The Advanced approach
The advanced approach gives your more peace of mind, stronger resillience and more flexibility at the price of higher hardware cost, more knowledged involved, and more setup times. It's also more fun, but you might want to evolve gradually from the simple to the advanced approach maybe to create a progressive investment in money and knowledge.
The basic idea is to split the simple approach by separating the two main pillars of the setup:
- The routing / network management: done using opnSense on dedicated hardware
- The services, both internal and external: done building a good pc (non laptop)
Using a dedicated firewall appliance like OpnSense is the best approach to unleash the full potential of your network, it let's you manage ISP failover, VLAN, DNS filtering and resolving, and much more using a nice web GUI interface on well-proven, state of the art, firewall dedicated software. Don't worry, it will not be any easier, in fact it will be much more complex to manage! But, at the same time, much more powerful and effective.
Going with something more solid than an old laptop for hosting your services is also a good idea for scalability, to avoid USB nuisances, and in general to benefit from better performances overall. The main drawback is the loss of the conveninence of a battery, which can be mitigated with a better UPS than the one you where already using (right?) for your RAID disks on the simple approach.
Storage
Exactly as for the simple approach, you need RAID storage, which means at very least two hard-drives (or SSDs) in RAID1. Better would be many devices on RAID6 or such, but letìs stick with two RAID1 mirrors. If your server case has the capacity, plug in more disks and research on using ZFS or some advanced RAID techniques. I strongly suggest you use all SSDs, to save on energy consumption, heat generation and noise. The price per gigabyte will be higher, tough.
Networking
From the network hardware point of view, you want to purchase a so called firewall appliance with at least four Ethernet NICs. The CPU is not very important, the cheapest you find should be already more than enough. RAM and storage requirements might vary, depending if you want to do web caching or not.
Your firewall appliance will need at least two, better three, wired Ethernet connections:
- One LAN interface, to talk to all your home devices
- One, or better two, WAN interfaces, to talk to your one, or better two, ISPs (Internet Service Providers)
I suggest to avoid using WiFi because or reliability and bandwidth, so you need three Ethernet NICs. If you don't want to buy a dedicated firewall appliance hardware, you can always emulate one with a normal PC, plugging in as many PCI-Express NICs as needed. The overall power consumption will be higher tough, so i recommend to go for a low-power firewall appliance. In both cases, you will be installing OpnSense on it, so the hardware doesn't matter much.
Services
From the service hosting, you might go for a nice desktop PC or even a workstation. Usually both kinds should be able to host at least two disks, in addition to the main NVME slot, if not even four disks. This will ensure you don't need an external USB enclosure. Also adding more than one Ethernet NIC is usually pretty easy since you can plug in a PCI-Express ethernet card. There are even multi-NIC PCI-Express cards out there if you need more than two.
Your server will need to be beefy enough to host any service you will need. In my experience, this is not a big issue. A good video card might be useful for on-the-fly AV1 / x265 video decoding (if you want to host a media server like JellyFin).
In any case, with this advanced approach, you can always spin up an additional server should the first one be saturated at a certain point in the future.
To be honest, having a dedicated firewall appliance means that your services server don't need multiple NICs, but of course YMMV and the opportunities are endless.
Routing
The routing for the home network will be managed by your firewall appliance and OpnSense. OF critical importance is to properly define how you want to organize your network, and understand how a firewall applicance works to be able to leverage it's power properly.
More details will be provided later on.