Properties #

• Should have solid observability. This is also my playground for things.
• Upto-date and mostly automated
• Good and live documentation and should be easily debug-able
• It’s not like I want to selfhost everything, if there are external hosted services which satisfy my needs I would skip selfhosting. I want this to be seamless, controlled and do not want to spend hours on debugging any  issue. Same goes for hardware.
• I am not building enterprise network here, I can have fun so stupid stuff is sort of allowed

Goku #

Sort of a bastion host  . Idea is to have access to all my services from one place. Eg. I should be able to ssh from my phone to this machine and manage things even if I am away from my laptop. It should have the tools installed I need in a dev/sysadmin machine.

• Location: VPS
• Threat Model: Assume that it can be compromised and reduce attack surface accordingly.
• Possible stuff here: centralized logging  , centralized observability center, orchestrator center, Teleport  w 2FA
• Concerns: The usecase and motive of this component sort of contradicts. I am expecting this to be target but at the same time making this the most powerful and yet SOP in a way? Need to think.

Dobbies #

Local RPi(s)/Small computers/NUCs, can name them dobby-1, dobby-2 etc. Host small tools or whatever that I want to use locally or maybe expose some to the public internet as-well.

• Location: Local
• Possible stuff here: These will basically do anything. ArchiveWarrior stuff, bespoke scripts, see my secondary toolchest for complete list of tools that are already selfhostable/can be made selfhostable to fit my needs.

SRK #

The media server  , connected  to a NAS most likely. . I wanted to be local first, requiring internet to reach my media  does not make  sense but I probably would want to have public access to this in-case.

• Location: Local
• Useful stuff
  • Perfect Media Server 
  • Self-hosted media center, based on open source software | Lobsters 
  • *​arr services like Prowlarr, Lidarr, Sonarr Radarr, Tdarr  etc
  • gerbera/gerbera 

Warehouse #

Some kind of storage server/multiple servers. I have to explore this, zfs, btrfs etc. This will store archives, media files etc. This is not the backup, it’ll be done separately.

• Useful stuff: filebrowser/filebrowser  , mickael-kerjean/filestash  ,
• Readings
  • Building NAS with ZFS, AFP/Samba for Time Machine | by Cory Chu | GWLab 
  • When would I want to use raidz3 vs raidz2? 
  • simon987/awesome-datahoarding 

Cloud ZEPEEYOU #

To carry out AI experiments. Not worrying about this much rn as this will be specific to usecase but definitely want this to be billed on usage lol.

Rasta #

• Location: VPS, needs to be ephemeral

A test server / dummy that i can trash and recreate anytime, installs my necessary tools automatically on creation etc.

Piccolo #

Trusted, Persistent Good ol webserver. This will have a solid reverse proxy in place so that I spin up random APIs/Websites for public quickly.

daCNC #

This is my phone. This is more like a remote control for things and I’ve set some phone specific tasker profiles which are super useful. Eg. Taking picture and Uploading it to my Google Drive via SMS trigger etc.

VPN #

• Mesh VPN setup
  • Goal: Allow my devices to talk to each  other
  • Something like Tailscale is looking juicy here
• Road warrior setup (VPN VPS)
  • Goal: Something that allows me to access my devices at home when I am out.
• Encrypted Traffic + Hide source IP(geo) setup
  • Goal: Not anonymity but more of privacy and bypassing censorship. Eg. When using insecure public wifi or anything else that fits.
  • I can selfhost this but with that I cannot keep switching countries etc. So might be good idea to go with something like Mullvad VPN 
• Tunnels
  • Goal: Expose public only services quickly, give temporary access to something that I am running locally etc.

Proxy #

Router #

• We have the options of OpenWRT and OPNSense here. We can mix and match, will think of exact topology later.
• Point web services logs to fail2ban and let it handle rate-limiting etc.
• For extra points can check Crowdsec

DNS #

This is one bad boi. I probably just want to run local resolver. Maybe an authoritative server replicated to secondaries later. But for now, I plan PiHole/Blocky+Unbound.

