I usually end up doing it very simple with huge /24 ipv4 networks, f.e.
10.100.10.0/24 = VLAN 10 = User devices and purely internal servers
10.100.20.0/24 = VLAN 20 = IoT
10.100.30.0/24 = VLAN 30 = Servers that are reachable from outside
10.100.40.0/24 = VLAN 40 = Guests

The main thing for me is to ensure that traffic that wants to pass between VLANs go through my firewall/router and allow Suricata to do its IPS work.

If you want a webui for the debian server that gives you logs, services, ssh terminal and more then I can recommend checking out Cockpit
https://cockpit-project.org/

If you decide you want to you can install KVM/Qemu on the debian host to get into full virtualization that way. The webui can be used to configure and manage the VMs too with https://github.com/cockpit-project/cockpit-machines

edit: Cockpit also has a Docker manager, though I feel it isn’t full featured yet. I mostly used it to stop and start dockers from my phone.
https://github.com/chrisjbawden/cockpit-dockermanager

Now I can start throwing more stuff on there once I figure out backup for the game world incase I bork it.

Step 1. Find out where the docker image you run saves the volumes
F.e. https://github.com/mornedhels/icarus-server saves here:
Volumes
Volume Description
/home/icarus/drive_c/icarus Server config files and saves
/opt/icarus Game files (steam download path)

Step 2. Find a backup tool you like, f.e. https://docs.borgui.com/

Thanks for mentioning the game, saved it to my wishlist and hope to grab it for some co-op gaming come autumn. :D

Con: Fewer guides, more complicated setup and having to solve the translation from CUDA with IPEX-LLM and so on. Not everything will run.

Pro: Looking at Intel Arc Pro B70 with 32GB for less than half the price of an RTX 5090 sure makes one curious to try it.

Problem with smaller footprint is cooling and how audible it becomes.
One idea is to use fiber optic hdmi cables and a usb extender to hide the pc away in another room.

If you want smaller footprint then the keyword to use is “Unified memory”, it can be reasonable fast for 30B models and a slow thinker mode for 70B ones.

edit: example of a Unified Memory Apple Mac Studio can be found here at $5499 for 96GB RAM
https://www.apple.com/shop/buy-mac/mac-studio/m3-ultra-chip-32-core-cpu-80-core-gpu-96gb-memory-2tb-storage

When it comes to Nvidia GPUs the VRAM is the main thing to look for.
For consumer cards it is:
Entry level - RTX 5060 Ti 16GB RAM with a price point around 500-550 euro
Mid - Buying a used RTX 3090 24GB RAM with a price point around 830 euro when I look at swedish second hand markets
High - RTX 5090 32GB RAM with a price point around 3500 euro

After that you end up looking at the RTX Pro Blackwell cards:
Entry - RTX PRO 5000 Blackwell 48GB RAM ~5300 euro
Mid - RTX PRO 6000 Blackwell 96GB RAM ~10100 euro

It all depends on which models you want to run, you can definitely start playing around with Llama 3 8B and similar models with a 5060 Ti 16GB.

If you’re looking at 24B-30B models you need the 24GB VRAM that RTX 3090 offers and get a larger context window if you go for the RTX 5090.

If you’re looking to run Llama 3 70B then you need to go into the RTX Pro level of vram.

All of this is based on running it with Nvidia cards, there’s also other setups such as Mac Studios with huge amount of RAM. They’re slower but allow for much larger models at the same price point.
You could also run with AMD/Intel gpus but much software is built primarily for running CUDA (and Nvidia) gpus so it’s more work and not always compatible.

