Well, I think it is necessary if you have mobile devices. Anything nailed down should be connected by wire, but if it is mobile, it should get the connection. Especially if the cell phone link is not that good inside the house.

MAC whitelist.

I know that this would be the most secure way. But I seriously doubt that this level is necessary in a normal home network.

That’s what MAC whitelists are for. Your DHCP server should be able to handle this.

Identify your friendly devices and give them one setting with everything (full subnet and correct default GW). Identfy your IoT devices, and give them another (full, or specially limited subnet mask, and fake default GW, maybe a different nameserver, too). Anything else is guest and gets a very limited subnet mask and a working default GW.

I’m pretty sure I don’t do this ;-) I know how routing works.

Then why don’t you ask the people who do this?

But you don’t need several LANs for this. This can easily done with proper routing. A can access internet and internal network addresses. B can only access internet, and C can only reach internal addresses.

Why would you want to do this, anyway? Or, as I as a developer regularly have to ask our sales people: what do you actually want to achieve that led you to this question?

Keep in mind that AD, Office, and Exchange is he holy trinity of getting hacked in the last years.

There are companies that sell parts from used servers, e.g. SAS controllers for PCI.

I’ve got systems that can detect suspicious activities in the net, which result in a shutdown of the router. And not like “could you please shut down” but a hard power off type of shutdown.

Indeed. Whatever you put in a cloud needs backups. Not only at the cloud provider, but also “at home”.

There has been a case of a cloud provider shutting down a few months ago. The provider informed their customers, but only the accounting departments that were responsible for the payments. And several of those companies’ accounting departments did not really understand the message except for “needs no longer be paid”.

So for the rest of the company, the service went down hard after a grace period, when the provider deleted all customer files, including the backups…

When you are working locally, why don’t you use Samba for storing and sharing of documents?

I found a service that syncs our calendars self-hosted. That was the only thing that was missing. Can’t remember the name, works flawlessly and without any problems for a number of years now. If you are interested, I’ll look it up next weekend.

The very same reason why I gave up on Nextcloud. Too many nasty surprises.

Well, it always depends on the use case. And if you think over the use case, maybe other solutions might even be better.

Good specs, but the rpi still has the absolute big advantage of it’s vast field of available turnkey software.

There is a big difference between “it works out of the box” and “it works so-so after a lot of fiddling, and I still don’t know why”.

I live in a part of the world where powercuts are pretty frequent.

Texas?

No issues with double NAT. I even had a setup with an internal and external net, and the provision that any network link originating from (not passing through) the outer NAT router would raise an alert on the inner NAT router - which would simply switch the outer NAT router off.

Unless the big ISPs made competition like that illegal.