www.keycloak.org - auth mostly for outline
www.getoutline.com - my personal "notion"
nginxproxymanager.com - to proxy things
Wireguard - remote access and interconnection between zones
cockpit-project.org - to manage VMS
github.com/coder/code-server - To remote develop
2x of docs.paperless-ngx.com/ (one for me and one for my partner) - I scan and destroy most of the letters I get.
snibox.github.io/ - my terminal companion
pi-hole (together with wireguard I don't have ads on my devices)
uptime.kuma.pet - to be sure that things are online
mailcow.email/ - for non priority domains
docs.postalserver.io/ - mail server for apps and services
HomeAssistant - To control home lights
Cups - share printers
Wireguard - (connected to the cloud)- The excellent Home Assistant, for unifying across Homekit and Google Home and tracking historical temperatures and a couple of automations. The RPi has Bluetooth built in, so I can capture the data from a few Bluetooth thermometer/hygrometers running custom firmware (https://github.com/pvvx/ATC_MiThermometer) without a 802.15.4 bridge or similar.
- An AirPlay to Google Cast bridge, mainly for listening to Overcast or the occasional YouTube video on Google speakers (without subscribing to Youtube Premium/Music)
- A SMB server, for file storage and potential Time Machine backups (but I don't currently have enough storage, and locally attached SSDs are just hard to beat in terms of performance)
- A DLNA server, for watching photos and videos on my TV
- Tailscale, for the occasional use of my home connection as a VPN when traveling (really glad to be having symmetric fiber for this!)
- Caddy, as a frontend for everything web facing, to benefit from its excellent Let's Encrypt integration for automatic certificate requests and renewals
Most of this is running in Docker containers and configured via Ansible, so that if the microSD card burns out (or I botch an OS update), I can just flash a new one with an empty image and recover from there.
Mirrors of various package repositories I use.
I'm currently mirroring npm, crates, Arch packages, clojars, maven and some other things, then all my machines (desktop, servers and laptops) point to the mirror rather than directly to upstream. Some of them are mirroring dynamically (basically a cache at that point, do this for npm for example) while others I fetch the entire repository and keep on disk, cleaning out old packages when needed (I do this for Arch packages for example).
Best benefit is that downloading stuff and updating my machines takes seconds now, even if there is multi-GB updates to do, and a secondary effect is that I'm not impacted by any downtime from npm et al. Saved my bacon more than once.
It's all docker-compose. I'm thinking of taking some services off the internet using TailScale, some already are just on the Tailnet (Home Assistant and Paperless NGX), all my SSH ports are now only open to the tailnet as well. I love Tailscale, except for the battery drain on my iPhone (which wasn't an issue with plain WireGuard)...
Btw, this is my hardware: https://blog.hmrt.nl/posts/personal-cloud-infrastructure/#ha... (beware, the rest of the post is somewhat dated).
Oh, I moved Paperless and Home Assistant to a NUC, mainly because I'm working on the house a lot and I really need those online, those were also set up with Tailscale in mind, and the advantage is that whether that NUC is plugged in, on WiFi or at my parent's place, all services (inc ssh) are still available at the same IP address (of course sensors drop when I move the NUC out of my network, there is no Tailscale for the Shelly plugs etc :)). I'm thinking of a similar setup for my NextCloud now. Always innovating, it's a nice hobby.
On the server/NAS, a QNAP TS-464eU (4x 4TB HDD RAID 5 + 2x 1TO SSD RAID 1), I'm running Container Station with 4 docker containers:
- Home Assistant => For all the home automation, displayed in the kitchen on a tablet.
- Adguard => To remove internet trash and protect my parents when browsing the web.
- NextCloud => For contact, calendar and file sharing in the family as well as backups.
- Caddy => Reverse proxy to make NextCloud available from the outside.
I did a more comprehensive list of the setup[0] if you are interested.
Ubuntu 22.04 Server for the host, everything else runs in LXC containers. This is all setup on ZFS.
- https://znc.in/ IRC bouncer
- https://caddyserver.com/ Caddy Webserver for a few personal websites
- https://github.com/AndroidKitKat/waifupaste.moe/ My personal pastebin
- https://transmissionbt.com/ Torrent client that I actually use for Linux ISOs. Primarily seed different versions of Ubuntu and the latest Arch. I am looking to seed other, lesser-seeded distros, too.
- It also runs Samba
A second, dedicated computer also running Ubuntu Server 22.04. It only runs https://pleroma.social for me and a few of my friends.
A third computer, this time an M1 Mac Mini that is my Plex box. It's running the latest version of macOS Ventura and runs all the *arrs and qBittorrent. It also runs Plex itself, because it's one of the only computers that I found that was low power enough but still supported hardware transcoding in Plex. I've been meaning to find a replacement for it running Linux + an AMD GPU (I have an rx470 sitting around somewhere), but no real good deals have turned up.
- plex for streaming media
- external hdd that a friend uses as offsite backup (he has mine)
- home assistant, mostly fed by data from the...
- mqtt broker, that ties the sensors around my house together
- postgres, for long term reporting and predictions, mostly with data from...
- some cron jobs that scrape weather data and energy prices (they change hourly, sometimes going negative)
- security camera (a shell script saving an RTSP stream)
- a docker container that I can ssh into from anywhere, that allows backing up the iphone photo roll using the "photosync" app into my photo backup folder
Soon (I tell myself) I will analyze the security camera stream with YOLO or something to detect the cats that piss against my bikes... hehehe
Use Tailscale for MagicDNS and access from any network.
Have a custom wildcard domain pointing to my tailscale k3s node ips, and a traefik ingress controller. This means exposing a service from my cluster on a subdomain just requires creating an ingress object in k3s, and it's only accessible via tailscale. cert-manager and let's encrypt handle TLS.
All services are deployed via gitops using ArgoCD, so changes are auditable and can be easily rolled back. Replacing hardware is just a matter of installing k3s and joining the cluster, then everything automatically comes up.
Restic for backups to s3.
For home automation I use a USB zigbee controller, mosquitto, zigbee2mqtt, room assistant, and home assistant, all deployed on k3s. These control my lights, HVAC, and various garage doors and gates. Also have mains-powered zigbee switches bound directly to devices so everything still works even if network or home assistant goes down.
The RPis are used for Room Assistant, which can automatically control lights/HVAC based on presence detection via a smartwatch. More intrusive actions (e.g. making lights brighter when already turned on, opening blinds) are pushed to the smartwatch for confirmation.
Grafana/prometheus to monitor sensors.
For media, jellyfin and sonarr/ radarr. The native Jellyfin app works very well on modern LG TVs.
Pihole to block ads on any device connected to Tailscale. Works globally.
Right now it's zero maintenance, and changes are automatically synced after a git push, so I almost never SSH into the servers directly.
- Caddy acting as a reverse proxy in front of the other apps
- Wallabag to capture articles I want to read later on my e-reader
- Calibre Web to manage my ebooks & PDFs
- Two Minecraft Bedrock Edition servers for my kid & their friends
- Yopass for secure password & secret sharing
Prior to this, I had a Raspberry Pi in the closet for hosting and it was frustrating. Not only did I have a hard time finding Docker containers for some apps that were actively maintained for ARM, but one time my SD card died and took everything with it. Since then, I've started mounting directories on my Synology NAS and using that as RAID-enabled storage that gets backed up to the cloud every night.
- Main workstation in VM with GPU passthrough (saves power by not having an additional machine running)
- Nextcloud for files, calendar, contact sync
- Joplin server for notes sync
- Samba NAS for me and everyone else who lives in the house
- Occasionally one or more Minecraft servers for friends
- Jenkins CI for my open source projects
- Mail server (using the ISP's mail proxy for outgoing)
- qbittorrent for 24/7 seeding or Linux ISOs
- Storj storage nodes for some passive income using spare disk space
- Borg backup target for friends
- Home Assistant (very basic user, only use it to control some MQTT tasmota flashed relays with my phone)
- Matrix server
- InfluxDB+Grafana for collecting various metrics (server usage, temperature sensor, hooked up to serial port of smart electricity meter for power and gas usage graphs)
- WireGuard for remote access, obviously
- Many other random stuff and my own projects
- https://gitea.io (repos)
- https://discourse.org (forums)
- https://github.com/nektos/act (CI)
- https://www.goatcounter.com (analytics)
- https://bestpractical.com/request-tracker (support)
- https://couchdb.apache.org (a slave db to backup https://rxdb.info [client db])
- deps: nginx, redis, postgres, mqtt
# Life
- https://matrix.org (comms)
- https://www.teamspeak.com (p2p voip for gaming)
- https://nextcloud.com (files, dav, etc.)
- https://jellyfin.org (+ the sync & swarm shit, radarr, etc.)
- https://mopidy.com (audio)
- https://photoprism.app (photos)
- https://actualbudget.com (finance)
- http://tileserver.org (map tiles)
- https://github.com/FreeTAKTeam/FreeTakServer (hiking nav)
...and more (reply to initiate detail sequence)
jwilder/nginx-proxy to act as a reverse proxy that dynamically routes traffic to containers without manually editing the config, using subdomains, with SSL wildcard cert
DokuWiki that I don't use much anymore
Nginx to serve static files used by other servers
My web resume
Piwigo for pictures
IoT: Custom Python Flask server that is used to control Philips Hue lights from ESP8266 wifi modules (cheaper than buying 20€ Philips switches)
Vaultwarden (Bitwarden) my password manager, shared with family
OpenVPN server
Wekan (self-hosted open source Trello-like)
Gitlab and Gitlab CI (created when Github didn't have free private repos, might delete at some point because it uses some CPU even when idle, but I have over 50 personal repos, also share with close family)
Nextcloud, but I don't use it for important/sensitive stuff yet, I'd have to set up a robust backup procedures
Other experiments, like openvscode-server, web interface with password to trigger wake-on-lan for my PC, etc.
Syncthing is another I could not live without. All devices upload to my server and my server gets backed up to S3/backblaze type service.
Plex for movies. But I may look at Jellyfin soon.
I use Calibre-web, but it's really not my favorite. Okular is so much better. And Calibre is a chore to use and overkill for my needs. Books organized into folders is about as far as I care to organize. Thumbnails are nice though.
On the NAS, it's mostly storage services:
- MinIO (S3 compatible)
- Postgres
- InfluxDB
- Syncthing
- Plex (NAS has hardware encoding)
- Print/scan server
- Cloud Sync to Backblaze
- Traefik and cert manager to expose the services with HTTPS, both on the NAS and the cluster
- Accounting service to invoice clients
- Mayan EDMS to store and process the documents of my LLC. It was a pain to setup but it offers OCR and an API to search document content.
- Home Assistant and mosquitto that I just started using. I'm playing with ESPHome to integrate some CO2 sensors.
- A LaMetric time that I use to push my own notifications
- A RPI connected to speakers that I use as a pulseaudio server when I want to put music (`pactl load-module module-tunnel-sink server=tcp:x.x.x.x`)
- A RPI with a 64x64 led matrix from Adafruit that I want to use like an on-air sign.The big things are:
* Music Player Daemon - It has access to my whole music and podcast collection, whereas I only "check out" a subset of this onto my phone at any given time.
* Podcast downloader - I used to have this. I wrote it myself. I got tired of the problems that kept coming up so I turned it off. But, I got recommended a replacement. I'll try it out at some point.
