Some diagram would help. Are you trying to use your server as a switch?

Do you plan to compress video ( which generally already compressed format) when saving to remote location? I do not see use case for it, as you ether use lossless compression and not compressing it in any meaningful way, or just re-encode to different format and loose quality. Second option is simpler to achieve by re-encoding before sending out.

Run long smart test on the disk and check smart data after that. Other possibility is ZFS pool is nearly full.

circular dependency seems to be the case. I guess adding second external resolver to /etc/resolve.conf will help. Second entry will not be used unless first one ( pi-hole) is responding. But it need to be tested.
BTW, why do you want to send host's DNS via pihole?

nope, it is very deeply customized debian. Need to be installed from scratch.

Open source projects need to make money somehow. I found VyOS method quite acceptable. They giving good instruction and tools to build your own stable ISO. So do not be lazy or contribute somehow. Unfortunately their paid support costs too much. I was considering trying to push VyOS to be used as virtual router at my work, but it costs more than Cisco C8000v

If you still use HTTP for cert verification on ACME, you are doing it wrong. Use DNS-01 only, there is no need to allow any inbound traffic to your servers. and HTTP will not give you wildcard anyway.

No HA. Classic HA is evil, shared control plane is good way to loose both FWs. Need redundancy use 2 independent FW + routing protocols. Losing session states during fail-over is not a big problem these days. I did in-place upgrades, but I'm running LTS and not yet done any major version upgrades. So far no problems.

Sorry, what do yo want to know? IT just a linux based router pretended to be a juniper FW. NAT/IPv6/PPPoE/VRFs are working as expected.

Can you promise a near 100% uptime? Otherwise, some email might not reach you. Just lol. Mail get queued just fine by everyone. If you really concern , setup second MX.

Specks lookg good, Intel NIC, semi decent CPU. I would say it is even overspec for a router.

It is an option. But used from Ali? I'm not sure that I would trust them with my data.