• Once we have a reverse-proxy setup, you can have your local DNS server point to your reverse proxy for whatever domain. eg. *.home. Also see what domain name to use for your home network? home.arpa 
• Some people recommend doing split-horizon DNS along with reverse-proxy if running multiple services, I don’t see a point rn but maybe I’ll later.

Local Network #

Monitoring the network #

I haven’t explored this properly, so just link dumping.

• zaneclaes/network-traffic-metrics 
• maxandersen/internet-monitoring 
• internet-pi 
• Monitoring my home network 
• Taking Back What Is Already Yours: Router Wars Episode I 
• Self-hosted home network traffic monitoring with ntopng 
• Observing my cellphone switch towers 

Data inventory #

Backup details #

• Threat model of data loss and disaster recovery is no longer hardware failure: it’s account lock out. So make sure to use replicate stuff to different media/providers.

Compute providers #

Storage providers #

Best practices #

Other Homelabs #

• How I re-over-engineered my home network for privacy and security | Ben Balter 
• Local First Home Spaces - HackMD 
• My 2023 Homelab Setup | Mudkip Mud Sport 
• Scan2email - Nathan Grigg 
• Personal Data Warehouses: Reclaiming Your Data 
• Frigate: Open-source network video recorder with real-time AI object detectio… 
• You don’t need analytics on your blog 
• The Honeypot Diaries: Thousands of Daily Attacks on My Home Network | Hacker News 
• My Fediverse use – Im hosting everything myself 
• My 2023 all-flash ZFS NAS (Network Storage) build | Lobsters 
• FOSDEM 2023 - Self-Hosting (Almost) All The Way Down 
• “We have a thermal printer hooked up to the internet, you can send us a doodle” | Hacker News 
• Moving Marginalia to a new server | Hacker News 
• https://github.com/kencx/homelab
• https://github.com/RealOrangeOne/infrastructure
• https://github.com/aldoborrero/hashi-homelab
• Building a freedom-friendly wifi pocket-router | kulesz.me 
• My Overkill Home Network - Complete Details 2023 
• gokrazy is really cool - Xe Iaso 
• Synthing Anywhere With Tailscale | init(8) 
• Notes on using a single-person Mastodon server | Lobsters 
• I found the Holy Grail of backups - Stavros' Stuff 
• How I store my files and why you should not rely on fancy tools for backup 
• This blog is now running on solar power  and LOW←TECH MAGAZINE 
  • We went solar and here are the real numbers (2021) | Hacker News 
• This blog is hosted on my Android phone | Hacker News 
• Off-the-Grid Raspbian Repositories 
• My Homelab Build - Xe Iaso 
• Self hosting in 2023 - Grifel 
• Make your own VPN with Fly.io, tailscale and GitHub | Hacker News 
• Linux Networking Shallow Dive: WireGuard, Routing, TCP 
• Ask HN: How would you build a budget CPU compute cluster in 2023? | Hacker News 
• Home Lab Beginners guide - Hardware 
• Building a better home network | Kevin Burke 
• My network home setup - v4.0 | etcetera 
• Setting up a Raspberry Pi with 2 Network Interfaces as a very simple router 
• khuedoan/homelab 
• https://twitter.com/workspacesxyz
• /r/homelab /r/selfhosted
• Node-RED 

Homelab as a service kind of projects #

• omg.lol - A lovable web page and email address, just for you 
• hacker labs · pico.sh 
• Sandstorm 
• Umbrel - Personal home cloud and OS for self-hosting 

Tips from others #

• Considerations for a long-running Raspberry Pi # Chris Dzombak 
• https://github.com/linsomniac/spotify_to_ytmusic (Move my old spotify playlist to YT)
• Stream to chromecast with resolved, vlc and bash | Lobsters 
• How I built a fully offline smart home, and why you should too | Lobsters 
• How to defend your website with ZIP bombs 
• Building a fully local LLM voice assistant to control my smart home | Hacker News 

Aesthetics #

• corkami/pics  : Posters, drawings.
• The Unix Magic Poster | Hacker News 
• Investing in lighting did great things for my mental and physical health 

