1·
2 years agoIsolate your programs, keep the critical stuff away from the public using tailscale or a VPN, hell, even an SSH tunnel could work in your case, make sure to keep different password for each software for your database. If possible virtualize each software to keep them from communicating to other softwares. This is how i manage my infrastructure (or should be, i haven’t gotten yet to use tailscale for admin only websites).
If it’s relevant to your actual job, learning to use k8s will benefit you more. Generally i’d prefer to keep the bare metal OS as clean as possible to avoid breaking anything during upgrades and such, and keep the containers and normal running apps on separate VMs that can communicate with eachothers, k8s is mostly good if you got a lot of servers and want to manage them all at once through a single “orchestrator”. But for self hosting stuff in your home it’s kinda overkill. But it still can be used to manage things up. So imo go for k8s since it can be used in homeservers, it’s just that it’s kinda like using a nuclear bomb to kill a wasp.