* Gitolite - I highly recommend this one for anyone with this use case. It's a git repository host, for when you don't want all of your business on Github. You can create however many repositories, you give it however many ssh public keys, and you configure which has access to which. The main interface is a special admin repository where you add the pubkeys and configure the repos. For my "home base"/"peripheral" model this changed everything for me, especially since I use QubesOS on my laptop where I'm working in multiple VMs with different ssh keys.
I eventually want Sandstorm.io and OpenHab, but I'd probably want a separate machine since I think that stuff wouldn't be in the Debian/Ubuntu repos.
Now I can do some experiments I wanted to do, but not use VMs on my laptop. Feels more real when I can see a little stack of servers I can pull the power on. All are running tailscale so I can get to them from anywhere and run some simple tests. Example: I wanted to play with a quorum of FoundationDB nodes and see how things can fail. Also I'll run k3s and do some experimenting with that. Can I use minicube on my laptop? Sure, but this is more fun.
- PiHole + Cloudflared - ad blocking for the entire network
- Home Assistant - getting data from temperature sensors
- Sonarr - downloading TV shows to Plex
- Radarr - downloading movies to Plex
- Jackett - better torrent trackers support for Sonarr and Radarr
- Transmission - downloading torrents from Sonarr and Radarr
- Plex server - media server for streaming TV shows and movies, mostly to the TV
- Tailscale - access to everything from outside my home
- NFS / Samba - mostly for backups
- Heimdall - nice dashboard for everything above
- Maestral - open source Dropbox client
I do wish it were a little less coupled. I'd rather be using better known moderm pieces like cfssl instead of dogtags for CA, OpenLDAP instead of 389ds for ldap. But FreeIPA has one of the hardest worst most terrifying jobs on the planet & it's amazing it can interoperate so deeply, and there's like, next to no hope ever we improve beyond this particular thing, unless we can somehow just ditch AD & SMB. Maybe some day Windows & filesharing will have alternative viable directory systems, but hard to imagine.
I also ran into this project on setting up Kubernetes atop FreeIPA though, and wow is it ever terrifying. https://github.com/zultron/freeipa-cloud-prov
Some more basic answer for you, Jellyfin for media-sharing. A small GoToSocial server for ActivityPub/Mastadon. Prosody for XMPP. WireGuard for vpn. Frigate for security cams. Rygel for upnp/dlna MediaRenderers (there s other good options too). Mpd/mopidy for music jukebox. Nextcloud for groupware-ish.
If you want a lot of ideas, there'a a pretty active k8s-at-home microcosm, and there's a website that indexes the projects they get up to. Even if you dont want to run kubernetes, the projects they have cover the whole gamut of services people might find useful or fun to run at home.
A while back I had a bunch of home sensors reporting to Prometheus. Temperature/humidity gauges, ambient light sensors. My favorite was making my laptops battery & charge status show up. The 2-in-1 had two batteries & was extra cool to watch drain one, then another, then see levels charge back up.
* A VM for Home Assistant (Smarthome automation hub)
* A VM for Docker, currently only running Portainer and MyMedia for Alexa (local music streaming to Alexa)
Everything else as LXC container:
* Caddy (Reverse Proxy)
* UnifiController (WiFi AP controller)
* Samba (Network Filesharing)
* Paperless NGX (Document Management System)
* Jellyfin (Audio and Video Streaming, OSS Emby/Plex)
* Homepage (Dashboard)
* InfluxDb (Time-series Database; for SmartHome long-time data and homeserver metrics)
* Grafana (Graphs for InfluxDb)
Then a few more where I tried stuff out, Owncloud Infinite Scale (Go rewrite of OC), meshcentral (IT monitoring and remote control, might use it to support my elderly parents), Navidrome (music server, not really better than Jellyfin outside performance)
Then there’s also a Raspberry Pi 4 running Proxmox Backup Server for deduplicated backups of all those VMs and containers ;)
If you want a recommendation: Paperless NGX. Having all your important documents tagged and scanned is amazing.
- Pi-hole on 2 Raspberry Pi 4s
- Chrony stratum 1 NTP from GPS on a Pi, my OPNsense router redirects all NTP traffic to it.
- Emby (like Plex)
- Sonarr/Radarr/Prowlarr/Transmission with VPN/SABnbzd for collecting lots of little boxes that fall off trucks.
- Calibre-web
- LibreNMS
- Omada/UniFi controllers
- Home Assistant
- Tailscale
Almost all Dockerized now but it didn’t used to be. One Ubuntu 22.04 server I built with most of it, and another TrueNAS box I also built for file sharing and secondary Bind server.
I have a feeling I’ll be running a lot more after reading the rest of the comments!
- jellyfin :: Media server for streaming music, tv, movies to my phones, ipads, and rokus
- nextcloud :: Storage, carddav, caldav
- frigate :: Object detection on my custom home cameras
- homeassistant :: Notifications/Automation (used with frigate)
- freshRSS :: RSS feed reader
- vaultwarden :: Bitwarden server
- bookstack :: Wiki
- yacy :: This is a distributed search engine, but I use it in non-distributed (robinson mode), and use it instead of bookmarks. Any interested page, instead of bookmarking, I add it to my yacy index
- smashing :: Dashboard. I have written some custom addons. This is shown in my front tv to track the real time location of buses at the stops near me.
- photoprism :: Photo manager
- snapdrop :: Airdrop replacement
- imapfilter :: Advanced mail filtering, like taking news letters and converting to RSS feeds
- dolibarr :: ERP for my side business
I run wireguard and pihole on a separate raspberry pi.
Hardware:
- ESXi vSphere server
- Old ESXi vSphere server (being decommissioned) - pfSense firewall
- Big NFS/CIFS storage server (60TB)
- Windows workstation/gaming desktop (lives in a rack-mount case connected to a KVM; cables run upstairs to my 'office')
- Linux workstation (also on KVM)
VMs include:
- Linux dev server for miscellaneous projects
- Pi-hole DNS
- Personal Gitlab
- Personal wiki
- Plex
- k8s dev environment for a defunct project that I haven't deleted in case it becomes un-defunct for some reason.
- Suricata/Zeek IDS
- Windows domain controller, for reasons
It was very liberating to put all my data on one filesystem (ZFS zpool) instead of having it littered over many decades of hard and floppy disks. It felt like a great tidy up, even if it was really more like bundling all my junk into a storage unit. Not having to worry about losing it took a weight off my mind.
For this I use an encrypted ZFS mirror running on Ubuntu. The board is a power saving ASRock J4105M with soldered low power CPU.
For each HDD I use an dedicated SATA controller for controller redundancy.
The computer itself is secured with a real steel lock against (too easy) theft!
The database backups from the internet server are coming in incrementally with ZFS snapshots. I love this!
One is a vpn router and a wifi AP, it also has Uptime Kuma. I need this to be reliable and rarely touch it except to improve its reliability. - Openvpn - HostAPD - Uptime Kuma (in docker) - A microservice invoked from Uptime Kuma that monitors connectivity to my ISPs router (in docker) - nginx, not in docker, reverse proxies to Uptime Kuma
The second acts as a NAS and has a RAID array, consisting of disks plugged into a powered USB hub. It runs OpenMediaVault and as many network sharing services as I can set up. I also want maximum reliability/availability from this pi, so rarely touch it. All the storage for all my services is hosted here, or backed up to here in the case of databases that need to be faster.
The third rpi runs all the rest of my services. All the web apps are dockerized. Those that need a DB also have their DB hosted. Those that need file storage are using kerberized NFS from my NAS. This rpi is also another wifi AP. This rpi keeps running out of RAM and crashing and I plan to scale it when rpis become cheaper or I can repair some old laptops.: - Postgres - HostAPD - nginx - Nextcloud - Keycloak - Heimdall - Jellyfin - N8N - Firefly-iii - Grist - A persistent reverse SSH tunnel to a small VM in the cloud to make some services public - A microservice needed for one of my hobbies - A monitoring service for my backups
All of these pis are provisioned via Ansible.
Hardware: Synology NAS (DS420+)
Software:
- Synology DSM – Was actually quite impressed by Synology's software. It is a tad quirky but can usually be worked around but all in all pretty good. (https://www.synology.com/en-us/dsm)
- Plex: not in love, but it gets the job done, definitely gonna use this thread to look in to replacements (https://www.plex.tv/)
- Syncthing: i love my magic folders that just sync stuff, amazing software (https://syncthing.net/)
- Docker: most things are hosted out of Docker (https://www.docker.com/)
- cloudflared: effortless external access for all my stuff + all other Cloudflare goodies (WAF/Zero-Trust). Good piece of mind to not have to ever open ports on my local network and let CF just take the brunt of the Internet. Also used as a local PlaintextDNS=>DoH proxy that is hooked up to NextDNS (https://www.cloudflare.com/products/tunnel/) [disclaimer: I work for the big orange cloud company, so sorry if the previous sounds like an ad, I do really like the software we make].
- FreshRSS: quite silly to do a cloud version of this when it is quite easy to host on your own. It works good, but I feel a strong itch to write my own version. (https://www.freshrss.org/)
- Metrics: prometheus node exporter. I do have grafana hosted in the cloud, but I've been meaning to move that to my local server.
Here's what I'm either running now or in the process of standing up. It's very WIP, and nothing special, but maybe someone has some feedback/ideas. I'm aiming to have all the things I use contained in my rack, relying on cloud stuff as little as possible, mainly as a fun exercise/project.
https://i.imgur.com/PDO71bx.png
Devices:
* 6 x Raspberry Pis (1 x v1, 2 x v2, 1 x v3, 2 x v4)
* 1 x HP Microserver (ProLiant Gen8 Intel Celeron G1610T, 2x3TB in RAID, 1TB regular)
* 1 x Old gaming PC (i7 3770K, 24GB mem)
* 1 x Current PC (i5 12600K, 64GB mem; this is in the rack so that I can have a small, cleared desk, but is not hosting anything)
* Dev stuff:
* Forge - WIP: Forgejo
* CI/CD - WIP/TBC: Woodpecker CI vs Concourse CI vs Laminar CI
* Container registries - 1 x my images, 1 x Docker Hub mirror
* Deployments - WIP: Would love a FOSS Octopus Deploy clone. Working on my own primitive Ansible clone for fun, which might be good enough.
* Home stuff:
* Reverse proxy - nginx
* Backups - TBC: Not sure yet. Lots of good options around. Probably should be doing this first..
* Adblock - Pihole
* Content aggregation - Basic Bash YT downloader (using yt-dlp), Deluge
* NAS - Samba
* VPN - WIP: Wireguard
* Network control - WIP: some basic custom stuff to wake/sleep the microserver + gaming PC when not in use for power/heat reasons, initiate backups etc
* Telegram bots - TG is my chat client of choice and I have a small .NET 'gateway' API I use to send messages from various bots (each representing different parts of my 'home lab') to my personal account
* Monitoring/dashboards - TBC: haven't explored software for this yet
* Log aggregation - TBC: haven't explored software for this yet
* Network boot - TBC: Yesterday I started thinking of trying to PXE boot the RPis cause they're in one of those stacking towers inside my half-height rack, so getting to them is a PITA.Minio : object store
sdftosvg : Molecular renderer
Observability stack : (Grafana, Prometheus, exporters)
Postgres: molecular metadata (9 billion molecules)
Molecular relaxation workers
Quantum Monte Carlo simulators
Dask workers
Websocket message pump
Insilico virtual lab server + 3 clients
Vscode server
Deep Learning model server (inference)
Deep learning model training server
Most of these are applications I have written myself, and powering my hobby project https://atomictessellator.com
Specs: 4 machines 2TB RAM total 4 GPUs (Tesla A100s) 384 CPU cores total
These are in my lounge, yes, it is noisy, yes, it is hot in here, yes, I love it
The server has a GTX 1050Ti so that it can transcode the movies, was a bit of a challenge to be able to successfully use the GPU in the Jellyfin container, but works flawlessly now.
