The biggest thing keeping from doing an LXC per app is a poor decision when I first set the lab up, I only gave it a /24 and didn’t separate out iot/user devices/servers so I’m flirting with exhausting the IPs. I’m planning on setting up opnsense soon so that should take care of it. I have a few different servers with apps grouped by type/priority and then running podman for the containers inside. It works well and I probably shouldn’t change it for no real reason.
Ah - yeah ive got trunk to each of the machines in my clusters, 9 vlans total, and of course I can add more whenever this way. I’m a bit of a glutton for naming and numbering structure too, so the purpose of the service determines which VLAN its on. Like Home Assistant has just about its own vlan, with sensors and misc tools in support of it all there. A different one for IoT devices by others (that I will never trust with internet access, so its initiate from another VLAN on the FW only, outbound can’t be initiated from any device on it, etc), one for work thats part of a site-to-site with work, with a few ports on the switch allocated that I can just plug in ad hoc, etc.
Definitely helps to have the range to play it this way!
In an ideal world I have multiple vlans for studf like iot, security cameras, my personal devices, my family’s personal devices, and various ones for lab stuff (externally available apps, critical apps, etc.)
Networking is my biggest neglect and learning it to start fixing things feels pretty daunting when I only have an hour or so some nights to tinker. I’ll get there eventually though.
Its well worth it IMO, makes service segregation so much easier. It may help to toss a router off your main network, and start experimenting that way, give you a decent place to mess things up - which is, again purely my opinion, one of the best ways to learn.
The biggest thing keeping from doing an LXC per app is a poor decision when I first set the lab up, I only gave it a /24 and didn’t separate out iot/user devices/servers so I’m flirting with exhausting the IPs. I’m planning on setting up opnsense soon so that should take care of it. I have a few different servers with apps grouped by type/priority and then running podman for the containers inside. It works well and I probably shouldn’t change it for no real reason.
Ah - yeah ive got trunk to each of the machines in my clusters, 9 vlans total, and of course I can add more whenever this way. I’m a bit of a glutton for naming and numbering structure too, so the purpose of the service determines which VLAN its on. Like Home Assistant has just about its own vlan, with sensors and misc tools in support of it all there. A different one for IoT devices by others (that I will never trust with internet access, so its initiate from another VLAN on the FW only, outbound can’t be initiated from any device on it, etc), one for work thats part of a site-to-site with work, with a few ports on the switch allocated that I can just plug in ad hoc, etc.
Definitely helps to have the range to play it this way!
In an ideal world I have multiple vlans for studf like iot, security cameras, my personal devices, my family’s personal devices, and various ones for lab stuff (externally available apps, critical apps, etc.)
Networking is my biggest neglect and learning it to start fixing things feels pretty daunting when I only have an hour or so some nights to tinker. I’ll get there eventually though.
Its well worth it IMO, makes service segregation so much easier. It may help to toss a router off your main network, and start experimenting that way, give you a decent place to mess things up - which is, again purely my opinion, one of the best ways to learn.