Add a second node using the new drive, move all vm to the new node, decommission old node, rebuild the old node with the new drive.

You can get away with a disk clone but in my opinion a vm move is the proper way to go.

Adding a new node you start with a clean install, any quirk you have on the old hw will be finally washed away (or will bite you back and be properly documented), you have a quick way back should anything go sideways (the clone too provides a quick way back, but i like this way much more ^^), you get some hands on multi node experience that will be useful for ha setup.

Normal background noise. ssh is a well known protocol/port and scanning is automated.

I wouch for the VPN route… VPN servers are built to be exposed, are hardened/engineered to resist the harshness of the net and are somewhat safe even with default settings.

Should you publish on the wild a few web apps, you would have to harden, monitor and manage a bunch of environments and/or frameworks with a load of quirks each.

A VPN is easier to maintain and safer for your data with a lower effort.

The article is on a ‘pay or ok’ site.

Maybe there is some relation with orange man erratic behaviour, canadian pm speech in davos, europe considering to abandon usa cloud and other countries that may follow suit?

Just sayin’…

In proxmox you create a vlan on the physical interface and not on a bridge.

Once the physical port has tagged traffic for all vlan but LAN, leave vmbr0 alone, create the new DMZ vlan in proxmox networking and a new vmbr on that vlan, that’s it.