Well, this solves nothing. I don’t really know what’s going on with Thunderbird but it is looking like a piece of crap, the latest UI changes made it worse, a few months after the other revision that was actually much more visually pleasing. Is it that hard to look at what others do instead of adding random boxes everywhere?

Anyways, the worst part is that right now Thunderbird wastes more RAM than RoundCube running inside a browser with the Calendars and Contacts plugins. Makes no sense.

Well… If you’re running a modern version of Proxmox then you’re already running LXC containers so why not move to Incus that is made by the same people?

Proxmox (…) They start off with stock Debian and work up from there which is the way many distros work.

Proxmox has been using Ubuntu’s kernel for a while now.

Now, if Proxmox becomes toxic

Proxmox is already toxic, it requires a payed license for the stable version and updates. Furthermore the Proxmox guys have been found to withhold important security updates from non-stable (not paying) users for weeks.

My little company has a lot of VMware customers and I am rather busy moving them over. I picked Proxmox (Hyper-V? No thanks) about 18 months ago when the Broadcom thing came about and did my own home system first and then rather a lot of testing.

If you’re expecting the same type of reliably you’ve from VMware on Proxmox you’re going to have a very hard time soon. I hope not, but I also know how Proxmox works.

I run Promox since 2009 and until very recently, professionally, in datacenters, multiple clusters around 10-15 nodes each which means that I’ve been around for all wins and fails of Proxmox. I saw the raise and fall of OpenVZ, the subsequent and painful move to LXC and the SLES/RHEL compatibility issues.

While Proxmox works most of the time and their payed support is decent I would never recommend it to anyone since Incus became a thing. The Promox PVE kernel has a lot of quirks, for starters it is build upon Ubuntu’s kernel – that is already a dumpster fire of hacks waiting for someone upstream to implement things properly so they can backport them and ditch their own implementations – and then it is a typically older version so mangled and twisted by the extra features garbage added on top.

I got burned countless times by Proxmox’s kernel. Broken drivers, waiting months for fixes already available upstream or so they would fix their own bugs. As practice examples, at some point OpenVPN was broken under Proxmox’s kernel, the Realtek networking has probably been broken for more time than working. ZFS support was introduced only to bring kernel panics. Upgrading Proxmox is always a shot in the dark and half of the time you get a half broken system that is able to boot and pass a few tests but that will randomly fail a few days later.

Proxmox’s startup is slow, slower than any other solution – it even includes management daemons that are there just there to ensure that other daemons are running. Most of the built-in daemons are so poorly written and tied together that they don’t even start with the system properly on the first try.

Why keep dragging all of the Proxmox overhead and potencial issues, if you can run a clean shop with Incus, actually made by the same people who make LXC?

You may not want to depend on those cloud services and if you need something not static, doesn’t cut it.

Why only email? Why not also a website? :)

“self-hosting both private stuff, like a NAS and also some other is public like websites and whatnot”

Some people do it and to be fair a website is way simpler and less prone to issues than mail.

If you did you would know I wasn’t looking for advice. You also knew that exposing stuff publicly was a prerequisite.

Proxmox will not switch to Incus, they like their epic pile of hacks. However you can switch to Debian + Incus and avoid that garbage all together.

That’s a good setup with multiple IP, but still you’ve a single firewall that might be compromised somehow if someone get’s access to the “public” machine. :)

Kinda Scenario 1 is the standard way: firewall at the perimeter with separately isolated networks for DMZ, LAN & Wifi

What you’re describing is close to scenario 1, but not purely scenario 1. It is a mix between public and private traffic on a single IP address and single firewall that a lot of people use because they can’t have two separate public IP addresses running side by side on their connection.

The advantage of that setup is that it greatly reduces the attack surface by NOT exposing your home network public IP to whatever you’re hosting and by not relying on the same firewall for both. Even if your entire hosting stack gets hacked there’s no way the hacker can get in your home network because they’re two separate networks.

The scenario one describes having 2 public IPs, a switch after the ISP ONT and one cable goes to the home firewall/router and another to the server (or another router / firewall). Much more isolated. It isn’t a simple DMZ, it’s literally the same as two different internet connections for each thing.

Debian.

Complete history of Ubuntu: a lot of highs, a lot of lows bugs and poor decisions.

There, fixed for you.

The nixCraft headline is stupid, just because you are running on IPv6 without any NAT doesn’t mean your router doesn’t block incoming IPv6 traffic to hosts on the network - this is actually the default in 99.9999% of devices.

Looks cool, but well the Linux app ecosystem and the inability to standardize anything and/or have simple binaries. I really don’t get the people that go for Linux for privacy/preservation/not-dependent-constantly-on-the-internet and then everything is a repository hosted somewhere that’s hard to archive or crazy container-like formats.

Because Europe, but as you can see the OpenWrt One makes no sense when the BPI-Wifi5 is half the price and the R3 is a 35€ more expensive but has multiple ethernet posts, SFP and a ton of other IO. In fact even for the US market I don’t see the price of the OpenWrt One making any sense, because the others are cheaper over there as well.

I have no complaints about their QC but well, samples are samples.

Or… a decent Openwrt router like the Banana Pi BPI-R3. I believe the only argument for those kinds of devices is the Wifi support but I don’t believe the price and specs on the device shared by the OP are reasonable at all. If you don’t need Wifi, then yes, a good SBC and a cheap switch will be a much better alternative.

https://wiki.banana-pi.org/Banana_Pi_BPI-R3.

It didn’t. The article and the marketing around the device is all bs. https://wiki.banana-pi.org/Banana_Pi_BPI-R3

Yeah would be way more smart to do the opposite.

Check this out, the router from the link for someone in Europe:

Now the other ones:

I guess you get the point, all Openwrt routers and the last one is much much better in all ways.

This device specs vs price aren’t appropriate in any way. There’s no point paying 100€ for something that only has 2 Ethernet ports, doesn’t have modern WiFi and only 1GB of RAM and an older CPU.

Besides the whole title and movement is a but misleading because the guys from Banana Pi shipped multiple boards already that are built for OpenWrt and have things like WiFi 6 in that price point. One of them is the “Banana Pi BPI-Wifi6 Router” for 60€ and more expensive the Banana Pi R3 that that just makes a lot more sense.