u/Adventurous_Abies347 — reddlx

VMs to split critical and dangerous devices

Hi everyone,

I'm currently running a single VM (Ubuntu) hosting all my Docker containers.

My stack is a mix of:

Critical/Home Services: Pi-hole (DNS/DHCP) or Home Assistant.
Media/Downloads: Jellyfin, qBittorrent, and the arr stack.

And I'm concerned about the potential security risks of the media stack (specifically malware from torrents).

I'm thinking about splitting all my devices in two VMs so I can isolate the dangerous multimedia devices with virtual networks and storage passthrough. The problem is that i don't have a lot of RAM (8 gb) and I’m worried that the overhead of two Linux VMs might starve my services.

Does the cost/benefit ratio of this VM split make sense, or are there more efficient ways to achieve this level of isolation? (I know LXC containers will be better in terms of RAM but I prefer docker)

reddit.com

u/Adventurous_Abies347 — 17 hours ago

🔥 Hot ▲ 354 r/homelab

My first homelab - All second hand and recycled

I’m thinking about migrating the whole system to Proxmox, but I’m worried it’s going to be a lot of work. I’m currently on bare metal Docker. Any thoughts or similar experiences?

Hardware:

PC: HP ProDesk with i5 and 8gb (Running Docker on Ubuntu).
Storage: 2x HDDs salvaged from old TV set-top boxes (only 3€ each).
Networking: Old D-Link router repurposed as an Access Point (AP).
Zigbee: USB dongle for home automation (bulbs and sensors).
Switch: 8 port Gigabit Ethernet.

I'm currently running all the services depicted in the screenshot and using Tailscale for remote acces.

u/Adventurous_Abies347 — 3 days ago

🔥 Hot ▲ 50 r/fastfetch

Fastfetch - Cyberpunk

Some advise to improve the design?

u/Adventurous_Abies347 — 6 days ago