Architecture Decisions for a Production-Ready Homelab — Isolation, Transparency, and why ‘It’s Always DNS’

From Kernel Isolation to Netbird protocols, a deep dive into building a modular foundation on the HP EliteDesk. In my last article I mentioned about starting my homelab. I did it. I went with proxmox as a hypervisor so I could deploy multiple VMs and services accordingly. The main choice after installing proxmox on it was to decide I was going to use LXC, docker containers or VMs for deploying and managing services. So my choice was to run Docker containers on VMs instead of using LXC is due to a few factors. Docker while using host kernel will be using the host kernel of the VM and this will provide a defense-in-depth security. A kernel exploit in Docker only crashes the guest VM rather than your entire physical host, while enabling proper live migration, snapshots, and disaster recovery that LXC doesn’t support well in Proxmox. VMs let me segregate workloads into isolated environments with different kernel versions for specific needs, dedicate static resources to prevent noisy neighb