Security & Networking

Security-first approach with TLS encryption via ACME/Let’s Encrypt for all services. Cloudflare provides DDoS protection and secure tunneling for external access.

OPNsense serves as the firewall and router with DHCP and traffic monitoring. Unifi Controller manages network infrastructure, while Unbound provides local DNS resolution. Network segmentation through VLANs isolates different workloads. WireGuard enables secure remote access. Vaultwarden handles password management, and Postfix provides local mail relay for system notifications.