Pi-Hole, Firewall/VPN, NextCloud Server, and Security Tool Test machine AIO?

I am looking utilize NextCloud at home. I have used other cloud services and I think from the outside, NextCloud seems to be cool. In general, because of my profession (security), I am hesitant of adopting cloud technologies, but their convenience is obvious. At the same time, I wish to combine a number of other features for other reasons and I am wondering if it can be done as an all in one.


  1. If hosting my own at home Next Cloud, using 2FA, E2E encryption, encryption at rest, and maybe even a wrapper like BoxCryptor, is it sensible to still have the NextCloud server behind a linux firewall?
  2. The idea is that I will have a wi-fi hub and wired switch also behind my VPN and firewall, so that all devices by default go via a VPN and all meaningful traffic is encrypted. Can NextCloud be setup behind something like this? How does access to the internet work?
  3. Pi-Hole (I have never set this up and have a few questions). The Raspberry Pi for the Pi-hole concept is merely a low cost computing system that can run linux. So, I suppose any machine running linux can implement the pi-hole concept. Is this correct? From a network perspective, should this even be connected to the same physical hardware or could one create a virtual machine to black hole all the traffic?

I plan to buy a restored formerly very high end workstation. Years ago, I set up a VMWare server for CCIE classes and education with less robust hardware and from the hardware perspective, I have all the confidence this will work. But, it seems the virtual routing can be a bit messy and hence I am wondering how access and security work with these specific features/tools.