I'm starting a project to make my home hosted services exposure to the internet a little easier to keep secure.

I have various web services such as Immich, JellyFin, and a few other services that either have high storage needs and this would be expensive in the cloud, or things that use more private data. Many of these are exposed to the internet. This network has a domain assigned and each service is assigned a subdomain. These are running in a K0s Kubernetes cluster on a separate VLAN from my home devoces on a couple of NUCs and a raspberry pi. And use Traefik reverse proxy and Keycloak OIDC.

I also have a few VPS's running things that need faster responses or don't store as much data. This has a separate domain.

Right now I have an OPNSense router that is the target of all the home domain's traffic using dynamic DNS and that forwards it to Traefik on the Kubernetes cluster.

I'd like to instead close off the home network a bit more so I don't have to devote so much to security and can just drop a lot of the malicious connections coming in regularly. I also have the problem that my ISP still only offers 6rd for IPv6 which is basically useless. So I was considering several tunneling technologies that would have the exit node on a VPS. But also need to be able to access the services while at home without the traffic exiting the network.

I've narrowed in on headscale/tailscale and pangolin. I really like that pangolin uses traefik because I'm already familiar with it and it's already in use in both my domains.

So I'm going to start working on setting up pangolin to see how it goes, but I haven't seen many examples and I haven't seen any that use Kubernetes on the internal network side. Sure I could set up a separate docker instance to host the services, but I really like that kubernetes is able to load balance so that one of my NUCs is almost always in low power mode during off hours when no maintenance tasks are running. So I don't want to put other non-kubernetes services on there nor do I want to have to set up a totally separate server if not necessary.

I haven't dug in too deep yet, so I was hoping to see if anyone else had any experience with setting up pangolin with kubernetes on the internal network side?

I'm looking for some new face creams for combination skin and found something that didn't make sense to me. Anyone want to ELI5 why prebiotics are a positive thing for skin creams? I've seen several products advertising it. But doesn't prebiotic just mean it's something that bacteria likes to eat? So, in a skin cream that seems like it would promote bacterial growth, which I get why that combined with probiotics can be good for digestion, but can't get why it's a plus and not a minus for skin creams, especially in areas of the skin like the face that tend to gather a lot of bad bacteria.

Anyway, just trying to decide if it's just marketing nonsense, there's an actual benefit, or as it seems with my initial reaction, that it's actually a negative thing that would potentially promote acne/rosacea.

Also, feel free to interject any recommendations on good ingredients/products for aging, combination skin, but not the primary reason for the post.