It really depends on which Socket Services the container requires. If you have a lot of containers that all need the same set of Socket Services, you could potentially use a single socket-proxy to serve all of them (in theory, I think).

I usually run one per stack, sometimes more if I have a container within my stack that requires more/different Socket Services to the other(s).

I’m not a docker expert though, so I’m not sure I can say what’s recommended. If you find/get a more authoritative answer on this question, I’d be interested to know.

PfSense is another choice, if you want something with a more polished UI.

The risk is certainly lower if you’re not exposing services to the internet, but that’s not the only way to end up with a rogue container. I use docker-socket-proxy for most of my stacks that need socket access. It can sometimes require a little bit of troubleshooting to understand what services you need to proxy, but I’ve had a pretty good success rate. Reading the logs from the socket-proxy and referring to the Docker Engine API documentation will help you to understand what Services you need to enable in the socket-proxy config.

Are you interested in the networking side of self hosting? If so, you should get a better router, something you can run OPNsense or similar on. There are other “options”, but they’re workarounds that avoid fixing the real problem.

FreeIPA, Zitadel.

They don’t want people installing GrapheneOS on them.

If possible, don’t play in a completely dark room, have a dim light on, so your eyes are not as shocked when hitting a white screen.

You might want to check out the self-hosted communities on Lemmy for more info.

If you want to use Cockpit, the 45drives Cockpit modules make dealing with SMB easier. I think TrueNAS is a better option. If you want more flexibility, then Proxmox VE is a popular choice.

I think I’ve seen this one before.

Untrusted devices should really be on their own VLAN. You will have much better control over them and their ability to reach out to the net, or gather info on your network and other devices. Some IoT devices have their DNS hardcoded, so they will ignore your Pihole anyway - you will need to redirect the DNS with outbound NAT to combat this.

I can see another John Oliver episode incoming.

I don’t have one myself, but several of the guys on YouTube use them. See “The Home Automation Guy” or “Smart Home Solver“. I can’t remember the brand they use.

If you’re not using a VPN, it’s possible your ISP is throttling your connection when it sees p2p traffic. Just another thing to look into.

And Sweden, just this week.

Worth noting that this is from 2016.

Good album, so many great tracks.

Yep, Aussie here. Not a very good gardener though.

Smarter Every Day, Veritasium

Before you move to Linux, have you had a look at OpenCore Legacy Patcher? It will allow you to install newer versions of MacOS on your unsupported MBP. Mr Macintosh’s channel on YouTube is a good resource for this.

Have you considered other approaches, such as Tailscale or Cloudflare Tunnels? I think you’re complicating things.