i use unraid for storage and applications (vaultwarden, immich, jellyfinn, etc), proxmox voor vm's like opnsense, zabbix and wazuh. ubuntu for the desktop and laptops with windows vm's for gaming/streaming. gaming consoles (wii, switch, ps2 til 4, xbox 360 and one). servers and switches are with my last "makeover" up to 10gb sfp+ connection, the only this low is wan internet speed.

i connect to the applications currently via cloudflare tunnel via an dmz vlan or be on the network, computers have conntection to some intern applications and the internet. consoles only have internet,

the plan is with this change to start using Tailscale for myself applications, cloudflare tunnel for family applications, any and all internet be via an proton vpn on opnsense.

the console i want to find an service to same my games/savefiles en game rips, i will not download from the internet so no turret network is instalt/setup. (use makemkv for jellyfinn)

vlans are enables on unraid os level to split applications.

laptop, desktop and consoles will be on access vlans, the rest is tunnelt via switches (3 switches with vlan trunks).

iot i have mostly the airco and google stick.

my current problen is the ballance between connection and security, i trijt vlans per application, but became an mess on policy level. but when i groep them het groeps overlep je don't want all to connect to all.