Mergerfs + snapraid
If a drive fails, you only need the parity disk to restore, not the whole array. Also, if for some reason you can’t restore, you only lose data on the failed drive.
ZFS is great and for real NAS data, I’m a fan. But for large media files and and such that you are write once, read many, it’s a much better option I think.
Mergerfs is just to present all 20 drives as a single mount point so you aren’t searching thru 20 drives when you want to view.
Here’s the way I think of it. Imagine you live in a house at the end of a long street. Your front door is the login page to your Synology. All the measures you’ve put in place (cloudlfare, ip blocklists, firewall) are the equivalent of putting up a guard booth/gate at the end of your driveway that only allows cars with a license plate of a specific state.
You haven’t made yourself significantly more secure, just lined the traffic up in a more organized fashion. You are still trusting the people that made your door lock to not be vulnerable.
Yes, it’s easier to access vs having a big metal gate that only you have the code to open (VPN) in front of your house. But why open yourself up to a single point of failure?
Here’s just one recent example of an attacker being able to bypass the authentication on a synology. All the things you have implemented wouldn’t prevent a single person in the internet from using this exploit. https://www.zerodayinitiative.com/advisories/ZDI-23-660/