If you have a Managed Switch with VLAN capabilities, then your new proposed idea and layout make sense.

Your current setup kind of looks like it’s double NAT. Which is not great. You want the Protectli router to be the first device after the Arris Surfboard modem. Have the modem be in only modem/bridge mode. We do not want to use the Arris as a router.

Mikrotik CSS610-8P-2S+IN - $200
8x Gigabit PoE-out ports and 2x 10 Gigabit SFP+ ports.

Miktrotik CRS328-24P-4S+RM - $500
24 port Gigabit PoE with 4x 10Gbps SFP+ ports.

You probably want to run all of that on bare metal in containers with Docker or Kubernetes.

Containers let you easily share resources between them, because they all share the same kernel. VMs are harder to share hardware resources with, as you’re finding out.

I was not sure if I should run a LXC container for each docker, or have a single LXC with everything (exception xrdp / XFCE). I don’t know what would be good practices…

LXC is a container. I don’t think you would want to run Docker inside LXC. That’s running a container inside a container. I’m a noob though.

Normally, you run one app per container, or one set of apps per container if they are closely related. You could run all the Plex suite apps inside a single LXC container and Windows alongside it in Proxmox. Or you could run each app inside their own LXC container.

Alternatively, you could run them all in individual Docker containers on bare metal Ubuntu, but not have the ability to install Windows or other OSes.

I use TrueNAS (ZFS) over Unraid because I wanted maximum data reliability. I needed a system with high integrity that I could deploy on multiple computers for backups. Unraid takes less planning and is more forgiving on hardware selection though.

TrueNAS, Unraid, and Synology DSM are all software RAID solutions.

OpnSense is the way to go. It has a good web UI. It’s robust, featureful, and has wide and growing deployment.

Pfsense is mired in controversy, they attacked their peers, and the owners are not honest. The open source Opnsense project had to appeal to the WIPO to force Pfsense to give them their named domain after Pfsense squatted on it and posted inflammatory messages. They aren’t great stewards.

Windows is okay to start. There’s nothing wrong with putting Plex on there, sharing some folders, and having a little server.

You can get more performance and more features for running Linux though. It’s more reliable and you can get more help, because that’s the tool people use. There is a learning curve though.

For a storage server, Linux works well as a NAS (Network Attached Storage). It supports SMB, which is the protocol Windows uses to share files. A Linux server will be able to share files with a Windows PC.

Also if I switch to an open port through my router and send the containerized plex port through it, would that be any risk for my home network?

Not when done properly. Billions of servers open ports. There are 16 million Plex users.

Think about this, have you ever considered the possibility your router by Linksys, NETGEAR and D-Link is easy to hack and has been hacked?

There is a risk involved with any software and network. Plex is a popular app with lots of resources and development behind it though. A VPN like Tailscale can add another layer of security, but its not a requirement to run a secure server.

If they’re Cat5/6 cables, in the U.S., they’re low voltage and don’t need a licensed electrician.

You’re supposed to support the cables by attaching them to the surface. You’re not supposed to leave them dangling or lying. They don’t require a conduit though. If you get quality outdoor Cat6 cables, they’re probably well protected in a dry covered chimney.

Using a VPN just means I don’t get personalized ads, just random ones.

You can ask Google for non-personalized ads too, its in the settings. They will track you either way.

I pay for a YouTube premium family plan and because Google actively incentivizes it, 4 of my friends get it for free as well.

That’s not possible. Your friends have to pay or watch ads themselves.

If it were possible for some people to pay and others not to pay, then YouTube would have survived for over a decade, including periods of profitability, even though some people blocked ads. Oh wait…

It’s definitely not because YouTube has 2 billion viewers and expanded to all regions of the world, and there only real way to increase revenue is to squeeze the existing customers.

Its more than enough computer performance for those tasks. If it comes with a case, memory, storage, etc. It’s not a bad price. It has an Intel integrated GPU with QuickSync Video which is good for Jellyfin hardware accelerated transcoding.

Put a smaller box/table/shelf underneath the black table. Now you have three layers (floor, small table, big table) to put stuff. You can even add a tablecloth on top if you want to cover the stuff underneath. That will make it look neat and tidy for $0.

Parsec has the lowest latency of any large free remote view software.

You can get 10 ms round trip on LAN, which is less than 1 frame at 60 FPS. You need Intel CPUs with QuickSync Video or nVidia nVENC GPUs. nVidia has the fastest hardware acceleration of anyone. On both the client and host. A Raspberry Pi isn’t supported by Parsec anymore. It’s not the best choice for this type of thing. A $150-$200 mini pc would be the best.

The UPS on power outage will drop power to devices plugged into it.

Have you ran a Test button to see if the UPS works / battery works and actually provides power? A component may have failed inside the UPS, the battery may be bad, or the wire connection may be poor. Did everything work, tested with no power, with the previous batteries?

The UPS does not power back on when power is restored.

That’s normally a setting that’s configured. Staying off is safer, in case the battery didn’t get enough time to charge back up and power immediately goes out again.

Used Dell Optiplex can be a good value. Can get 6 cores, an expansion slot, Intel QSV for Plex. Might not have space or PSU connections for HDDs, because most cheap, small PCs have SSDs these days.

A lot of the cheap mass produced PCs will have limited motherboard/PSU combinations. Even if they have a SATA port, they’re probably not going to have multiple HDD power connections. You would run into that problem with the HP Elitedesk too, unless you got a new power solution.

The services all have different IP addresses. You setup your containers and virtual network to use multiple IP addresses on a single physical interface connection.

192.168.1.100:34000 is Plex
192.168.1.101:80 is Website 192.168.1.102:80 is Website 2

I can turn on my VPN and type any of them into the address bar to access them.