbound traffic on port 53 that's not destined for the adguard server, redirect it."

I just use ssh for management. Monitoring is handled by nagios.

Shouldn't use the Xfinity router anyway, that thing is fuckin garbage.

This is the one I'm using as well. I use it to keep my work laptop running Linux in sync with the various Windows desktops I use in our offices. Works great for keeping my work keepass vault in sync.

Mail server, but mostly because deliverability in this day and age is a nightmare. If you're some one off running your own mail server in 2023 be prepared to deal with many headaches around IP reputation.

You don't need to be home for a cron job to run.

USB has a bad habit of randomly dropping off the bus until you reseat the cable or reset the device.

If you've got a copy of the data that's local, why are you opening up ports? Just run the backup job internally.

I'm also not fond of using SBCs as a NAS, by nature their I/O is extremely limited. It will probably work as a backup, but man do I not trust a USB interface at all.

I also recommend not relying on email for notifications - too unreliable. I use the healthchecks.io docker image and have it send me notifications via Pushover when something fails.

I really hope you have that backed up