Then I would stick with ZFS if you’re already familiar with it.

I’m not at all familiar with ZFS. It’d be part of the learning curve as is Proxmox as a whole. But I consider knowledge about both as useful.

LXD is a management system for LXC containers. If you’re just starting out, stick, with LXD. It’s much more user friendly.

I will stick with LXD for containers then if I don’t use a VM.

Not really. I run a VPS which acts as a reverse proxy for my docker setup, which has non-local storage via NAS. I don’t particularly see a point in fragmenting docker like that, but if that’s how you want to roll, then go for it.

This due to my lack of experience with Docker and backing up all properly to do a complete restore. It looks like I have learning curves in more than just one area ahead of me.

I very strong advise against this. But it’s perfectly possible. You’re just at the whim of the airwaves. I live near a main highway and sometimes when large trucks go by, I lose WiFi for a quick second. Really fucks with certain things.

Yeah, nothing beats a setup, where each network interface is the maximum size of a collision domain.

Yes. Nothing wrong with software firewalls.

Gotta get ahead of that old school me that thinks running a software on a different hardware plays a crucial role in the threat model.

Also yes. Particularly (like I have setup) I have a software firewall that tunnels my local vLAN to my VPS, and then everything else is further bisected using a hardware firewall–so all outside incoming requests are proxified by my VPS meaning any direct connections are dropped by the software firewall, then I manage ports from within the hardware switch.

That’s a setup I may borrow from you :)