Hi,
I have been getting my feet wet with lxd over the summer and am now considering to use it on a new server for a small office for which I am the admin. The current server is running all services on bare metal Debian Bullseye, and is configured using Ansible. I am planning to use Debian Bookworm on the new system with Incus. Required services are lan (dhcp, dns, ntp, nftables, fail2ban), authN+authZ (currently Kerberos + OpenLDAP, but will add Keycloak or Authentik), files (NFS and syncthing), mail (dovecot, exim, spamassassin etc.), printing (cups), voice and chat (asterisk, matrix) and web applications (apache2, php-fpm, postgresql, redis).
The lan-services I would keep running on the host as I read that dhcp is better kept at the host. I would also run a reverse proxy on the host, but all other services I would cluster per application into dedicated guests.
I am still struggling with networking: the first service I set up in lxd is asterisk, which is a service that requires ingress as well as egress traffic. I tested various lxd networking settings: bridge, forward, macvlan, but I never succeeded in having a long-term stable network connection between the SIP clients and the Asterisk service on the LXD guest.
Are there any good online resources or books that could help me on my way to set up a host and configure Incus following best practices?