[alias_neo]

Thanks for the suggestion but "separation of concerns" is key for me; I also wouldn't want extra software running on my edge, even containerised. I have plenty of hardware (and several Kubernetes clusters) inside my network to run software workloads on.

For storage I built my "NAS" in the Silverstone CS381 (https://www.servethehome.com/silverstone-cs381-8-bay-matx-ca...) with an LSI HBA, Ryzen 9 3900X / 128GB RAM, 6 Intel NICs, 2 NVM.e SSDs + 1 SATA SSD for Proxmox and a bunch of HGST Ultrastar He10s as ZFS mirrors. I run the Unifi controller in a container on there.

Before the pfSense Protectli I was also running AdGuard Home in a container (which replaced Pi-Hole on a Pi) but Unbound + pfBlockerNG is more capable.

Re: pfSense / OPNSense; I was running OPNSense initially, but had some issues, I'm likely to go back if they're resolved; I find myself falling on the OPNSense side of the politics there.