Then I would stick with ZFS if you’re already familiar with it.

I’m not at all familiar with ZFS. It’d be part of the learning curve as is Proxmox as a whole. But I consider knowledge about both as useful.

LXD is a management system for LXC containers. If you’re just starting out, stick, with LXD. It’s much more user friendly.

I will stick with LXD for containers then if I don’t use a VM.

Not really. I run a VPS which acts as a reverse proxy for my docker setup, which has non-local storage via NAS. I don’t particularly see a point in fragmenting docker like that, but if that’s how you want to roll, then go for it.

This due to my lack of experience with Docker and backing up all properly to do a complete restore. It looks like I have learning curves in more than just one area ahead of me.

I very strong advise against this. But it’s perfectly possible. You’re just at the whim of the airwaves. I live near a main highway and sometimes when large trucks go by, I lose WiFi for a quick second. Really fucks with certain things.

Yeah, nothing beats a setup, where each network interface is the maximum size of a collision domain.

Yes. Nothing wrong with software firewalls.

Gotta get ahead of that old school me that thinks running a software on a different hardware plays a crucial role in the threat model.

Also yes. Particularly (like I have setup) I have a software firewall that tunnels my local vLAN to my VPS, and then everything else is further bisected using a hardware firewall–so all outside incoming requests are proxified by my VPS meaning any direct connections are dropped by the software firewall, then I manage ports from within the hardware switch.

That’s a setup I may borrow from you :)

Hopping in here to mention Proxmox Helper Scripts . They have many scripts that help you set up LXCs with software you may be using, including the full aar stack.

I got made aware of these scripts by @Krik@lemmy.dbzer0.com already, but thank you for pointing me to this very helpful resource!

I tend to test things in a dedicated new VM, to get a feel for it, make sure I need to add it to my permanent services. If it does, I try to find a way to run it via LXC, and if that is too complicated/won’t work, I have a dedicated docker VM I throw it on. Everyone will answer the “LXC/VM/Docker” question differently, and they will all be correct. What is easiest for you is the right way.

I suppose I will go that road for new things I’m about to try out if it’s as easy as spinning up another VM or LXC.
Replicating services provided by the RaspberryPis and the mini PC I think I will try the LXC way and see how far I get.
This is leaning heavily on the experience of @Krik@lemmy.dbzer0.com regarding performance advantages of LXC over VM.

I run a VM with opnsense as my network firewall. Moved it from a hardware install. I don’t see any issues, and there are loads of times it’s saved my ass having it backed up as a VM.

Not having to deal with a dedicated piece of hardware/configuration is for sure in favour of a virtual firewall.
Then again the configuration of the firewall is pretty static, unless I plan on adding services in the firewall zone that need to reach the rest of the local network. I need to mull over this some more.

Slam as much ram as you can afford/fit inside the computer too. Every time I think I have enough, I always find I have need/use for more.

64 GB has pretty much reached the limit, if I don’t want to throw the 4 DIMMs away and purchase a new set. Let me find out how far that carries me.