With containers, most will have a persistent volume that is mapped to the host filesystem. This is where your config data is. When you update a container, just the image is updated(pihole binaries) but it leaves the config files there. Things like your block lists and custom dns settings, theme settings, all of that will remain.

Can’t speak for OP but I can say that I switched to proxmox from just running docker and services native. Proxmox offers a lot of flexibility, you can do snapshots, build many different LXC containers very easily, to keep things separate or have better control over resource usage. Also I run mine in a 3 node cluster so I can do live migration of VMs and pretty quick migrations of LXC containers. This all allows me to run my services with little to no downtime and have redundancy.

This looks really cool. Any recommendations on clients(speakers)? I have a couple of older raspberry pies I could use if as remote speakers, but I’d need a few more.

What are you using for client devices?

I like the “1 liter PCs/home servers” for this kind of stuff. I have a 3 node proxmox cluster running on hp elitebook mini 800 g4’s. I got them for around $120 each on ebay (prices vary). Other big manufacturers have their own mini modules (hp, lenovo, dell) Generally these have a lower price tag than something like a similar generation intel nuc because it’s less of a niche market, these are used in business office environments and usually sold used pretty cheap when hardware is refreshed or businesses are closed. You can find replacement parts easily also. Just make sure they include a power adapter if you do search for one.

Mine are running i5-8500t processor which supports Intel quicksync and performs very well for video transcoding in plex. Should easily be able to do a couple of 4k transcodes easily. If you’re not interested in running proxmox, this would run OMV easily and have plenty of power to run lots of containers.

I use nginx proxy manager with dns challenge to get a *.example.com cert that I then use to host services internally. I just checked, it supports dns challenge for porkbun, you may want to give it a try again. Also, you shouldn’t really need to forward dns to duckdns. You can have public dns records point to an internal ip.

This is what I do, I have example.com (dns registered with cloudflare but should work the same with porkbun) I then create an a record for portainer.example.com to 192.168.0.5.

Internally my nginxproxymanager is running at 192.168.0.5 and portainer is running at https://192.168.0.6:9443

Then in nginxproxymanager I create a dns challenge (you’ll have to look up some videos on how to do this, it’s not very difficult it usually just takes a api key and secret key) then I create a new proxy host for portainer.example.com pointing to https://192.168.0.6:9443 and you select the *.example.com as your ssl cert for the proxy host

Now internally go to https://portainer.example.com and it should work.

I use it to send backups to backblaze b2 also, it works very well for me.

That’s fair, we should all test our backups from time to time. I haven’t had any issues over the years with it though i’ve never had to rely on it for a full restore.

I’m a big fan of duplicati. You can install it on Linux, windows, (not sure about mac) and use it to send backups anywhere. Backup to your nas, to s3, smb share, whatever.

Well with bitwarden/vaultwarden you can have a copy of your entire vault on your phone or computer or both… so even if your server was totally dead, you’d have access to your passwords. Solid backups is a must, I follow the 3-2-1 rule on super critical systems (like vaultwarden) and test that you can actually recover. Something as simple as spinning up a VPS, testing a restore, testing access, see if that could work in a pinch until you get your server back online, then tear it down. Linode is very cheap for this kind of testing, it’d only cost you a few pennies to run a “dr” test of your critical systems. Of course you still want to secure it, I’d recommend wireguard or tailscale instead of opening access to your DR node to the internet, but as a temporary test it’s probably fine if your running patched up to date versions of docker, vaultwarden, and I’d always recommend putting a reverse proxy in front like nginx.