It really depends on which Socket Services the container requires. If you have a lot of containers that all need the same set of Socket Services, you could potentially use a single socket-proxy to serve all of them (in theory, I think).

I usually run one per stack, sometimes more if I have a container within my stack that requires more/different Socket Services to the other(s).

I’m not a docker expert though, so I’m not sure I can say what’s recommended. If you find/get a more authoritative answer on this question, I’d be interested to know.

PfSense is another choice, if you want something with a more polished UI.

The risk is certainly lower if you’re not exposing services to the internet, but that’s not the only way to end up with a rogue container. I use docker-socket-proxy for most of my stacks that need socket access. It can sometimes require a little bit of troubleshooting to understand what services you need to proxy, but I’ve had a pretty good success rate. Reading the logs from the socket-proxy and referring to the Docker Engine API documentation will help you to understand what Services you need to enable in the socket-proxy config.

Are you interested in the networking side of self hosting? If so, you should get a better router, something you can run OPNsense or similar on. There are other “options”, but they’re workarounds that avoid fixing the real problem.

I haven’t finished watching the season yet, but it’s definitely not as good as season one. Company Retreat, the setting and the fate of the company, do not have the same gravitas as a court case. Rather than being unique, as season one was, this second season feels like a poor version of The Office (US). I understand it would’ve been difficult to pull off another Jury Duty without the “hero” realising what was going on, but I’m sure they could’ve come up with a more intense scenario than a company retreat.

FreeIPA, Zitadel.

They don’t want people installing GrapheneOS on them.

Same

Thought I’d check out “Death by Lightning”

Pretty much everything Aaron Sorkin has done has at least one great monologue in it.

If possible, don’t play in a completely dark room, have a dim light on, so your eyes are not as shocked when hitting a white screen.

Gen V Season 2. Also checking out Black Rabbit, and catching up on some Chef’s Table.

I can’t believe it hasn’t become more popular, it was excellent.

You might want to check out the self-hosted communities on Lemmy for more info.

If you want to use Cockpit, the 45drives Cockpit modules make dealing with SMB easier. I think TrueNAS is a better option. If you want more flexibility, then Proxmox VE is a popular choice.

I think I’ve seen this one before.

Recently? The Peripheral, and Kaos.

Untrusted devices should really be on their own VLAN. You will have much better control over them and their ability to reach out to the net, or gather info on your network and other devices. Some IoT devices have their DNS hardcoded, so they will ignore your Pihole anyway - you will need to redirect the DNS with outbound NAT to combat this.

I can see another John Oliver episode incoming.

I don’t have one myself, but several of the guys on YouTube use them. See “The Home Automation Guy” or “Smart Home Solver“. I can’t remember the brand they use.

If you’re not using a VPN, it’s possible your ISP is throttling your connection when it sees p2p traffic. Just another thing to look into.