HA in Docker with bridge network or macvlan

Question up front: what networks (container networks, LAN, WAN) would a docker installation of HA need to communicate with if I changed from Host to a bridge network?

Background:
I currently have Home Assistant running in Docker with network in host mode. I have secured traffic to it using LetsEncrypt and DuckDNS. I am using docker compose and portainer as well to manage my containers. I also have ZwaveJS and a MQTT container going.

I am fine witht the set up as is, but I have been exploring other networking options for my containers so that they might play nice with VMs I have running as well as other containers.

What I don’t like is that LetsEncrypt is on bare meta and all my attempts to automate updating SSL certs in the container have failed, so I find myself manually updating certs on the HA container when it stops working. I also have not set up external access to portainer or ZwaveJS and I feel like I want to.

Desired endstate:
I would like to have HA running as a container with it’s own IP address on the LAN. NGINX running in a container (likely with own IP addres as well) as a reverse proxy and SSL for HA.

Best guesses: HA would need to talk to the MQTT server and ZWaveJS, whether it is on a container network or via the LAN. It doesn’t need to talk to Portainer directly but portainer would manage the stack.

Am I missing anything or is this a relatively easy switch in my setup?

Bridge network breaks mdns so macvlan is best

If using bridge lan will work, just expose 8123 and any other needed port. WAN I presume you will use reverse proxy so make sure they connected in bridge.

Macvlan cannot talk to bridge or host so this connection is strictly for external Devices talking to HA. It will have its own IP. Macvlan to macvlan works.

I use docker bridge network for all container to
Container communication. HA is added to these networks as needed.

I use host names on bridge network not docker IPs. Ensures reboots and changing IPs don’t break things

Zwavejs expose ports so i can connect and add devices

Nginx I just expose 80 and 443.

I put a bunch of links and info in this thread