You're not worrying too much. Projects selection, global awareness is definitely the crucial point.
Isolated networks and concerns is also important.
To avoid data leak, take time to review your firewall rules. Do not "allow to any" from LAN interface. Take time to allow just the ports you need. It takes time and everyone at home is going to scream when using a new app/software, but it's worth the price.
You can also add IDS/IPS on the lan side to prevent malicious app establishing outside connections. Have a look at ZenArmor or Crowdsec.
You can also have a look at proxmox internal firewall system to isolate VM and their accessibility scope.
You're not worrying too much. Projects selection, global awareness is definitely the crucial point.
Isolated networks and concerns is also important.
To avoid data leak, take time to review your firewall rules. Do not "allow to any" from LAN interface. Take time to allow just the ports you need. It takes time and everyone at home is going to scream when using a new app/software, but it's worth the price.
You can also add IDS/IPS on the lan side to prevent malicious app establishing outside connections. Have a look at ZenArmor or Crowdsec.
You can also have a look at proxmox internal firewall system to isolate VM and their accessibility scope.