I am doing a complete overhaul of my home network and moving everything (router, virtualization server, file server, media server, home automation server, web server, etc) to PVE running on a NUC with a couple extra USB dongles. Only the router/VPN server are accessible from the internet. My question is on a home network should VEs run only a single service or should VEs run all related services?
For example, should I run OPNSense/OpenWRT as a router in a VE or should I create separate VEs for routing, firewall and DHCP. If I go with OPNSense, what do I do about "addons" like a VPN server and ad blocking? Do I run them in OPNSense or do I run them in their own VEs. My main goal is to make things easier to maintain. If I run OPNSense and it crashes beyond repair, I would have to rebuild everything. If I keep all the services in separate VEs, I would only have to rebuild the service(s) that crashed, but with multiple VEs I would have to maintain the communication between the VEs/services that OPNSense handles behind the scenes and do general maintaince on each VE. I don't have enough experience to know where the dividing line is.
In addition to the router, the other "top level" VEs that I could image breaking up or adding additional services to are a NAS running Open Media Vault (e.g., Plex could run in the NAS VE or in its own VE and I could split the NFS, SMB, and backup services into their on VEs) and home automation server running Home Assistant.
For example, should I run OPNSense/OpenWRT as a router in a VE or should I create separate VEs for routing, firewall and DHCP. If I go with OPNSense, what do I do about "addons" like a VPN server and ad blocking? Do I run them in OPNSense or do I run them in their own VEs. My main goal is to make things easier to maintain. If I run OPNSense and it crashes beyond repair, I would have to rebuild everything. If I keep all the services in separate VEs, I would only have to rebuild the service(s) that crashed, but with multiple VEs I would have to maintain the communication between the VEs/services that OPNSense handles behind the scenes and do general maintaince on each VE. I don't have enough experience to know where the dividing line is.
In addition to the router, the other "top level" VEs that I could image breaking up or adding additional services to are a NAS running Open Media Vault (e.g., Plex could run in the NAS VE or in its own VE and I could split the NFS, SMB, and backup services into their on VEs) and home automation server running Home Assistant.