I plan to setup a Nextcloud or maybe Syncthing to backup my own files and photos, but I'm not sure how I want to handle backups, maybe just an external SSD. Cloud backup would be cool.
A local Bitwarden server would be nice as well, but maybe I'll just switch to good old Keepass.
Has a Ryzen 3, 16GB RAM, 3TB storage (2x 3TB in a mirrored RAID).
What stresses me out a bit is that I don't really monitor the state of my RAID, so theoretically it could currently be broken without me knowing. I'm not doing anything against this because I currently only store movies and shows which are also copied to an external SSD for travel, so I don't really care if it goes tits up.
But if I want to start hosting my files and passwords, I gotta make that more stable.
- Jellyfin: Streams my movies and shows
- Paperless-NG: Where I keep OCR'd scans of my paper docs
- Airsonic: So I can stream my music using the Subsonic protocol
- Photoprism: Where I store my photos, auto-labelled with AI and geotagged
- The Synology Surveillance Suite: NVR for my home security cameras.
- Wireguard: So I can access all this on the go
It feels pretty cool to stream music and videos from my personal cloud using Wireguard while I'm e.g. travelling or in the car.
homeassistant (Home Automation)
jellyfin (Media Server)
joplin (Notes Syncing)
transmission (Bittorrent Client)
And then on a raspberry pi, there's more home automation stuff:
openhab (my old home automation system, which still interfaces old components like my heating and the photovoltaic system)
influxdb (storage for openhab)
grafana (visualisation and alerting)
node red (automation stuff like doorbell push notifications)
mosquitto (mqtt server)
lots of custom scripts that do stuff and publish the results via http
- project management software (todo lists, etc)
- web server (personal photos, wikis, etc)
- a script that sends me email and text reminders (birthdays, appointments, etc)
- a script that listens to my network, and notices when devices connect;
I use this to play "intro music" on our sound system when friends'
phones connect to the WiFi.
- a script to monitor some email accounts. One fun one is an "exquisite corpse" [1]
manager, to make surrealistic email chains.
- central hub for my development repos, so I can push/pull to share with other devices.
- a script to download certain podcasts regularly
I've moved my "home lab" to a dedicated server in a country with green energy.
At home, I'm currently using NanoPi R5s as "router" (NAT, no routing).
On my smart TVs, I installed Kodi. I have an off-the-shelf NAS that serves the files via NFS. It can do Plex, if that's your cup of tea. (But I prefer Kodi, because most of things I do are audiophile grade and I don't want the kind of transcoding that Plex does.)
The NAS is basically a super-powerful server in a tiny footprint. I just use it for files, because I just don't care to take the time to learn how to do anything else. One critical feature is that it's point-and-click RAID. I've hot-swapped drives after a failure with no downtime; all point-and-click over the web interface.
But, one thing I want to do is self-host my own website, and self-host a mastodon node. Maybe if I was independently wealthy I'd take the time to figure it out, like when I ran a dial-up BBS when I was younger.
- Tor relay (non-exit)
- Pi-hole for DNS and ad blocking - Homepage dashboard
- Audibookshelf - Jackett
- Sonarr
- Radarr
- Jellyfin
- qBittrorrent
- Backup Pi-hole
- Uptime Kuma
Monitoring everything with Zabbix which runs on a VPS.
- authoritative DNS for my zones (nsd)
- recursive DNS for my home network (unbound)
- MTA (exim), IMAP (dovecot) and spam filter (spamassassin)
- IPsec VPN for my phone and laptop (strongswan)
- HTTP serving mostly a static filedump (apache2)
- a persistent IRC session (irssi)
- Debian repo cache (apt-cacher-ng)
- full AAA setup for IPsec & wifi login (openldap, mit-krb5, freeradius)
- mailing lists (mailman) - this one is soon to go away
- netboot for my desktop (dhcpd, atftpd+thttpd)
- netroot/NFS for my desktop (nfsd, rpc.*)
- a fricken samba server because that's the only thing my HP printer wants to upload scans to (nmbd, smbd)
- oh and 12 TB of bulk storage (ZFS, 4×4TB HGST raidz1)
- coming soon™, paperless-ngx
Might still have forgotten something…
Hardware is a X9DR7-LN4F with 2× E5-2630v2, 128GB RAM. 160~200W, getting replaced soon (electricity is fricken expensive…) The thing is also rather noisy sitting in a glorified broom closet.
There's a Dell PV-124T tape library with an LTO-6 drive attached for backups.
I might get a small server (maybe the HPE Microserver) instead of something like a Synology, set Proxmox up on it, and then if I ever have the time I’d quite like to get a Samba 4 Active Directory controller going so I can control my few Windows machines better (and so it stops trying me to link a Microsoft account and all that).
- Home Assistant
- Docker
- cloudflared
- traefik
- authelia
- unifi controller
- jellyfin
- arr stack
- influx
- grafana
- OSX (runs only when needed)
- Win11 (runs only when needed)
RaspBerry Pi (print server)
printers:
- HP Laserjet
- Dymo Labelprinter
- 3D Printer
software:
- Cupsd
- Klipper
- klipperscreen
- Moonraker
- Mainsail
Occasionally used for things like yahoo answers archiving, fishnet (distributed lichess game analysis), random big computations or downloads, and other things I want to run overnight but don't need a big desktop PC for.
Services it more permanently hosts:
- email for me and friends
- websites of friends
- game server (Factorio, OpenArena, custom games I made, etc.)
- SSH -D functioning as a VPN when paypal or some such is being a bitch again
- [web] blog
- [web] grocery list (custom. It syncs between devices, stores recipes, frequently bought items, etc.)
- [web] link shortener / pastebin / file sharing in one
- [web] a data explorer for some game (with associated scraper running every few hours)
- [web] a series tracker to note which episode file we're at because apple tv is garbage (for many reasons) and doesn't remember this
- [web] browser-based latency test thingy, both as plain HTTPS and websocket (they're remarkably similar with HTTPS connection reuse, the main difference being that websocket breaks when your connection is down for 0.1s or your IP changes, so I use websocket more as canary and the HTTPS version for actual latency testing)
- [web] proxies for certain sites, like to speed up the openstreetmap wiki by caching or to remove the 5MB unnecessary javascript from a news website
- data scraper that emails me when the local river does something that interests me (like get close to flooding or drying up or a sudden large change)
- other data scrapers
- Telegram bot
- IRC bouncer
- Gitea
- Restic backup server
I'm really amazed what I can do with some hardware that would otherwise be thrown away or disappear into an old drawer never to be used again. I could probably host twice as many things and it would still work (CPU and network are basically idle the whole time, only RAM would be getting tight then... I could upgrade to 16 GB DDR3 which is cheap nowadays).
RPi was running PiHole, Wireguard, a dyndns updater, and the control interface for my old AP via docker(compose) on Ubuntu Server.
HX90 is running ProxMox, with VMs for WireGuard and PiHole, and a large Ubuntu VM to run dockerised (docker-compose) applications. I know ProxMox can do it directly, I just feel more comfortable in control of directories.
Thinking about running a web-office server (OnlyOffice, NextCloud or OwnCloud) and connecting that with my NAS... possibly using a Cloudflare Tunnel/argo or ngrok.
- Jellyfin: As a media server for movies and tv shows.
- Navidrome: My own music streaming service so I can listen to my FLAC collection anywhere (you can use any subsonic compatible app or its own web UI)
- Radarr: Automated movie torrent download
- Sonarr: Automated TV shows torrent download
- Nextcloud: For document and file sharing. It does allow calendar, contacts, etc.. but so far I am doing that just via my own regular Fastmail account
- Photoprism: I upload all my photos to it, via WebDAV.
- FreshRSS: RSS reader
- PiHole: No ads anywhere in my network
- OpenVPN: So I can access all the above from outside my network
Unless you want to learn how to setup a server ie "home lab", but then its more cheaper and more efficient to rent a cheap vm on linode.
The era where you had an old computer from your office in a closet to host your website, music, email, and such is long gone.
Proxmox and Kubernetes, Rook on top of that for storage. GitLab for manifest storage, ArgoCD for deployment, terraform for node management in proxmox. It's not fully redundant (two separate nodes) but storage is replicated (ZFS send/receive on proxmox, Ceph replication for Rook).
Primary stuff are things like AP management, file shares, prometheus, grafana, various interfaces with 'dumb' devices, just to collect data from them without having them connected to the internet, VPN for remote access, separate VPN for internet tunnelling when on foreign networks, media service for movies and series, downloaders, Cloudflare tunnels to expose services to the big bad internet without opening ports, TFTP services for network booting, pull through caches for OCI resources and some other package indices. Also an OpenFlow controller but that was more for fun than because I needed it, no longer used for actual switches.
Main benefit from all the IaC is easy creation/destruction of entire environments when testing out things without having to pay money to a public cloud.
Also have BSD based firewall(s) to do NAT, DNS, DHCP etc. but those aren't on a shared home server but rather on separate hardware.
Similar setup in leased hardware in a DC just to keep the knowledge for legacy setups in on-prem style cases fresh, and public cloud version as well (but that costs money so it's scaled down significantly)/
- A dedicated (hardware) server in an European datacenter running Proxmox. - opnsense (firewall VM that I connect to using wireguard for administration, and home networks connect to for voip, etc) - mailcow - nextcloud - collabora office - asterisk (for VoIP, since I'm living abroad but still need my old local phone# sometimes) - own Mastodon instance - a Windows VM for those times when you really need to test something against Windows
- Back at home; an old gaming PC converted into a NAS, on a speedy 300/300Mbps GPON - borgmatic backups for everything, incl. family - jellyfin - samba for most of my video/music/legacy stuff - home assistant - transmission
- At parents' place - an ancient HP Microserver with 10-year-old hard drives: - borgmatic - samba - transmission - a cellular to VoIP gateway connected to my european Asterisk via VPN
- Another "home" network location interconnected with these two -- mainly for convenience of monitoring home automation and CCTV with Zabbix;
- A separate cloud VPS running just Zabbix for monitoring all this and some other stuff I do as a freelancer.
On my phone, VoIP VM and some other chosen devices I also run Tailscale -- with phone it's mainly because some European ISPs like to block VoIP :). There's a massive inconvenience about it in that Android only allows one VPN tunnel per profile, and I need two...
- A few Discord bots I've written
- Jellyfin
- Nextcloud
- Home Assistant + NodeRed
- Libreddit and Invidious alternative Reddit/Youtube frontends
- Calibre-web
- A Terraria server that no one has used in a few months
- A smattering of other utilities such as Samba, MQTT, ddclient for DDNS
I also have separate Raspberry Pis running Pi-Hole and Octoprint, and a Raspberry Pi Pico running software I wrote to control my Xmas lights.
[1] Sucks up RAM which meant a switch to Medusa but the Medusa web interface chokes badly on Safari and it proved to be much less reliable at fetching episodes hence returning to Sonarr
[2] Only running when people are wanting to play otherwise it also sucks RAM.
[3] Used to be a Zyxel but that got retired.
