Same way I do at work. Different accounts and passwords for each service internally. Any service exposed to the net (game and email servers mostly) is on a segregated network and each machine has unique credentials to help prevent lateral movement. Self hosted Bitwarden tracks it all.

I do it for the same reason I require outbound firewall rules for almost everything on my home network - I’m a masochist.

I always buy new because time spent fixing a problem or recovering data with a used drive ain’t worth it to me. It may be to you. A manufacturer refurb might be ok, in fact I do buy refurb monitors sometimes, but not data storage.

OPNsense all the way. I run it in a VM. I ran PFsense for years then finally went through the pain of migrating. It was worth it for the UI improvements alone. PFsense also corrupted itself twice in about 4-5 years of running it, requiring restores from VM snapshots. OPNsense has been rock solid but it’s only been 2 years since I migrated.

I have used openwrt but only for a WiFi AP, not as a real router. I’ve since moved to a Unifi AP which works fine, but I won’t buy their stuff again for other reasons.

I ran it on Hyper-V for many years. Still running OPNsense that way. It manages 4 VLANS, RDNSBL, a metric ass ton of firewall rules, and several VPN clients and gateways, with just 2GB of ram and 4 virtual procs. It works and doesn’t even breathe hard.

Do additional research on the models you’re interested in. Unfortunately they don’t all play nice with 3rd party software but the ones that use open standards are good bang for the buck.

2 of my Reolinks are on Wi-Fi and work fine. It depends on the model.

I use Reolink cams with BlueIris software. None of it has access to the internet. Works fine.

That’s why I also do backups, as I mentioned.

I actually run everything in VMs and have two hypervisors that sync everything to each other constantly, so I have hot failover capability. They also back up their live VMs to each other every day or week depending on the criticality of the VM. That way I also have some protection against OS issues or a wonky update.

Probably overkill for a self hosted setup but I’d rather spend money than time fixing shit because I’m lazy.

Exactly right, anyone recommending those doesn’t understand how they work.

Sorry it took a while, I’m currently on vacation! But I had some time to reread it and sanitize it for public sharing. Here you go:

ok yikes, Lemmy really didn’t like me pasting all that code even in a code block. I’ll have to put it up somewhere else, stand by.

Hopefully this works better: Pastebin link

I doubt you’ll find something off the shelf for this. I wrote a powershell script that deduplicates lists and also does a pass over the results to convert any blocks to CIDR notation. If you’re interested I’ll share it.

But honestly you could probably have ChatGPT whip this up for you in your language of choice. It’s pretty straightforward.

There’s nothing special about it. It’s just a (old) computer. I always recommend homelabbers just use regular PCs. Rack form factor servers have a use case and your closet or basement ain’t it. I’ve racked, stacked, and managed enough HP hardware to know not to bring any home. The people telling you to recycle it are correct.