Configuration and personal documentation for my homelab - (eternal) WIP
Figure 1: Me trying to assemble this monstrosity
- pfSense CE - firewall sitting in front of all this (bare metal)
- Proxmox VE - host OS (bare metal)
- Ubuntu Server (22.04 LTS) - guest OS, hosts portainer
- TODO: move to NixOS for this layer
- Docker + Docker Compose - most services in containers
- Portainer - nice web GUI for docker stuff
- Jellyfin - media server
- Jellyseerr - automate requesting content
- Servarr Suite - automate (legally!) obtaining various media files
In no particular order:
- Auto provision TLS certificates via Caddy
- Close off container ports (i.e. web UIs only accessible via Caddy)
- Expose containers to Tailnet. ✅ Single Tailscale instance for whole cluster (
portssubdomains for different services)or one per service (allows subdomains) - Gluetun in containers (currently done at pfsense layer)
- Figure out something for NAS layer
- PCIe passthrough iGPU from Proxmox Host -> Ubuntu -> Jellyfin container, for transcoding
- Move to NixOS instead of Ubuntu
- Add more RAM to host PC
- Set up auto offsite backups
- Automate deployment from scratch (Ansible? Nix?)
- Add automated speed test tool (for periodically testing WAN speed through ISP)
- Add self-hosted web-based speed test (for testing a client device's connection speed to the homelab, e.g. via Tailscale)
- Add Unifi network controller (for configuring local wifi access points, etc)
- Set up PiHole for DNS
- Set up Watchtower for auto-updating non-critical containers
- Put Portainer in docker compose (rather than as a raw docker run command)
Note: ~~I don't have a domain name and don't (currently) plan to purchase one, which adds some additional hoops to jump through (e.g. provisioning valid TLS certificates becomes slightly more difficult than just Caddy + Let's Encrypt)~~ Ended up getting a domain after all
This was created as a learning exercise to upskill on various technologies, and is/has/will be only ever used for legally permissible purposes, such as obtaining media released to the public domain or sharing Linux ISOs.