- router (pfSense) with wireguard VPN
- piHole for ad blocking
- Kubernetes cluster for running my own projects
- Cloudflare tunnel (on k8s) for exposing services to the internet
- Jenkins for CI and misc automation
- Samba shares for family members
- NFS share for K8s volumes
- Asterisk for telephony
It's great to have everything virtualized. Enables you to try new things easily. Also saves you electricity and space, and does nor sound like having jet engine(s) in your home
Hardware: Intel NUC, running Proxmox Synology DS920, 16 TB - used for storage and file services only. I avoid the Synology installed apps to keep this decoupled. A pile of custom Wemos devices - sprinkler controller, digital radio to listen to my weatherstation, landscape lighting control, sensors, etc. Zwave devices - light switches, mail delivery sensor, garage door status Security Cameras - been happy with the Amcrest ones Tablet - fixed display of Home Assistant status, using fully kiosk UPS
I gave up on Pi's after suffering too many SD card corruptions, nice for playing around, but not good for stable deployments in my experience. Didn't want to bother with the usb stick approach as by then I was on a NUC and it's been great.
Apps & Services: Home Assistant Mosquitto Plex Pi-hole Unifi Wiki.js sftp VPN Server Syncthing: primary use case is for syncing Obsidian vaults Veracrypt: encrypted store of info, keys, credentials, financials, etc.
Hosted services: $50/yr VPS in Netherlands - 1 TB storage, absurd amount of transfer Uptime monitoring - healthchecks.io
I follow the reddit selfhosted sub to learn about developments in this area.
- A Jenkins instance, for various purposes (cf. https://news.ycombinator.com/item?id=25391401)
- A webservice to download music, videos and store it locally for future use.
- Another webservice to store all my photos and access them.
- A TOR hidden service to access all the above when I am overseas.
It's worth noting that they are all Raspberry Pis to which 3.5" hard drives are hooked.
My router forwards port 22 to it as well, so I can SSH to it remotely and then tunnel VNC connections to my desktop through it. It's exceptionally rare for me to do this, but it HAS come in handy before.
- 2 x Xeon X5650s running Ubuntu as hypervisors and one acting as dnat router for our Starlink connection. Hypervisors include Asterisk, Invidious, staging mysql/dreamfactory, CIFS server. One trying to run yolov7 on docker with cuda on an external GPU. [edit] Forgot the Pihole kvm instance for all local DNS.
- 1 x GPD mini pc (4 core 8G Celeron n4100) with Homeassistant supervisor mode on Debian for Temp/humidity/pressure monitoring, AC compressor control, 110V AC Aqara Switches, remote Aqara buttons (outside lights, garbage disposal)
- 1 x Raspberry PI 4 iredmail running three SMTP/IMAP domains over Wireguard DNAT forwarding from Vultr public IP
- 1 x Raspberry PI 4 with 3x7TB USB drives for DNLA & CIFS
- 1 x Raspberry PI 4 with Octoprint on 3d printer
- 200AH lead acid battery bank with 12V/100A charger and 3kW inverter
I just started playing with Umbrel on an old desktop machine I had laying around. Looks promising. I mainly want to run Bitcoin and Lightning nodes with it.
Pihole on a gen 1 raspberry pi
Syncthing on my desktop, laptop, and phone for sharing files between them all
Zerotier on all the above (I gather that wireguard essentially does the same thing, but I’ve been using zerotier since before wireguard was a thing, it’s really simple to set up)
Openssh server
Minidlna on my desktop for serving up music, photos, and video. Roku Media Player can play the media on my TV, and bubbleupnp plays it on my phone
Borg backup on an old Ubiquiti NVR, just because that box is small, quiet, and has a lot of storage.
Apache web server on my desktop that I’ve been running for roughly 20 years, but I don’t use it for much anymore. You can get to my music, ebooks, and other random not sensitive files if you know the secret URL. Oh, it also serves my arch Linux package mirror that all my other machines use, so I guess I do use it a lot!
EDIT: just remembered I have samba running on my desktop, mainly so my HP officejet can scan files and save them there.
Synology NAS - dockers:
- monitoring: grafana, prometheus, alertmanager, bunch of exporters
- consul + consul registrator (as service discovery for docker)
- gitea (personal git repo, with some mirroring github repos)
- media stuff (jackett, radarr, sonarr, plex)
- ci (jenkins)
- datastores (postgres, mongo, redis)
- rutorrent
- saltstack (config management for all home systems)
- syncthing (currently testing to see if it's usefule to me)
- hashicorp vault (secrets for things)
- pihole
vms running on vmware:
- active directory (auth across all devices are managed with this)
- kubernetes (microk8s)
- pfsense (running a couple of vpn and private vlans for iot devices)
- license server for some applications
- istio for managing routing and creating a service mesh with the cloud
- argocd (deployment management for kubernets resources)
- kafka (strmizi operator)
- internal dns
- dns public ip's for things that are exposed publicallyThe pi also hosts a Kerberos KDC and OpenLDAP, which I prefer for authentication and account management, not that I ever change my password, but just in case. I also use that for email, which is hosted on a cheap, but reliable VPS, connected to the home LAN via Wireguard.
Eventually I plan on adding Kerberized NFSv4 for a shared home directory across servers, and I might play around with a local ipfs cluster. Sadly, OpenAFS doesn't seem to build on FreeBSD these days, or I would be all about that.
At present, I have a Mastodon instance with its own database server on a free Oracle instance, but I will probably migrate the database to my in-house server, just to tidy things up.
I virtualize with promox (very happy with it): - my personal matrix instance (@Themoonisacheese:poggers.website) - my static homepage (https://poggers.website) - a minecraft server that rotates between modded and not whenever the crew feels like playing minecraft again - a discord bot that plays music, since the big ones get taken down - recently added a Magnetico host. Magnetico is a bittorent DHT explorer that finds publically available torrents and indexes them. This enables me to stop relying on public torrenting sites.
My router (ISP provided, name of the isp is "Free") also does: - router and firewall jobs - SMB server, sharing the contents of a 1Tb external disk - BitTorrent client, downloading to said disk, and that i can control from my phone or my browser. Both are registered as magnet link handlers so it's as seamless as a native client but works from anywhere using my phone. - Various file servers that i currently have off, but could turn on as needed. - DNS-level adblock (not pihole, just a built-in thing)
Over the years i have added and taken down services, such as a ShareX image host because i didn't use it, and various game servers that we no longer play. Notice also the lack of monitoring at all. I'm a sysadmin by day, so i'm familiar with monitoring tools, but i havent felt the need. Some day i might deploy nagios+thruk for the fun of it. Notice also the lack of DNS. I have found at this size i am able to recall IPs for everything that matters. Logins are also set in my VM templates and are standardized, so i don't use a central login solution.
The Pis host ddclient, Pi-hole + Gravity Sync, cloudflared and PiVPN (Wireguard). I'm also working on setting up Logstash + Filebeat but one of them needs to be formatted for it to work. As you might guess, its purpose is redundant DNS.
The NAS is running a bunch of different things. Portainer, Wireguard, Invidious, a DNS-over-HTTPs endpoint, ddclient, Kibana, and various instances of nginx hosting some of my sites.
I host ddclient and Wireguard in all my machines for redundancy - the bare minimum I need to maintain this setup remotely is being able to connect to my VPN, so keeping my dynamic DNS record up-to-date and having at least one VPN endpoint available is vital.
This year, I want to add more hosts (probably more Pis, and a few nVidia Jetson Nanos I have lying around) and some sort of service mesh to switch to Docker Swarm. Eventually, I might replace the NAS with a custom-built server - I want to do a backup of my Steam library, and I've found the NAS a bit lacking when it comes to virtual machines.
* ZFS for secure and reliable document and photo storage. Exposed via Samba. Backed up via ZFS snapshots to a drive I keep in a safe and another drive I keep in the office.
* PostgreSQL for development of personal projects.
* minidlna to serve some videos to the living room Xbox.
* Local development. I connect to it via SSH to work on my Rust projects, all through tmux and Emacs. But...
* bhyve for VMs. VSCode doesn't like FreeBSD as a target, so when I want to use VSCode on the client machines, I connect to a very large Debian VM. I'm planning to run other VMs as well.
I do not serve anything publicly though, other than SSH. My personal projects are hosted on Azure.
The previous machine I used as a server (a 10+-year-old PC) is currently running pfSense and acting as my router + local DNS + DHCP server. I want to replace this with a small box instead but haven't had the chance yet.
Email: Most of my email going back to the mid 90's. Available locally via IMAP or remotely via webmail.
Photos: new photos I take, plus scanned versions of old photos, organized by photographer and year. Shared via HTTP and DLNA
Audio: My entire music collection, in FLAC or MP3 format. Also a bunch of free music downloaded from Internet Archive and Musopen. Shared via HTTP and DLNA.
Video: All my home videos, including digitized Super8 films from my childhood. My entire collection of DVDs and VHS tapes (including shows taped off TV). Also, public domain movies downloaded from Internet Archive. Shared via HTTP and DLNA
Text: Scans of important documents, bills, bank statements, PDFs of the instruction manuals to most appliances and gadgets in the house. Scans of letters I received in college. eBooks. Interesting articles from the web or from periodicals. Public domain texts (Project Gutenberg, government publications, sheet music, textbooks). Shared via HTTP.
Software: ISOs of various old operating systems and applications. Netboot images for whatever OS I'm using on the desktop at the moment. Archives of old software. Drivers, ROMs, firmware, fonts. Shared via HTTP or TFTP where needed for OS installation over PXE.
While I've organized things in a pretty logical file hierarchy, I also use Yacy as a private search engine. It periodically crawls and indexes the file structure and categorizing results into collections, such as 'books' 'manuals' 'music' etc. to make searching easier.
Restic (backup)
Samba + Jellyfin (movies + music)
Nextcloud
my Telegram photo bot (https://github.com/nmasse-itix/Telegram-Photo-Album-Bot)
Aeneria (energy monitoring)
Home Assistant
Unifi Controller
Gitea
Tekton (my CI pipelines)
Keycloak
Minio
Miniflux (RSS Reader)
Mosquitto (MQTT broker)Also: PiHole for ad and tracker blocking.
All my homelab services run on a single 2U huawei rack server with dual E5-2680 v3, 128GB RAM, Intel P3600 for OS, and 120 TB HDD for storage, with 10Gbps networking, the other servers are used for testing and messing with.
The OS is Debian 10, and I deployed a single node k3s to deploy my services as the management is easier and I may scale them to more nodes in the future.
Major services:
- Ceph (rook-ceph) for managing the 120TB storage, and the CephFS are shared through Samba as the family NAS. It stores family videos and photos (through Nextcloud PV), Blueray movies, old games from the '90s to pre-Steam era, emulator ROMS including MAME, Wii, GBA, PS, XBox, etc. 2-replicas for not-so-important data like games and movies, 3-replicas for personal and family data, 5-replicas for very important data. And I'm so happy with Ceph, it's so stable and easy to extend compared to other solutions like RAID, Longhorn and GlusterFS.
- Nextcloud, I have 3 Nextcloud deployments in the same k8s cluster, one for my personal projects like design documents that can be shared with others, one for the family to view and upload family videos and photos, and one for my personal private data that should not supposed to share with anyone.
- Home Assistant to monitor and control my home.
- Gitlab, stores all my personal project code.
- qbittorrent, for downloading and seeding torrents.
- Gitpod, as my main remote development environment, I can develop wherever I like!
