On Mon, 17 Apr 2023, Stefan Monnier wrote:
That said, using one computer as router, firewall, file server, name server, web server, and more represents "all of your eggs in one basket". I suggest using dedicated hardware for networking, network segmentation (e.g. DMZ), and kernel or hypervisor compartmentalization of services.Dedicated hardware has its upsides, indeed, but it also has its downsides (e.g. in terms of impact to the planet).
This is very true. I switched to using one of these: https://www.asrockrack.com/general/productdetail.asp?Model=J1900D2Y in a xen configuration, from multiple hardware - but multiple services on one hardware instance. it's low power and fanless and has built in IPMI. For me that ticks all the boxes I need. Having each of nameserver, dhcp server, web server, firewall, "file server"[1] etc, running on separate guests makes upgrading so much simpler too. I used to dread upgrades, now they're relatively painless. [1] I don't really run a fileserver but I do run iscsi targets.