Hello there, 
I am new to LXC and have been experimenting with containerization on my home server. My current goal is to set up a multi container environment for hosting several services, such as a web server; a Nextcloud instance; and possibly a development environment. Although; I want to prioritize security and proper resource management as I scale this setup.
What is the best practice for isolating container networks? Should I be using macvlan, bridge, or something else to ensure containers are both accessible to each other (when needed) and secure from unauthorized access?
How can I efficiently allocate CPU, RAM, and storage quotas to prevent one container from over-consuming resources? Are there tools or configurations in LXC for this?
I have heard about using AppArmor and seccomp for securing containers. Are there other tools or settings I should consider? Whatโs the ideal approach to limiting the hosts exposure if a container is compromised? 
Also, I have gone through this post; https://discuss.linuxcontainers.org/t/new-to-lxd-linux-networking-containers-in-general-guidance-request-soc-analyst/ which definitely helped me out a lot.
How do you manage updates for the software running inside containers? Is it better to rebuild containers periodically or update them like a traditional system?
Thanks in advance for your help and assistance. 