The k3s uses CertManager to issue and renew Let's Encrypt certificates for my services, so I can access my homelab with HTTPS securely from outside.
Being in California, I have tried to push as much as I can out of my home and into datacenters to save on power. That said storage is one of the most expensive things to do "in the cloud," so everything I have is backed up to my house where I can shove a ton of drives into a NAS and spin them down when idle.
Open source software: Home Assistant, Home Intent, pihole, miniflix, pinry, and bookstack.
Small self developed software: Chore tracker, Package tracker, Chromecast radio streamer, and a simplistic Trello board
I'm just happy that all that works as well as it does on a single pi with a few users.
I have an FTP server running (open only to the local network) which allows me to have my scanner and camera upload directly to my server for ingestion into them. Similarly on my Android phone I have foldersync set up to send my photos to my server via sftp.
For Linux isos I use radarr + sonarr with Jackett for torrent aggregation, all public sites. Mullvad with wireguard gives great throughput over the VPN. I also use Requesterr which allows people to add new items to the download que via discord bot, which is great because trying to get my wife to use Sonarr was a lost cause.
I run a variety of game servers for friends off the machine, and local applications for myself. Ubiquities network manager for wifi endpoints, redis/sql databases, and backup manager.
I really want to get some home automation setup, so Home Assistant is probably next on my list.
A database of all the files on my NAS to query them quickly in SQL (and uses ffprobe to get video info - codecs, audio and sub tracks, etc) + md5.
A copy of the imdb database (it is still downloadable), so I can index my films, get suggestions for high rating movies I don't own, or by director, or get notifications when new episodes of my favorite tv shows are released
Incremental daily snapshot of my important files (with hardlinks when the file hasn't changed).
Failover mail server to receive emails when your vps is down or you need to migrate it
I took the habit of scanning every important document and physical mail I receive, they then get OCR-ed and sorted automatically.
Keep an eye on all sorts of things you can scrape from the internet. Prices for real estate transactions around you, stock prices, prices for certain computer hardware, be notified when a product comes back in stock, etc.
Podcast downloader
Box 1: Truly ancient HP Proliant N54L - Bastion/DMZ machine, router forwards all incoming traffic to it - NAS - JBOD that I cobbled together over the years, storage is only ~12TB, and mostly used for media. - NGINX - proxies traffic to the rest of my network
Box 2: Some SFF Lenovo desktop - NVR, running zonemonitor - Dedicated storage for my home security cameras
Box 3: Some HP Prokesk Mini SFF - Homeassistant - Various docker containers running homeassistant ajacent stuff
Box 4: Another HP Prodesk SFF, but with 10th gen i3: Media server - Everything in docker - Emby - Radarr - Sonarr - Transmission - etc. - Latest addition to the family, I deployed this a week ago. I have to say I'm mighty surprised by the performance of the i3 for media transcoding. It can do at least one 4k->720p transcode without even breaking a sweat.
I use Radarr and Sonarr to automatically download movies and tv shows. I use mdblist.com to autogenerate movie lists based on criteria like imdbrating, number of votes etc. And use these lists directly in Radarr, one plus point is that these lists are autoupdated with new movies and Radarr automatically downloads them. I've configured Radarr/Sonarr to download items automatically with usenet and debrid(no direct torrents).
I have setup Plex, WebDAV(for Kodi), ftp and a generic http server with basic authentication on the media folder. I have 1Gbps unmetered connection and have added a bunch of my friends to plex. I can easily stream 4k remux blu-ray rips to my smart tv from the Plex server.
- Write-only file upload under an obscure domain. A bit dangerous, but a life saver when someone wants to send you a 200MB file. "Just go to frequentrain.com and upload there". With desktop notifications on my side, text upload for quick note taking from any computer, etc.
- Custom RSS feed reader, and downloader for YouTube channels or websites that I like but fear may go offline.
- Cronjob for checking internet connectivity (to router, to DNS server, to nearby servers, to far away servers). Very useful for both troubleshooting and forcing the ISP to admit there's a problem.
- Fire-and-forget jobs. Long video transcoding, downloading large files from flaky servers, running long tests, etc.
- A Mac Mini, a Pi 4 with SSD and 8GB RAM and a Pi 3B+ forming a "multi-room" Kubernetes cluster with the idea that sensors and automation for each room (that had one) could be run locally in that room, including wired sensors, all connected by Kafka running on one of the Pis; that way I could just plug in another sensor and the local pod would know what to do with it. I never found a reliable way to allow pods to use serial devices and such, so while it's been fun, shifting priorities mean I had to scale it down to just the Pi 4 running HASS, Zigbee2MQTT, Mosquitto, NodeRed, uStreamer and a simple homebrew TTS API based on espeak. It's all docker-compose now, since docker works a lot more reliable with devices. It's a real shame, kustomize/flux/k8s is so much nicer for robustness and easy configuring (a second, different instance of my stack is running elsewhere, so I need that) and monitoring, debugging, ... is way more convenient, but I need those sensors to work and I can't spend as much time fiddling with it as I previously did, so it's docker-compose and Ansible for now.
- A Pi 3 running OctoPrint; since made redundant as my 3D printer (Prusa Mini) got the ability print over LAN with the last update. The webcam I use to monitor it is now running via uStreamer on the Pi 4. It's going to become the brains for the Freenove Big Hexapod Robot kit I've been gifted last Christmas.
- A Pi Zero W running a large-ish e-ink display with weather data and things like that. Still around, terribly useful, I'd love to have a second (but possibly one that doesn't take seconds to refresh...)
- A Synology running a Prometheus/Grafana stack, a MySQL, a docker registry for the Kubernetes cluster, Gitea with all the manifests and flux config so I could rebuild the Kubernetes cluster without internet access. Also still around, but I'll get rid of some of the stuff running on there. Reducing its attack surface and such.
And I'm using Tailscale like everyone else these days.
- Fritz!Box 7530 AX (purchased router, connected to fiber endpoint hardware from ISP)
- OpenVPN
- Dynamic DNS update of domain name
- Synology DS220+ (bought new with 2x4TB, running striped/RAID0, uses ~30W under load)
- Download center with various RSS feeds
- Plex
- Primary media collection
- Adguard in a Docker container
- Google Cloud/... drive sync
- Backup target for all non scheduled backups.
- Synology DS1817+ (second hand, together with extension bay hold ~35TB worth of drives)
- On a power cycle schedule + Wake-On-LAN (it uses 200W idle and power is expensive here)
- Backup target of my entire DS220+ and all other devices where I can schedule backups.
- Media archive
- Raspberry Pi 4B (no SD card, boots via SSD over USB3)
- Home Assistant OS
- Used to run Adguard, but moved to NAS for stability (I play too much with the HA install)
- Various hardware attached to read out smart meter, control lights. Hardwired as much as possible, Zigbee for wireless IOT stuff.
- (Linux) Workstation
- PiKVM attached to my workstation.
- Not required because SSH, but useful since I use PiKVMs at work, so I have a test one at home.
- Chromecast on TV
- Hetzner AX41-NVME
- Various websites for hobby projects (nginx+...)
- Pterodactyl (Game server panel)
- Backups to included 100GB Storage box and DS1817 via Borg
- Backblaze
- Important stuff gets an immutable backup here. Costs are currently <1$/month.
- Replace 1G network with 2.5G
- I can have symmetric gigabit fiber here, so I'd like to (ab)use it.
- Requires a new router, I'm thinking of getting one of those NUCs with 6x2.5G.
- May require a few new cables to be pulled, but the runs are so short I think the existing wiring will manage.
- Setup cross backups between my and my parent's NASs to have a free off-site backup.The most useful thing I use it for is exposing the test environment on my laptop to a local DNS so I can test on mobile and other computers. It also serves as a location to point backups to. Additionally, I point a sub domain off my website to a small service I expose for file sharing with friends. It's not accepting requests all the time though. Just when I have something to put up there.
Would like to put movies and music on it eventually to stream to the rest of my network.
I "smart home"-d my apartment a little and prioritized aesthetics/tactile feel over technical simplicity. So I have some Lutron light switches (proprietary protocol), a couple of Zigbee ceiling fans and an Ecobee thermostat. I'm not crazy about Home Assistant itself but it lets me bring all those things together and export it all to HomeKit, which the means by which everyone actually uses the stuff.
- Plex
Most of our media consumption these days is via streaming services. I use Plex as a DVR for over-the-air TV and it's mostly competent at it. I'd much rather be using Channels but it's a $60/year subscription (vs a $120 lifetime pass for Plex) and we just don't watch enough OTA TV to justify it.
Here’s what all I’m running:
- NixOS based router. NAT, DNS, DHCP.
- NixOS NAS + app server. ZFS for storage, and I run radarr, sonarr, NZBGet, nginx hosting various websites and reverse proxy to most of the services listed here, homebridge, zigbee2mqtt, Octoprint, grafana, and more.
Let’s encrypt/ACME certs for each virtual host, and it Just Works thanks to the NixOS nginx modules that make it super easy.
I highly recommend NixOS if you want to have a single service running a ton of different apps. It will keep you sane.
Hardware
An HP Miniserver Gen7 with just 4GB of RAM
120GB SSD for OS
4 Disks (3,4,4 and 6 TB) No RAID
4 External Disks to match the above for backup
Software
NFS for File Sharing
sftp server for restic backups (also backing up to B2)
KVM with 1 VM with prometheus and Grafana
VM In Cloud
postfix, rspamd, dovecot, mailman for email
apache/mysql with various website
Wireguard
Some more VMs for developing a website project
Moved Prometheus, grafana- p.v. and home automation, suffering with Home Assistant and it's design, but since I found nothing better (and few even worse)... So far it serve as a mere web dashboard with few controls and automation, that is limited to regulate hot water heating, for sanitary and home heating usages and limited car charging, in more practical terms just switch-toggling via Shelly Pro 2/Raspi Zero GPIO etc;
- my mail system, local mirror of a hosted one (classic IMAPs/SMTPs on my domain) with mere storage in maildirs, indexed with notmuch, synced to few Emacs/EXWM desktops via muchsync over ssh, I plan for a web frontend (MailPie or Modoboa or Roundcube undecided so far) but done nothing more than few experiments so far;
- a limited prototype of home surveillance and communication, few cams and a netatmo dorbell. I plan to have a real SIP/RTP entryphone but all I found on sale are simply absurdly priced (700+€) and more cam and sensors but so far I can just take a look from remote without cloud crap in between;
- raw file sharing (webdav), NexClound and so on are simply monster in my sysadmin vision to be useful for my needs... I drop files individually in a cache like tree and share links as needed;
- tmate terminal servers to support sporadically some family/friends who are behind NAT when a full remote desktop is too much/not available;
- a small PBX wrapping a "commercial/physical" one simply because find a PCIe asterisk card is equally expensive and also hard, while my ISP do not offer VoIP settings forcing me to pickup it's router FXO...
- a TT-RSS istance for my feeds, I use them normally on deskop but decide to move the instance to the serve for casual on-the-go usage;
- a mere ssh + fwknop shell to access other stuff if needed from remote;
- home backup.
In hw terms a single personally assembled 4U small Celeron based machine with 8Gb ram and 4 sata ssd storage. I have a spare mobo+cpu and I plan to buy a new machine leaving the other as a real ready spare. No real redundancies so far but also no real downtime risks...
It hosts:
* My personal site (http://samhuk.com). I use this mostly for just myself as a way to remember tasty recipes and such. It also has a tonne of functionality behind a login that I use.
