view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
- 
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon. 
- 
No spam posting. 
- 
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear. 
- 
Don't duplicate the full text of your blog or github here. Just post the link for folks to click. 
- 
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda). 
- 
No trolling. 
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
For work we have standards, ideally we separate VLANs by device type and firewall off their communication, but on a home network, I'd generally group by category. .1-9 network gear like switches and firewalls. .10-19 IOT. .20-29 servers & NAS. So on and so forth.
I see no reason to put iot devices on the same lan as my servers/home network, and I never suggest that to friends.
So separate WiFi name or (or probably router/AP) for separate vlan?
Vlans are virtual lans. So no extra equipment, but your router (as minimum) must support them. If your AP also supports them, you send two vlan through one cable (trunking), and attach each vlan to its own SSID on the AP. There will be no connection between devices on SSID1/Vlan1 and devices on SSID2/vlan2. It’s like you have two cables. To make a connection between those devices you must tell your router to forward the packets between the virtual lans.
That’s the whole trick - you see one cable, but inside it’s like 4000 cables. It’s the same inside your switch/router with vlan support - you see one physical port, but it’s 4000 inside - one for each of the 4000 cables. Each one works and behaves like a physical one. You get data in from one, and can forward it upstream to internet or into one of the other nic’s/cables as that’s what a router does
That's what I do. All my IOT stuff that I can't get wired or via Zigbee/Z-Wave goes on a separate VLAN along with my Home Assistant server. I have an mDNS repeater for ease of access to TV stuff via apps (might spin TVs off into its own VLAN, just haven't gotten around to it) but a 1-way firewall rule that only allows the main network to initiate connections. Certain devices which don't need internet at all get static IPs and completely firewalled.
I’m paranoid so I have created a physically separate network for the IoT stuff. Everything gets its IP from the same server from a /25. The lower is the trusted network, high IPs are not. IoT network devices cannot open connections to the other network. A bit awkward, but works fine.