I’ve thought about it, and nobody will care about your/my elaborate setup after we are gone. It will just be replaced by a ISP router without regrets.

servethehome.com has a series about these fanless, multi-gigabit firewall for a while, might be interesting if you have a 200-300 USD budget?

https://www.servethehome.com/tag/firewall/

I’ve used a very similar setup in the past (J1900 CPU, 4x1 Gbps network ports) and I only replaced it due to reasons. Not noticed any performance bottle necks with that setup.

The latest N100/N200/N300/N305 CPUs from Intel looks really interesting, similar performance as my workstation but at a 10th of the power usage. N305 also has 8 cores in a passively cooled case, amazing stuff!

I’m using a ~30 USD thin client with a 4 port networking card (~20 USD), just using plain nftables on Debian. It routes handles my network just fine (complex rule set with many subnets & rules, 250/100 Mbps connection). Also using codel/cake for traffic shaping, avoiding lousy ping times even when downloading/streaming et c.

I use two TP-Link EAP 245v3 (ancient by now, but I can still use all my WAN speed from all rooms) for WiFi. Works great.

If I would redo it I’d use VyOS, OpenWRT or maybe OPNSense, but still using x86 hardware due to cost/power usage/performance. And then newer ceiling access points.

After all, it just tells time

It’s for making your computers clocks be very, very close to each other. Not milliseconds close, but nano seconds. That is more important than one might think, especially for networks.

I’m going to have something similar at home at some point, just need to make a few more cable runs so one GPS can see the sky (= more accurate)

yes, but it’s throughput must be measured in Kbps, right?

Calm down, no need to go crazy here

Also have a look at omnivore as a pocket alternative!

I use authelia. It’s pretty straight forward to get started with, I just use the yaml user file and a SQLite database for sessions. I’m running it in podman with auto updates enabled for the tag I’m using (can’t remember which tag, but not latest).

I then use their tutorials as a base for the systems I want to use oidc with (grafana, miniflux…), or just redirect traffic through my reverse proxy to services that lacks proper authentication (looking at you, *arr stack).

I use caddy and traefik for reverse proxy, and it’s very simple to use forward_auth and similar with it.

It took an evening to figure it out but it’s well worth it!

What. That’s amazing!