* Samba server for a little NAS setup. I have to daily drive Win, Linux, and MacOS, so Samba was my go-to.
* CI/CD for some of my projects.
* A minecraft server that me and my friends sometimes play around on when we have a few drinks.
It has an old 8th gen intel i3 that I got for peanuts, 8TB WD datacenter HDD, etc., way more than enough for what I use it for. Could have done with a rpi honestly, but...rpi 4...
One RPI4 running 24/7, hosting my files with encrypted ZFS on two external drives. I access the files through SFTP, Syncthing and Samba. It also runs various nightly backups to/from the cloud. Oh, and it runs Pi-Hole.
It runs OK, but is a little slow when transferring files because of the encryption. The max throughput is 20MB/s which is not awesome, but not terrible at the same time. I have spare machines around that I should use instead, but it works well enough that I can't be bothered to do it. I'm also a little worried about data corruption, because apparently that happens with ZFS without ECC ram, so...
Email has size limitations. Many services don't like to share .exe files. Some will apply compression (unlisted youtube videos). I like this because it's a simple app that allows you to share files with others, and give them a link to share files to you.
- DNSMasq for handling local hostnames, and caching external queries for reducing round trips and latency.
- SyncThing for aggregating a couple of computers, act as an always on file syncing endpoint. It also handles transferring/syncing files between home and work.
- qBittorrent client for downloading Linux ISOs and keeping them alive. I use a lot of VMs and replicate work environment at home for testing stuff, so having the ISOs and keeping them seedable is nice.
Since it's not that powerful, SFTP file transfers tax the processor a lot, so it also has a local, unencrypted FTP server for transferring files in and out.
Nginx+Lua (Openresty) on to display the status of my smart plugs that let me turn on and off several devices. One is for the Odroid itself, to really turn it off remotely.
A docker container to let a friend connect over ssh and rsync and perform a disaster recovery incremental backup to a disk connected to the Odroid.
Samba to access movies, music and pictures with VLC from my Android devices.
A second Odroid has a disk that I use to make my backups and send the incremental disaster recovery copy to my friend. By the way, encryption is managed by rsyncing a reverse mounted gocryptfs file system. That is, I keep the plain text and the key, I send the encrypted view.
- AdGuard home - my DNS server as well as DNS wide ad blocker
- Nginx Proxy Manager - a reverse proxy for all my services
- n8n - for some automated / scheduled tasks (mainly to trigger a daily rebuild of my static blog)
- Portainer - to manage all the dockers
I also run a dedicated Omada controller on OC200 hardware.
I'm waiting for a dedicated hardware device that will act as DNS server + Wireguard server. Once it arrives, and I'll find some free time to convert my existing HTPC to a TrueNas server, I plan to add the following services:
- paperless-ngx - For document management
- Photoprism / Immich - for photos management
- Plex/Jellyfin - Media streaming
- *arr - media downloading
- Gitea - local git server
- Calibre Web - Book management
A goofy reddit bot
NAS (using SnapRAID). Mostly backing up YT videos that I like, home media, every SD card from a phone that I wanted to save but will probably never look at again, etc)
My personal website, which includes a basic hugo blog and some services I care about like Grafana (which tracks my HOA payments and the moisture levels of my plant. Sends alert when payment is due or my plant is too dry)
Home assistant (which I'm not really using, but would like to be more proactive about at some point)
I run tailscale as not a container, but have had essentially no issues with anything. Spinning up new game servers is no problem. MicroOS updates daily and the immutability and container abstraction meet my needs perfectly.
- Wireguard
- Openspeedtest https://openspeedtest.com/ as a container to test random wifi speed issues
- CUPS
Experiments: - qbt for seedings ISOs
- A Unifi Controller for the single AP I own
- A Portainer instance hosting
- An HTML5 speed test utility for internal testing
- A Murmur instance
- A uTorrent-nox frontend
And though it isn't exactly a server, my router is a Protectli Vault FW2B running pfSense.
1. An old raspberry pi, which serves only one purpose: ssh access server: a way for me to access my home network from the outside world.
2. Asus PN-40 mini pc with a custom 3D-printed stand with a fan for active cooling: I am a moderator of one of the biggest subreddits(in terms of submissions and comments has been in the top 5 for quite some time now) and I run a couple of bots for automated moderation and general automation(checking for duplicates, keeping an eye on new users and an nlp model that hunts for trolls and some other fancy stuff).
In that server I have the media server section setup with jellyfin, sonarr, radar, prowlarr, qbittorrent and the sysadmin section setup with portainer, glances, dozzle, and filebrowser and using dashy for the homepage.
Also I host some apps that I developed myself there
It has 1050Ti, so I was using it for some gaming earlier, but moving that to the Steam Deck now (got the dock for it).
I have some more details at https://captnemo.in/setup/homeserver/, and the source code at https://git.captnemo.in/nemo/nebula/
* adguard (i used to love pi-hole but adguard home is better) - ad free LAN
* transmission that runs over vpn - for seeding linux iso
* homeassistant - automate my switches, monitoring
* zigbee2mqtt - zigbee to mqtt bridge
* eclipse mosquitto- mqtt broker for my zigbee devices
* node-red - integrated with home assistant to write some of my automations
* duplicati - backup all the data from all these service and upload to remote storage
* grafana - visualize my network/devices/services stats
* prometheus and several exporters
* nexus repository - to proxy external libraries
* wyze-bridge - so i can view my Wyze cameras in home assistant via rtsp
* tailscale
- my portfolio website https://blmayer.dev with my mail server on the m. subdomain, a web interface on mail.
- one git host on https://derelict.garden with a git. subdomain.
I plan to add more services and a database to it. All hosted on a pi zero w. In the past I got 77 days of uptime. I think the mail part is the nicest: I can have as many emails as I want, so I create one for each website I signup.
Also the server itself is my ancient T530, which is still quite snappy on Arch!
Here's the remote code, for anyone interested: https://github.com/ijustlovemath/arduino-remote
- QNAP TS-253A-4G NAS. What has been a real game changer on this has been container station, which allows you to run any dockerised app. It is however a little underspecced for any real heavy lifting. It's basically the workhorse for file storage, media hosting and downloading.
- MeLE PCG35 Fanless Mini PC. This is a fairly new addition. Is a home web server (nginx) and runs my gitlab instance. Saves me about $20 a month in hosting costs by self hosting instead (nothing important). It also runs Pi Hole. The OS is Debian
Longer term ambition is to get the PDP11's booting off it as well.
- Pi-Hole : https://github.com/manibatra/kube-pihole (might be a little rough around the edges, I have to push a few updates)
- Homebridge
- A custom Golang app to poll metrics from my Solar setup and export them as Prometheus metrics
- Prometheus
- Grafana Mimir for long term metrics storage to S3
- Tailscale on all the nodes and all my machines so that I can access my homelab and Pi-Hole when I am on the move.
Bunch more things to add but it's a start!
- cgit (git webinterface pointing to git-bare repos that are accessible via ssh)
- some static webpages via nginx+zola
In the past:
- some prototype webapps hosting
- dnsmasq + tftpboot
- nagios
Right now, it's just Plex & Next Cloud available within my network but Home Assistant is next on the agenda to tie into my devices. I also have Dropbox to keep a couple of the folders in sync so I can drop files on any computer and it will come back to there. I'm looking into some Ubiquity cameras & security too.
All of it is fronted by ngrok - with Google OAuth for auth - to make it available to the select people in the outside world.
- several DIY projects fetching data from the web in Docker containers (like scraping the servers of my car manufacturer for the trip/gas milage data)
- good amount of fast storage with 100gbit to main machine (don't use lots of local storage), using ksmbd for windows or NFS for Linux to access
- vm's for stuff which you don't want to run on your main machine (like needing windows xp)
- domotics with zigbee/zwave2mqtt in the back
- probably lots of things I forgot about until they brake.
- remote backup location for the rest of the family to have off-site storage
I also run a bunch of Raspberry Pis around the house connected to stereos to stream audio using AirPlay (with https://github.com/mikebrady/shairport-sync).
Actually not in a home server, since it is in the cloud, but still...
* syncthing, as a backup host;
* photoprism, had to migrate from google photos;
* docker registry for pet projects;
* qbittorrent, which is mainly unused nowdays;
* pihole;
* homeassistant;
* mosquitto;
* vscode code-server.
* Firewall/IDS (Debian on a bootleg 4-port mini-pc)
* NextCloud
* Public websites (hugo, jekyll, wordpress, mastodon, etc)
* Zoneminder
Basically, anything that holds long-lifetime data that I don't want to trust somebody else with I run at home. I've thought about moving my Masto & sites to a VPS or PaaS but it's just easier (imo) to just rsync shit onto a box. Plus, the NUC is already paid for :)
Currently Running all as VMs/LXC via proxmox Adguard Home Assistnat Plex, sonarr/ radarr/ bazarr / deluge. TrueNas using HBA passthrough for my drivers Bitwarden Prometheus and Grafana for monitoring Traefic reverse proxy Ubiquity Controller
I have OpenVPN and Docker, rest runs as containers.
Mail (Postfix, Dovecot, Spamassassin)
Web: Nginx (serving sites and doing reverse-proxy for other containers)
Various containers running nodejs sites (served through nginx reverse proxy)
MySQL, Mongo, Apache/PHP,
Apparantly a minecraft server too.
- nginx (personal web pages)
- weechat (irc bouncer)
- syncthing instance (so there's always one online for my laptop or phone to access)
- gonic (simple navidrome/subsonic alternative without the web UI)
- backups (my own rsync+snapshot scripts since I found borg etc. too involved)
- some uptime checkers (simple cron jobs + msmtp for sending email), and various one-off scrapers and scripts- Arch Linux
- just systemd/networkd for DHCP server/client, wireguard setup etc.
- router: own setup, just nftables, wireguard
- unbound DNS server (with blocklist for spam/ad domains) with encrypted DNS on uplink
- chronyd as timeserver
- mosquitto mqtt server
- custom jobs to post system stats to influx
- few VMs for testing things
- syncthing for keeping keepass database and documents
- git server (gitolite, gitc web)
- backup to encrypted S3 storage (duplicacy, encfs)
Hetzner VM
- influxdb (host stats, plus temp/humudity sensors around the house)
- grafana
- Nextcloud for file syncing and sharing, syncing photos/contacts/calendar from my phone, and Joplin notes
- Pi-hole for ad-blocking
- Jellyfin for media
- Miniflux for RSS reader
- Tandoor Recipes for recipes and grocery list
- Archivebox for saving local copies of sites I want to keep in case they disappear someday
- Navidrome for music (this is still something I'm testing)
- Send (fork of the deceased Firefox Send)
- Grafana/InfluxDB plus some custom scripts for monitoring
Lenovo Ideapad Y50-70 (i7-4720HQ, 16 GB RAM, 500GB SSD, 4 TB Ext hdd via USB) mostly running docker services:
- Navidrome: serving flac files, replacing the need for spotify
- vaultwarden
- ghost blog
because my ISP gave me NAT'd IP, I've to setup a VPS and use it for reverse-proxy, also docker-based:
- nginxproxymanager
and Tailscale to connect them all.
> What are you doing with your home server?
So much stuff. But the reason I have a servers at home is not because it's practical, it's because I love computers and making them go fast. The one's in my basement are often used for performance experiments.
Hopefully in the near future HomeAssistant on a Raspberry Pi
Also Proxmox, Prosidy (XMPP), AdGuard Home, Jellyfin, Paperless and Photoprism.