I know you said no “monster rack” but I don’t really know what you classify as a monster. :)
An ordinary gaming pc is also a good starter AI pc, so something like this allows you to do both:
https://pcpartpicker.com/list/sFp4qd

I haven’t tried Sync-in but if simple is what you want then a Synology DS225+ should get you up n running quickly.
https://www.androidpolice.com/synology-as-a-google-drive-alternative/

Which part of the seafile install was it that made you back off?
https://manual.seafile.com/latest/setup/setup_ce_by_docker/

Depends on which Piefed instance you’re trying to contact and for what reason.
In the cases of feature requests a good place to start would be piefed.social/c/piefed_meta - !piefed_meta@piefed.social

If it’s about contacting a specific piefed instance then check their about page, f.e.: https://piefed.europe.pub/about

If it’s about helping out with developing etcetera then this page has links that will bring you to the right place: https://join.piefed.social/

What I meant with lifestyle was the fact that vegan used to mean not using any products that cause animal suffering, be it a hamburger, leather shoes or makeup tested on animals. None of it is vegan.

While I don’t believe IaaS to be selfhosting I do believe self-managed services on IaaS should be allowed here. It’s the same software stack and requires the same skills so both parties gain from having the discussion in the same place.
Not because I think selfhosting is a badge but because I think it makes sense to call things for what they are.

But I’m an old grumpy who thinks ovo-lakto vegetarians shouldn’t have been allowed to steal the meaning of vegetarian or vegetarians steal it from vegans (and now we no longer got a word to describe old school vegans that makes it a lifestyle not a diet.)

While splitting Compute and Storage is nice I think the main takeaway should be having your opnsense/router on it’s own physical hardware.
Having your storage separated won’t stop a Jellyfin interruption if you reboot your compute.

For a NAS solution the cheap way would be a used desktop with at least 4 SATA ports, a Linux distro you’re used to and Cockpit installed.

Ah yeah - always a good idea to verify support on the motherboard. I think AMD mbs are usually better on the bifurcation front than Intel ones.
The Startech card I linked is backwards compatible with PCIe 3.0 M.2 NVMe cards, they mention that they’ve tested with Samsung 970 EVO for example, so you can still fill it up with older, cooler M.2 cards even if it supports PCIe 4.0.

An M.2 PCIe card can make most old computers into a good SSD NAS.
https://www.startech.com/en-eu/hdd/quad-m2-pcie-card-b

When nslookup google.com from a laptop on this LAN, it returns Server: 10.2.0.1 Address: 10.2.0.1#53

nonauthoritative answer: google.com with ip information repeated.

I don’t under stand this return as it’s an ip outside my lan net and dhcp provisioning.

I’m unclear on what you’re confused about regarding the above quote. Here comes an explanation of nslookup.
The command is nslookup <domain> <dns-server> and if dns-server is empty it uses your default. F.e.:

***@fedoragaming:~$ nslookup www.google.com 8.8.8.8

The response starts by telling you which <dns-server> it used for the lookup and which address including port was used:

Server: 8.8.8.8
Address: 8.8.8.8#53

It then gives you the answer on where to find the <domain>, once for ipv4 and once for ipv6:

Non-authoritative answer:
Name: www.google.com
Address: 142.251.142.228
Name: www.google.com
Address: 2a00:1450:400f:807::2004

edit: I think I understand your question a bit better now. To check which dns-server you’re using do a “cat /etc/resolve.conf”
If you run a distro with systemd then use the command “resolvectl status”

Sounds like you should look at N3 and N4 then. :)

If you haven’t bought cameras yet then you can always check for one that works with thingino Open-source Firmware for Ingenic SoC IP Cameras

If your N100 mini server has an ITX motherboard with several SATA ports then changing the case to something like a Jonsbo N2 might be a solution that works better than USB.

Depends on the operating system of the NAS, but generally the NAS will want to format the drive. Even if you can somehow get it running without a disk format you’re generally in an unsupported configuration.

A big point of a NAS in my mind is to run some sort of redundancy, which means you will want to setup a RAID on the drives in the NAS, and that in turn means that my recommendation wouldn’t be to chuck existing drives into the NAS solution but to setup the NAS drives and then copy your data to it.

Dedicated NAS hardware storage is usually accessed over SMB, NFS or SFTP and most software has support for one of those protocols.
Some services can have hiccups when running against networked storage, f.e. Jellyfin might lose library metadata if the Jellyfin service’s library scan is started and the networked storage is unavailable.

We’ve done our first crypt this playthrough then we got busy building rest stops and roads, farming and all that. Good job getting to the mistlands!