…running each container from their own user…
Ideally this is the perfect option from a security standpoint, this as well as each container having it’s own network too.
In a homelab it’s not really required unless you are exposing your network to the internet or are better at creating/managing containers.
If you are just starting out, just keep everything simple.
Bookstack (/r/BookStack)
I run two pi-holes with gravity-sync between them and have done for ages. Never had an issue.
I add both because why not. It doesn’t hurt.
For backups I use Nautical Backup.
For the “owned by root” problem, I ensure all my docker compose files have [P]UID and [P]GID set to 1000 (the user my docker runs under). All my 20 containers have no issue running like this.
How are you launching your containers? Docker compose is the way, I have set the following in all mine:
environment:
- PUID=1000
- PGID=1000
user:
1000:1000
I have 3x NUCs. 2x are running VMware ESXi and one is running Debian with Docker.
Have a look at https://github.com/minituff/nautical-backup, it does a similar thing