Also see this list for more ideas: https://github.com/awesome-selfhosted/awesome-selfhosted
A git repo which acts as a document backup/upstream for my company records and allows me to keep history/records across multiple other devices.
Git repos for various personal projects like my e-ink/rp2040 thing.
Time Machine backup from my MacBook (samba + some config).
DLNA media server
VPN server (strongswan) and associated certificate authority.
Errrr… that’s about it for now. Pretty boring!
* Local arch Linux mirrors
* Iptables/routes/rules/vlan tagging as a router
* Vpn client
* Ldap for authn
* DNS
* Kerberos for authz
* Postfix/dovecot for email
* Nfs for home directories
* Git repos via vanilla ssh/bash scripts
* Other temporary odds and ends.Caddy web server, Git, Cgit, Miniflux, Radicale (calendar and contacts), Syncthing, Maddy mail server, Postgres, Restic backups
It also has a 16 square led matrix on top, visible through my window, in case I want to blast messages out there that way.
I change bits and pieces regularly, and have an overdue reminder to re-test restore from backup.
- local file (media) sharing - VPN client - torrent client - slow file download
I plan to make it an automated build server.
In the past, it was also an access point.
a half width 1U supermicro, sitting on a filing cabinet in the office's closet, with 128 gig of ram. I put the free esxi 7 hypervisor on it. This has let me consolidate almost every weekend experiment down to a single host.
On it, I have an RKE2 cluster on ubuntu 22.04 VMs. Mostly this is so I can learn some kubernetes because the environment at work is so locked down, it actually helped me to just have my own.
I host a few other VMs, mostly just as scratch pads for shell/ruby and an MPD server for streaming a private web radio off my NAS music share to a raspberry pi that is always streaming random music into my office. I have a single volume knob amp that lets me just turn it up, or turn it down, and that's all I can do to pick what I am listening to. It's cured my decision fatigue for music, and I really recommend it.
It's way better than 20 years ago, when it was a museum of clutter.
It currently runs PiHole and Jellyfin (a media server).
Next on the list is to get a docker container to run qbittorrent + vpn, so I don't have to transfer the files across to my server from my main PC.
I'd also like to open up my file server with friends and family but not sure on the approach just yet...
Has a jail running InfluxDB, Grafana, and Mosquito to monitor the TrueNAS metrics and my IoT sensors.
Has a Ubuntu VM for the TP-Link Omada management software. (It's not terrible but I wouldn't necessarily recommend it)
I used to have more ambitions but installing and maintaining software has become a chore.
ngnix-rtmp : personal streaming server
navidrome and mpd: for music streaming Gmediarender :upnp /dlna renderer
Usually testing something -- automating building the latest trend, or getting an understanding for why a particular upgrade went poorly.
My longstanding VMs are... a general purpose 'game server', a couple DNS resolvers (spread among two nodes), and a password manager
various VMs and containers:
pfSense pihole Plex Homeassistant Subsonic (music server) virtual desktops for various purposes (keeps things isolated) syncthing (to move backups offsite) guacamole ephemeral VMs for testing/learning ~25Tb of storage in various RAID configurations for media and backups
OPNSense
Pihole
Wireguard (server)
Wireguard (client)
Jellyfin
LMS
Unifi Controller
Syncthing
MiniDLNA
CouchDB (for noteself back-end)
Mailu
Zoneminder
Nginx in front of anything https
Debian virtual desktop
I have a VPS where I "self" host more stuff, like Nextcloud, Mealie, Paperless, etc.
I had all the plans and started tinkering - a few old Laptops as servers, Pi-Hole, and a 2012 MacMini to serve media to the family members, etc. Unfortunately, this is a very addictive hobby and may rival or even more than photography. I have stopped playing with any additional (wrong focus for now) experiments. A few of my friends have seen and knew about my hobby, so I have been on the receiving end (free) of older laptops and quite a bunch of Raspberry Pis[4]. Btw, many companies seem to be gifting Raspberry Pis to their team members to encourage to tinker or something in that line!
So far, only some basic operations work. Internet Load Balancer + Bonding, Backup of photos (since 2001), replication of a local copy of Dropbox, a simple media storage, syncthing replicating copies my development environment and files.
Yes, one-day, that one-day will come when I can just keep playing with these. I even had the led strip (now removed and back to my defaults) light up when I was in the zone. :-)
1. https://www.dropbox.com/s/2onquaoc4ob7mpm/F360559208.jpeg?dl...
2. https://www.dropbox.com/s/w0gf6mq8s4dze7g/IMG_1825.jpeg?dl=0
3. https://www.dropbox.com/s/21hsrj7k5e5t687/IMG_0003.jpeg?dl=0
4. https://www.dropbox.com/s/uhnknwutlgvre9s/IMG_1112.jpeg?dl=0
All: https://www.dropbox.com/sh/kumyb9accyae1g9/AACAOt9a8VEnUHLpC...
I have a "prosumer" grade £120 ASUS gigabit router, which has a perfectly adequate settings UI, firewall, port forwarding, and supports NAS via a USB HDD, or 4G failover if I ever happen to need it. No need to overpay for fancy business/enterprise grade networking equipment - plug it in, and it works.
Photos/videos are stored in Google Photos for £1.99/mo - I'd happily pay more if I exceed the 200gb limit I currently have iirc, but most of this is junk I won't ever access again that got backed up from my phone, eg screenshots that I took to send in Messenger/WhatsApp and forgot to delete afterwards.
Pretty much anything else that I do with a computer only has to be done when the computer is turned on. Having a separate server running drawing 100-200w at all times (even when we're in the office or sleeping, which is >2/3rds of the day) considering current energy prices, seems like a massive waste of money. 100w 24/7 for a year costs £300 at the current energy price cap (which most tariffs are currently at or around). I can't remember the last time me and my partner needed simultaneous access to the same files via the network, or I needed instantaneous access to a file on my MacBook or Android phone that is on my Windows/Fedora desktop, so another reason I don't see any need a NAS or server.
Wrt movies (Plex/DLNA/Kodi) there's very few films I like enough to want to watch again, that aren't included in Netflix, Amazon, or Disney's library. Hence there are very few that I own physical disc copies of, and I can just play the disc on the PS5, or my PC's bluray writer, or the upstairs TV, so no need to back these up onto a HDD or stream around the house. Any content that is already on my PC just requires me to switch it on (via either Wake on LAN, walking 10m upstairs and pressing a button, or bluetooth switchbot) temporarily to stream to my TV via a DLNA server. No need to leave anything running permanently.
Really the only way I can see home servers making sense, is if running the server itself is your hobby. The added convenience is almost zero, and for me wouldn't be worth it considering the £300/yr electricity cost and £300-£1000 initial outlay I can imagine for decent hardware and a few TB of drives if you don't have an old PC lying around. Plus all the time spent configuring, monitoring, and maintaining - most on this site do enough of that at work already, and I have enough hobbies as it is ;D
- Nextcloud (for normal collection of files etc)
- Home Assistant
- Zwave JS (for Home Assistant)
- Couple of Minecraft servers
- Pihole for DNS based tracking and ad blocking
- Not continuously running but in use: Unison backups for backing up my photo archive disks hooked to my laptop. Feels the best way to sync changes of big disks.
Also serves to store backup snapshots/images for my family's devices, as well as a family SMB share to move files between devices.
Also, I think it will be easier to teach my daughters (in a few years) how the web works by showing them the physical thing in operation.
- Jellyfin: Netflix alternative for local files
- Nextcloud: Mainly used as Dropbox alternative
- Borgbackup: Deduplicating backups to my other Mivroserver at my parents home
TP Link AC1200 router
- Running OpenWRT with a dedicated, isolated WiFi for "smart" devices
Raspberry Pi - Pi hole
- Wireguard
- A Python script I created myself for providing a dynamic DNS ala DynDNS.
- Bind9 for the split horizon DNS.
To be added at some point later this year: Self hosted bitwarden (vaultwarden or the official one, I have yet to decide)
Edit: formatting
I used to host a Valheim server as well. I was experimenting with Miniflux rss reader yesterday so I'll probably add that in the near future. I have a Synology NAS that strictly handles files and backups.
Everything else is on a separate server running Fedora. I used to run applications inside k3s, but got tired of the constant 10% CPU usage from the control plane trying to keep track of its state. Also didn't like that the containers I used weren't being rebuilt for security updates in packages (eg. openssl). Now, I just use plain old RPMs inside VMs.
The stuff I run:
* [Host] ssh: For CLI access and git hosting (just `git init --bare`; no fancy UIs like Gitea or Gitlab).
* [Host] samba: For all file access.
* [Host] zrepl: For zfs snapshot replication.
* [Host] syncthing: For syncing KeePass databases. Also for syncing pictures from my phone.
* [VM] jellyfin: For easy access to rips of my physical media collection. VFIO is very unstable with the 13th gen iGPU on my hardware, so I custom ffmpeg wrapper that SSH's back into the host for remote transcoding in a bwrap sandbox.
* [VM] pdns-auth + dnsdist: The powerdns authoritative server handles the internal DNS. I have DNSSEC set up and SSHFP records for everything, so I don't need to worry about ~/.ssh/known_hosts. All of my computers that rely on this run systemd-resolved and do the DNSSEC validation locally. I run a daemon [2] on every host, which handles pushing new A/AAAA records via TSIG signed updates to the DNS server.
dnsdist acts as a proxy which only allows access to the specific TXT record needed for ACME DNS challenges originating from Let's Encrypt's IP addresses. I may switch to a custom CA in the future when the name contraints x509 extension is better supported (so that a custom CA wouldn't be able to issue trusted certificates for domains that aren't mine).
* [VM] miniflux: For RSS.
* [VM] unifi-controller: For managing Ubiquiti wireless APs.
- vaultwarden as password manager
- tt-rss
- rainloop
for webcal & caldav :
- baikal
- caldavzap & carddavzap (https://inf-it.com/open-source/clients/)- First one
in the basement, no monitor, connected using WiFi running docker-compose: websites, WireGuard, Socks proxy and etc
- Second one
In my room, with monitor, connected using LAN + multiple external hard drives plex, qbittorrent
Vaultwarden, DNS, node-red, mqtt, zigbee2mqtt, nginx reverse proxy, unifi controller, truenas passing a SAS controller, plex passing an nvidia quadro + more.
All hosted with proxmox. A great homelab distro for VMs and persistent containers.
- pihole
- ubiquity connect
- home assistant
- kodi
- openvpn (via router soon to be replaced by wireguard)
My plan for this year is to setup a Proxmox server and grow the number of self hosted services considerably.
* Wikipedia mirror (down for maintenance)
* Blog served over https and gemini
* Various other bits and bobs I've built
I'd like to do SFTP backups eventually.
