@michmoor said in Home/homelab network design - Am I overthinking this?: The amount of VLANs here are , imo, a bit of an overkill OK. Would you mind telling me what you'd do differently? And why? Do not host an email server. There will be plenty of people here that will list the multiple reasons but chief among them is that it will be extremely easy to get your IP on a bad reputation list. I know that's the conventional wisdom. I also know there are plenty of people out there who are doing it successfully and have been for years. I plan to use an SMTP relay so I don't have to worry about my IP being on a bad rep list. If you are a novice as you state then the recommendation would be to not expose any services to the internet. If you need to make your NextCloud or any other app accessible to others than a remote access VPN would be best. If you dont want to do that then look at CloudFlare tunneling but i honestly just wouldnt do it if you are not prepared in all the things that could go wrong. I'm already using CF tunneling. I plan to be prepared for worst case scenarios with a very good backup plan/system. If everything crashes and burns, OK. Great learning opportunity. If you are going down this rabbit hole of simulating an enterprise then look also into setting up a remote logging server (Graylog), perhaps a SIEM (Wazuh) which i would highly recommend considering you are exposing web servers to the world. Yep. Planning to use both of those. Maybe Zabbix and Suricata, too. All stuff I want to learn.