Do you have a throwaway email address that could be used instead, not connected to the accounts on that smartcard/yubikey? Perhaps put a phone number or PO box with the message "if lost please call/send to". This worked for me in a major city, where I dropped my swipe badge and transit card. A nice gentleman called me & we met up a block away to pass it back. I then verified the access has not been tampoered with, and asked for new cards (just in case).
Hey @[email protected] what did you end up doing with the server? From where yo uar enow, we could provide some other ideas/directions to head.
There is the personal/home security hand out from the NSA (yea, that NSA) https://www.nsa.gov/portals/75/documents/what-we-do/cybersecurity/professional-resources/csi-best-practices-for-keeping-home-network-secure.pdf?v=1 https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF This is an older version, but I appreciate the level of detail on this one: https://www.dni.gov/files/NCSC/documents/campaign/NSA-guide-Keeping-Home-Network-Secure.pdf
Anytime you purchase a car, the PII is shared amount so many companies/organizations. Best submit a "right to be forgotten" request to the data companies as well as the marketers targeting you, and a "do not share" request to your bank, your state DMV, and everyone else that was involved in the transaction. HTH!
EDIT: PHI/PII