EDIT: oh and pi-hole on a separate Odroid-C2
- Github Actions agent for Linux
- Tons of Elasticsearch (6x)
- NVR software
- Haproxy (2x)
- Scvmm
- Unifi controller
- Sonarr, Radarr, Jackett, Transmission, Ombi
- Nextcloud
- Nginx for work stuff (2x)
- Plex
- Various Windows dev boxes
- Mikrotik CHR
- Github Actions agent for Windows
- Librenms
- Docker registry
- Openhab
- Zeek and Suricata
- Syslog-ng
- Windows domain controller (2x)
I'm about to run out of RAM :(
- changedetection This monitors webpages for changes and sends you notifications on multiple streams when they change. This is the service I have found the most awkward and least useful! (https://github.com/dgtlmoon/changedetection.io)
* ghost for blogging (https://ghost.org/)
- gotify for notifications to my phone (https://gotify.net/)
- grafana for streaming logs and metrics from these services (https://grafana.com/)
- heimdall for a vanity dashboard (https://heimdall.site/)
- homeassistant for all home automation needs (https://www.home-assistant.io/)
- matrix synapse for communication (https://matrix.org/)
* mealie for recipes and meal planning (https://mealie.io/)
- photoprism for photo storage (https://photoprism.app/)
- plausible for privacy respecting analytics (https://plausible.io/)
* portainer to do light admin on these containers (https://www.portainer.io/)
* send to replace wetransfer (https://gitlab.com/timvisee/send)
- splunk for logs/visualizations (https://www.splunk.com/)
* traefik to handle all the routing to the containers. When it doesn't work, it's very awkward to fix, but it almost always works just as you expect it to (https://traefik.io/)
* vaultwarden as a password manager (https://github.com/dani-garcia/vaultwarden)
* vikunja an incredible todo list service. I cannot recommend this highly enough! (https://vikunja.io/)
* wallabag a straightforward article saver/reader (https://www.wallabag.it/)
I have also hosted Mastodon in the past, and while it was easy to host, it would eat storage space too quickly for my small setup. It also doesn't lend itself well to being a single-user instance in my experience as it makes finding organic content difficult.
- VDR - For receiving and recording TV shows
- samba - filesharing
- mosquitto - mqtt broker
- wireguard - vpn
- cups - printserver
- influxdb - time series database
- grafana - showing stuff from influxdb
- apache - webserver. Also for some self-built python stuff
additional RPI:
- rtl433 - receiving cheap wireless temperature sensors
another additional RPI:
- homeassistant
- ESPhome
kodi
cronjobs for encrypted restic backups to google cloud cold storage
photo and video archive
all on an old celeron nuc with akasa fanless case
tried pi-hole, but ended up signing up to Google Family account.
LOCALLY (in my homelab)
- Startpage, with Heimdall: https://heimdall.site/
- Backups, with BackupPPC: https://backuppc.github.io/backuppc/
- Twitch stream and YouTube video backups, with PeerTube: https://joinpeertube.org/
- File sharing for larger files, with Nextcloud: https://nextcloud.com/
- Chat solution, with Mattermost: https://mattermost.com/
- Project management, with OpenProject: https://www.openproject.org/
- CI runners, with Drone CI: https://www.drone.io/
- Minecraft servers, with docker-minecraft-server: https://github.com/itzg/docker-minecraft-server
- Static code analysis, with SonarQube: https://docs.sonarqube.org/latest/
- Uptime monitoring, with Uptime Kuma: https://github.com/louislam/uptime-kuma
PUBLICLY (in rented VPSes)
- Code repositories, with Gitea: https://gitea.io/en-us/
- CI, with Drone CI: https://www.drone.io/
- Package/container management, with Nexus: https://www.sonatype.com/products/nexus-repository
- File sharing, with Nextcloud: https://nextcloud.com/
- Link shortener, with Yourls: https://yourls.org/
- Mail server, with docker-mailserver: https://github.com/docker-mailserver/docker-mailserver
- Analytics, with Matomo: https://matomo.org/
- Container management, with Portainer: https://www.portainer.io/
- Server monitoring, with Zabbix: https://www.zabbix.com/
- Blog, with Grav: https://getgrav.org/
My homepage and some other projects as well. I manage most of these as Docker containers (with Swarm, though K3s is great too), so thankfully handling data backups and resource limits is pretty easy. Currently, I use Apache as the reverse proxy in front of all of these (lots of modules for a variety of features, as well as Let's Encrypt integration with mod_md). So far it seems to work decently, isn't too expensive, helps me avoid e-waste (homelab nodes run 200 GE CPUs with 35 W TDP), although updates are always a pain.
The blog has more information about some of these pieces of software, in case anyone is interested: https://blog.kronis.dev/
For example, previously I ran GitLab, but Gitea + Drone + Nexus proved to be a better solution for my needs and workloads.
Here's my setup.
I have a mini-pc with 32gigs of ram running as my combo "compute" and "storage" server.
It has an attached 5 bay enclosure with 8TB of storage on it.
On it I run
- Caddy to host static sites (my blgo) and to terminate HTTPS for other services - audiobookshelf (mostly unused)
- calibre-web (organizes ebooks)
- diun (notifications about docker image updates)
- gitea (personal git repos, mostly useless honestly but I do put some things in here before they go to GitHub)
- home-assistant (heavily used)
- mealie (heavily used)
- mpd (music player daemon, moderately used throughout my house)
- a VPN container for things that I want to only run inside a VPN and never when the VPN is down
- plex (heavily used to organize and play media elsewhere in the house)
- postgres
- scrutiny (for consolidated reporting of disk issues across my machines)
- shiori (read-it-later style bookmark manager)
- snapcast (coordinates multi-room audio throughout my house on a bunch of raspberry pis attached to speakers, heavily used)
- syncthing (heavily used)
- vaultwarden (heavily used)
- woodpecker (self-hosted CI, moderately used)
- zwave-js-ui (manages the zwave based smart home devices I have...about 20 or so)
My router/firewall is a separate devices running OPNsense and I use Wireguard to remote in - also works wonderfully.
I run all the services with docker-compose. The server itself is a bit of a snowflake but all the critical parts of the services are in their respective docker directories so backup is a snap (aside from postgres which has a separate backup process).
Currently I'm working on documenting a recovery procedure for Vaultwarden from our Backblaze backups so that in the event something happens to me my wife will be able to recover the Vaultwarden instance and our passwords. That's a fun exercise in documentation and simplifying the process.
Snapcast has really been a dream for multi-room audio setup. It presents a Spotify Connect device to anyone on my wifi. It has a separate stream which comes from whatever is being played on MPD and it is easily configured to play audio from whichever of those two streams is actively playing music...so I don't have to manually switch between them.
Caddy has been great for organizing everything and ensuring each service has HTTPS. I understand Traefik is somewhat more purpose built for doing this with a bunch of containers but I haven't had a need to switch.
I do use https://github.com/lucaslorentz/caddy-docker-proxy for letting the containers themselves describe their respective domains and mapping.
I do have a VPS and use it for the occasional site that needs to be more reliable than my home internet (which itself is quite reliable but I'm not counting 9s there). More and more I find I'm comfortable putting random static sites on my machine at home, though.
Parting thought: Exposing all of these details is a bit of a security concern, for sure. But ultimately I think it's (a) Not a huge security concern -- I need to assume any attacker knows what I'm running anyway, and (b) part of the fun is talking about it so I lose some value if I don't.
Current active services, all docker containers:
- Unbound DNS server - resolves names from the root servers and resolves my local domain and external home domain to local IPs for compat reasons - will be moved to RPi or Rock Pi due to routing issues with Docker containers
- Syncthing - backup pictures from my phone to the server
- Gitea - hosts a mix of private and public repos, automatically mirrors some Github repos (came in handy when Automatic's SD webui got removed)
- Plex - serves the TBs of media I store on the server, used by me and very occasionally by my parents
- SWAG (nginx with letsencrypt integration) - serves as the reverse proxy for all services, small detail: I use a wildcard subdomain and certificate to prevent service names from being visible via certificate transparency
- Home Assistant (as VM) - home automation etc., ZigBee gateway is a rooted Silvercrest (Lidl) gateway, see [1] (not my page, very useful), also serves as the MQTT server for anything automation related
- Rhasspy voice assistant - main node runs as Docker container on the home server, 2 satellites based on RPis (one in bedroom, one on my desk for tinkering), some more details on the setup at [2]
- PhotoPrism - new service, hosts some pictures, not sure whether I will keep it, automatic content recognition is nice, worked decently with my cat pics
- mStream - lightweight web interface to stream audio, also have the app on my phone
- MPD - media daemon, can be used via home assistant as media source and from my RPi connected to my HiFi (HA can start/stop/volume control, RPi has a web interface for music selection, can also play internet radio via HA)
- OpenVPN (legacy) and Wireguard VPN endpoints
Disabled services:
- Gitlab - playground so I can test things without screwing up the production environment at my company
- 7DaysToDie - game server for some friends
- AMP - multiple game servers, usually hosts Minecraft server(s) for some friends
- Empyrion - game server for some friends
- OpenStreamingPlatform - think Twitch, but self hosted, I messed up some config and have not recovered it
- SFTP server - unused offsite backup
As you can see, I am very much in the self hosting camp. The server is my home lab for testing things and gets new services as I "need" more functionality.
[1] https://paulbanks.org/projects/lidl-zigbee/ha/ [2] https://news.ycombinator.com/item?id=33708421
- FreeIPA (LDAP + DNS)
- Keycloak (SAML/OpenIDC provider for FreeIPA)
- Gatekeeper (or the new replacement) (SAML authentication in-front of applications that do not support SAML/OpenIDC
- several OpenVPN servers (Personal access to internal networks + connection to remote VMs)
- Tinc (Site-to-site VPNs)
- Jenkins x 2 (CI) with linux/windows/macos build agents for various projects :)
- Racher clusters (k8s "wrapper")
- Gitlab (source code/ticket tracking/CI)
- phabricator (SCM/ticket tracking) - though it's now deprecated ;(
- cachet (status page)
- mattermost (IM messaging)
- sentry (exception tracking)
- gitea (SCM)
- Drone (CI for gitea)
- matomo (site analytics)
- sonarque (code scanning)
- tracwiki (internal wiki)
- onlyoffice (web-based office suite)
- nextcloud (for onlyoffice storage)
- nexus (package artifact repository)
- squid proxies and apt-cacher for package caching
- pfsense (firewall for internal networks)
- perforce (SCM for larger projects (games etc.))
- recipesage (recipe hosting tool)
- icinga2 (with icinga director) (nagios-based monitoring)
- Custom backup solution, using duplicity for internet tier backups
- phpipam (recording networks and assigned IPs)
- remote docker swarm cluster using glusterfs, MySQL cluster, haproxy, mysqlproxy, bind, consul
- portainer (docker management for remote docker swarm cluster)
- docker registry for local builds and proxy instance for caching remote images.
- syncthing for personal file synchronisation
- wazuh - host security scanning
- snipe-it for asset tracking
- seeddms - document storage (bills, receipts, letters etc.)
- Calibre-web (PDF book viewer)
- various self-build web applications, databases to support applications, reverse proxies for internal hosting (mainly haproxy)
Media PC: - syncthing
- plex
- homeassistant
- samba (for other family members that don't like SSH/rsync ;) )
- couple of game servers
Thanks for this post - there's a bunch of great applications posted that I hadn't heard of that look really interesting to try out! :D
Paperless-ngx
Photoprism
TT-RSS
Wireguard
Caddy as the reverse proxy
- smb shares
- nfs shares
- cloud backup tasks
vm with docker:
- pihole
- traefik reverse proxy
- vaultwarden
- openproject
- fireflyiii
- plex
- *rr stack
- youtube-dl
- internal smtp
- HomeAssistant
- NodeRed
- MQTT
- Influx
- Grafana
- os-nvr
- unifi
- healthchecks
- dnsrobocert
- gogs
- heimdall
- portainer
- mysql
planned:
- imap server (accounts at shared hoster getting too large)
- photo solution (not completely happy with plex)
- a ton of other ideas ;-)