This is a fun little rehash of the “what naming scheme should I use for my servers” discussion that will never end.

I agree, I use fun cutesy shit as aliases and whatnot but actual hostnames are boring and logical.

I use atomic moves. I used to have everything configured to land in a staging directory and once ready for it to “go live” move it to the appropriate location and kick off a scan.

Using a .ignore file is probably the simplest though.

Are you okay? They asked a very specific question and you’re coming in with answers that don’t matter.

When did I say anything about dhcp or mention randomized mac being a silver bullet for privacy? Your opinion on how effective it is or isn’t has nothing to do with the fact that they can turn it off for their network and it will solve the issue they’re asking about.

Eh, in pihole mac or ip address is a valid way to add a device to a group so you can give it a different policy. I have multiple access points but they’re not meshed so if I randomized I’d have to have multiple client entries for a single device. Or turning off randomization for my trusted networks means just 1 client entry.

Assuming Android, you’ll want to deselect randomized MAC for your wifi. No reason to randomize on a trusted network. You can turn it off on a per network basis.

In an ideal world I have multiple vlans for studf like iot, security cameras, my personal devices, my family’s personal devices, and various ones for lab stuff (externally available apps, critical apps, etc.)

Networking is my biggest neglect and learning it to start fixing things feels pretty daunting when I only have an hour or so some nights to tinker. I’ll get there eventually though.

The biggest thing keeping from doing an LXC per app is a poor decision when I first set the lab up, I only gave it a /24 and didn’t separate out iot/user devices/servers so I’m flirting with exhausting the IPs. I’m planning on setting up opnsense soon so that should take care of it. I have a few different servers with apps grouped by type/priority and then running podman for the containers inside. It works well and I probably shouldn’t change it for no real reason.

I don’t have a really good reason not to use LXCs right now. I use VMs because that’s what I knew when I started with Proxmox and the Internet seems pretty divided on when each one shines over the other. The goal of my switch to podman was twofold: switch to rootless and use something with better systemd support. I was hacking together unit files for docker using some pretty dumb tricks, none of that is necessary with quadlets though.

What’s the benefit in your eyes for LXC over VM? I don’t run Windows or anything so using the host kernel isn’t an issue for me. I do sometime have problems with OOM kills taking out a VM though, but my understanding is if it were an LXC that kill could have hit a much more important process than my general apps VM.

E: As far as Fedora under IBM… I don’t like it either. I’m relatively prepared to jump back to Debian though, I’ve kept my Andi key playbooks updated for both Fedora and Debian just in case I have to go back.

This is what I eventually settled on too. Switched servers to Fedora last year though as part of switching from docker to podman.