I’m not familiar with the Ben Eater series, but there are certainly a couple options to check out.

Mark Ferneaux did a fantastic series on the workings of pfSense. It’s a little dated, but the core concepts are still sound and apply to networking generally.

There are also several sites that do in-depth networking topics with a focus on certifications. My favorite of the bunch is Viatto.

I also quite like The Network Berg, though his videos are specifically focused on Mikrotik.

The thing that immediately came to mind was mailpiler.org. It’s been on my list to stand up for a while, but I’ve never got around to it.

My go-to for this is a plain Debian or Ubuntu container with Cockpit and the 45Drives file sharing plugin. It’s pretty straightforward and works pretty well.

My use of Mikrotik is somewhat limited, but I’m testing I’ve found routing between VLANs to be pretty performant. The key is to offload that routing to the hardware, which not all configurations allow. Check out the Network Berg’s YouTube channel and you should get a good idea.

You’ve got some decent answers already, but since you’re getting interested in ZFS, I wanted to make sure you know about discourse.practicalzfs.com. It’s the successor to the ZFS subreddit and it’s a great place to get expert advice.

I’ve never heard anyone else mention them, but I’ve had really good luck with https://www.ssdnodes.com for the past several years. I don’t recall ever using their support, but I did have a policy question before buying when I first signed up and they were pretty quick to reply. I think I found them on LowEndBox.

If you’re looking for something more or less in the same footprint, I understand those cheap Wyze cameras can be used. There are alternative firmwares available that can be flashed to them to open up the rtsp stream to whatever self-hosted recorder you’d like. Haven’t tried it, but have heard it mentioned on the Self Hosted podcast.

It’s been on my agenda for a while to set up a Matrix server with an iMessage bridge with the idea I could interact with all of my message protocols from one place. I haven’t gotten around to it, but it might be worth a look.

Sorry to say I’ve never heard of spaceship, but wanted to make sure you know that Cloudflare now has a registrar service, so if you’re already using them for DNS, that might be worth a look for you.

This is the route I went as well. I have a couple MPU2016s at different sites. Like, u/aodhsishaj indicated, they’re pretty cheap on the used market; just bear in mind that you’ll need a module for each machine. I think this makes sense if you have multiple machines, but I’m not so sure mine can power cycle connected machines (as in with AHCI controls). I can, however, reboot from the command line and interact with BIOS, etc.

Gotcha. That makes sense. My own thoughts are that if you mitigate all of the attack surfaces you can, it ends up coming down to the robustness of the particular app. I’ve never played with keycloak, so can’t speak intelligently about that, but I’ve got authentik setup in a similar configuration. I limit access so the only way in is via either the reverse proxy or the PVE console and basically keep an ear out for security and software updates.

As I type this, it occurs to me that perhaps there’s a fail2ban integration that could be added to limit credential guessing at the keycloak webui.

Encryption would be a good idea between the service and the reverse proxy. I’d also look into Proxmox firewall, which is pretty robust. Here’s the link to the documentation: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#chapter_pve_firewall. Definitely worth perusing.

Since you’re new to this and therefore probably haven’t set up too much infrastructure yet, let me put in a plug for ZFS for the file system underlying your data. That will unlock for you snapshots and the ability to send very efficient backups off site to another ZFS pool.

There are commercial offerings for all this (I think rsync.net will give you a ZFS target), but I essentially have a second NAS set up at another location for the purpose.

Beyond that, I’m also a big fan of BackBlaze B2, which can give you object-based online storage.

As far as what to back up, that’ll depend on your setup. I usually find it simplest to backup my entire VM and do recovery by restoring the VM.

That’s a bummer. Might be worth running an iperf test between your machine and your dad’s just to get a baseline speed. Could be something in between your two networks is routing slowly.

Do you want the entirety of a directory system uploaded? If that’s the case you could use syncthing to just share the source directory. Then your dad wouldn’t have to move anything. Add in something like Tailscale or ZeroTier and you could control all the syncthing settings from the webui.

This is excellent timing for me. I was just taking a break from working on setting up whisper.cpp with a web front end to transcribe interviews. This is a much nicer package than I ever had a chance of pulling together. Nice work!

I think there’s an Odoo module that does this. Might be overkill for just that, though.

If you’re not familiar with it, check out lowendbox.com. You can very often find good deals there; not all of them are reliable in the long run, but I’ve found several hosts that have been just great.

Check into Cloudflare tunnel or Tailscale funnel. Those are two of essentially the same type of product that take out most of the work of getting you around CGNAT.

You can do this with something like Nextcloud. Just set up a folder shared by a link and you’re able to make it a drop box of sorts that anyone can upload to.

Obviously, be careful allowing arbitrary uploads from the whole internet. I’d set a time limit on the share so people can’t upload junk forever.

The folks replying here have pretty much hit the nail on the head. Adding your home network to that AllowedIPs line in the confit file should do the trick.

Someone else mentioned Tailscale, which would be another great option—with a web UI to dial in routes.

There’s not a lot of information to go on here, but my first thought is that you haven’t configured your VPN to route to the local network. So, while you may be getting a connection to the VPN server, your computer doesn’t know where to send traffic for Cockpit.

There is usually a way to push those routes to the client from your con server.

I think you can do this with key files and a systemd-timer at boot. I’m not near a machine right now to post how I’ve done it in the past, but I’ll try to remember to come back to this when I can.

It may be helpful to know that the former r/zfs community has migrated to a Discourse server at practicalzfs.com. Might be worth asking there for some expert advice.

Haven’t tried netbird, but I do like Tailscale and headscale. Last time I looked at all these, I landed on Netmaker, which might be worth a look. It’s WireGuard based and has a nice web ui for management.

There’s a pretty interesting series on the topic at Tall Paul Tech’s YouTube channel (here’s the most recent: https://youtu.be/WFso88w2SiM). He goes into quite a bit of detail over the course of a few videos about how he handled everything and highlights some of the trials and tribulations with the isp. It’s not a guide per se, but definitely stuff worth thinking through.

I think what you’re describing can be accomplished with docker-compose’s depends_on option. I’m not certain how it works across compose files, but that would be the first place I’d look.