toma

None. Just use everything in the VM’s. Yes that’s over committing, but who cares if the lead normally is reasonable and you can watch the ’summary’ in pm to see how the system is doing. Stop worrying, grab the proxmox iso and have fun

You would have 12 GB ram shared over all the dockers. I think you will be fine. Unless everything will be used intensively continuously. But that’s my opinion. Just give it a shot, nothing to loose. Promox itself does not take so much. So if it it does not run in this setup you need different hardware anyhow.

I don’t like the solution of running docker next to proxmox, not in a vm, you want proxmox to respond even if the docker vm is busy/overloaded.

In terms of backup you should be good. I would skip that weekly local backup construction, not sure what that adds if the off site backup is working reliable. I’ld format that one and add proxmox to it and make proper use of it (like a second docker vm)

Yeah, that will work fine! I've a similar setup and it works fine. 2 VM's for stuff that needs a VM and a bunch of docker containers in a separate VM.

And your Nginx will work fine in Docker. Set it up on a random port and route from the modem/router to that random port and from there to your VM, so something like 443 on modem goes to port 8443 on the ip of the VM running docker.

It also gives you the possibility to later on add a second server with Proxmox, put them both in a cluster so you can easily move one of your VM's to a second node.

Final advice is that Tuxis is offering 150GB of free Proxmox backup service. So you can use that for some important VM's to be stored off site for free (encrypted of course) with full support within your Proxmox environment to create or restore backups (or even restore some files from inside the VM). See https://www.tuxis.nl/en/ordering/?case=PBS and https://www.proxmox.com/en/proxmox-backup-server/overview

Check the wa level in top, if it is high the system is waiting for hardware to process stuff. If it is high, check with atop of disks are red.

In such cases I almost always see some hardware but failing, networkcard or switch falling, harddisk/NFS stuff falling, memory falling. Hope this helps

I had very similar wishes, but settled on a Velica (GL-B2200). It comes with OpenWRT out of the box, and can be flashed to the newest version. It has great WiFi coverage, which is nicer than top speed imho. Downside is only 1 wan and 1 lan, but with a VLAN and a separate switch it might be ok for you.

Just answer them with a little explanation like you did here, you will be fine. Done that, been there.

They just want to protect against people buying lots of servers for a short time, then not paying or doing ddos shit.

Make sure you are not an open relay.

If you also sent mail, make sure you have setup dkim and spf and dmarc

Check if the router has the possibility to isolate the lan port. That way the port on the router can not talk to other devices in different ports or wlan.

Second possibility is to check if the router supports VLAN. If so you can put the TV or a port on a separate VLAN.

If all that is not possible, consider removing the cable and connect the tv wireless. That way you can put the tv on the guest WiFi network. That should come with isolation by default.

If you don’t want that either, you can resort to extra hardware. Any device with two lan ports could do. Make one port a dhcp based wan port connected to the current network and the other port goes to the tv. Run a dhcp server and nat and you have the tv isolated.

You can use Bind or any other nameserver-server.

But this is one of the things you might want to reconsider. Setup errors might slip in silently and might be hard to diagnose. Complying to the standards like DNSSec and IPv6 on the nameserver might be a challenge without experience.

Next to that, you probably can’t register the domain itself without a third party, and I always advice to not use a different party for nameservers than the party that registered the domain.

Laat point I want to bring up, I would advise against combining name servers with other services, as it is crucial for operating the services, you are creating one giant point of failure. Keep it separated. Seperate hardware

That said, if you accept all these dangers, it’s technically doable. Open the right ports, configure the zone, setup master and slave, read up on glue records, register the name server if needed, setup DNSSec and set the correct name servers in the domain at the party you registered the domain.

I’ll give you a pointer, the rest is up to you how to apply that in LXC

https://www.cyberciti.biz/faq/howto-get-linux-static-dhcp-address/