We have a lot of network experts and enthusiasts here at XDA, and we talk a good bit about how setting up your home network the right way is important. From VLANs for your smart devices, setting up guest networks, and so on, there's quite a lot you can (and sometimes should) do to make sure your network is optimized as possible.
But I'm a simple man; as long as the internet works well and I'm not at obvious risk of being attacked in some way, I'm good. My home network is as boring and plain as they come — and I love it the way it is.
A single router, a single network
Well, kind of
Up until recently, my network was powered by my ISP's provided router, though after changing to a new provider, I decided to also buy a new router of my own, and I went with the Flint 2 (GL-MT6000) from GL.iNet, following a recommendation on Reddit.
My apartment is decently large, so I considered at least a two-point mesh network to make sure speeds were good in every room. I run live streams from my office, which is all the way across the house from where the main router is, so I thought it might be a problem. Thankfully, the Flint 2 is a seriously powerful router, and I have fantastic coverage anywhere in the house. Even if I go down from the second floor (where I live) to the entrance of my building, the 5GHz band is still available on my phone.
I also have a single network coming out of the router. Well, technically, I do have the 2.4GHz and 5GHz bands as separate SSIDs, but that's just the default setting on the Flint 2, and I left it like that because I can keep lower-tier devices like smart TVs on the 2.4GHz network without potentially hogging the 5GHz band that I need to be more reliable. I don't really get untrusted or unknown guests in my house, and cellular data is common enough that even if someone comes over, they likely don't ask for Wi-Fi access. All that to say I don't really need a guest network, either, though I can see why it would be helpful if I needed to share the network more frequently.
I don't have any VLANs, either, though I am aware of the recommendations to use them if you have smart home devices. These are common attack vectors, and I do have a few, but I've been okay with winging it so far. The couple of smart lights I have come from big enough companies that I trust they have solid enough security to keep any major problems at bay. So far, it's been working out.
A home server and NAS
Complete with Tailscale
Potentially the most complex part of my network is the improvised NAS, and that's not saying much. As I've talked about before, I have a mini PC running Proxmox, which then houses a TrueNAS instance, a Jellyfin server, and Home Assistant.
TrueNAS and Home Assistant both have something very important to me that adds a bit of complexity, which is Tailscale. This allows me to access devices on my home network even when I'm not connected to the home network by routing my connection through a private connection in Tailscale. Because it's still tied to my Tailscale account, only I can access my devices remotely this way, meaning my home devices are kept safe, and only my family and I can access them.
In the case of TrueNAS, I also did set up a custom domain with a reverse proxy, and that takes a bit more work, but that's all happening externally to the home network, and it's not necessary nor relevant here.
I didn't do anything too crazy to have backup options or connections, either. If my internet goes down, chances are power will be out anyway, and I don't have a way to work around that. I also don't have anything so important on my NAS that I would need absolutely need access to while I'm away from home, so I don't feel the need to set up any kind of redundancy for remote access. One Tailscale instance is all I need.
Network-wide ad-blocking
Built right into the router
Before buying my own router, my NAS was serving as a network-wide ad blocker using Pi-hole, but the Flint 2 router actually has AdGuard Home built-in, so I figured I'd switch to that to simplify my setup and reduce the amount of things running on my NAS.
If you have a router that has AdGuard Home built-in, setting it up is fairly easy, and you just need to add a couple of popular lists to block the vast majority of ads. This could also reduce your traffic usage and improve overall usability of the network, since requests to those ad servers are just dropped entirely, not just filtered on one specific device.
Setting it up in a NAS does take a little bit more work, though it's still one of the easiest self-hosted services to run, so you can easily do it provided you already have a NAS. Or you can run Pi-hole on a Raspberry Pi, which also works great.
Keeping it simple
If you're not someone who cares about setting up your home network at all, even what I've described above may already sound more complicated than it needs to be, and that's completely fair. At the end of the day, if your home network works for you, and you're not actively putting yourself in harm's way by setting up outdated security measures (or none at all), then that's all you need. Even setting up a NAS with Tailscale is more work than most people may find worth doing, though I do love having mine.
For all the advice some of my colleagues have written, I'm happy with my simple, boring network. Maybe I'll change my mind someday, but I can't see that ever happening.