Products #

• ZimaBoard - World’s First Hackable Single Board Server 
• TinySA – small spectrum analyzer and signal generator | Hacker News 
• Flipper Zero: Multi-Tool Device for Geeks | Hacker News 
• Valetudo | Cloud replacement for vacuum robots enabling local-only operation 
• Synology Inc. 
• FRITZ!Box | AVM International 
• CardSystem | learn effective with flash cards 
• Dream Machine Pro – Ubiquiti Inc. 
• HP USB-C G5 Essential Dock 
• Nitrokey | Secure your digital life 
• MINISFORUM DeskMini UM350 Mini PC  
• The Modern, Open-Source KVM over IP | TinyPilot 
• Pen Plotter
  • Bottle Plotter | Hacker News 
  • GitHub - bdring/midTbot_esp32: A Small and Simple Pen Plotter 
  • GitHub - hackclub/blot: 🤖 ✍blot, the plotting bot from hack club 
• Garmin inReach Explorer+, Handheld Satellite Communicator 
• USB Numeric Keypad Portable Slim Mini Number Pad 
• Cat S62 Pro Smartphone | Cat phones USA 
• DeviceFarmer/stf: Control and manage Android devices from your browser. 
• Tamagotchi - Wikipedia 
• Custom made portable PC 

Guides #

• Aluminum T-slot Building Systems – Build your Idea | Hacker News 
• GitHub - help-14/mechanical-keyboard: DIY mechanical keyboard and where to find them 
• The New Essential Guide to Electronics in Shenzhen | Hacker News 
• E-ink is so Retropunk 
• The Orange Pi 5+ - Tao of Mac 
• I'm building a self-destructing USB drive (2022) | Hacker News 
• Old Vintage Computing Research: The Fossil Wrist PDA becomes a tiny Gopher client (with Overbite Palm 0.3) 
• GitHub - haimgel/display-switch: Turn a $30 USB switch into a kvm sw 
• GitHub - seemoo-lab/openhaystack: Build your own ‘AirTags’ 
• Help us improve the flight coverage in your area 
• Telnet BBS Guide | Hacker News 
• Comparing Hobby PCB Vendors | Hacker News 
• Unpopular Opinion: Don’t Use a Raspberry Pi for That | Hacker News 
• JanOS: Turn your phone into an IoT board (2015) | Hacker News 
• Junk drawer phone as a music streaming server | Hacker News 
• Your First LTE | Hacker News 
• Making a Linux home server sleep on idle and wake on demand 
• A Beginner’s Guide to Houseplants 
• Notes on RSI for Developers 
• ESP32
  • Ask HN: What have you built with ESPHome, ESP8266 or similar hardware | Hacker News 
  • A Beginner’s Guide to the ESP8266 (2017) | Hacker News 
  • ESPHome | Hacker News 
  • Show HN: Watering my Christmas tree with ESPHome | Hacker News 
  • ESP32 Game Boy Printer | Hacker News 
  • Building an occupancy sensor with a $5 ESP32 and a serverless DB | Hacker News 
  • Privacy friendly ESP32 smart doorbell with Home Assistant local integration | Hacker News 
  • Hosting a Website on ESP32 Webserver with Microdot: Step-by-Step Guide 
  • Zeus WPI | Unveiling secrets of the ESP32: creating an open-source MAC Layer 
  • ESP32 Buyer’s Guide: Different Chips, Firmware, Sensors 

USB ova IP #

• There’s good support for linux but next to none for an easy installation for windows.
• https://usbip.sourceforge.net/
• https://github.com/usbip/implementations
• https://github.com/usbip/protocol
• https://github.com/klabarge/fob

Wayland x Windows KVM (Input switch / desktop switch) #

• input-leap works but unfortunately/fortunately i am using wlroots and win11.
• https://github.com/htrefil/rkvm
• https://github.com/r-c-f/waynergy (client, does not seem to work w barrier server on win)
  • Also check DeskHop – Fast Desktop Switching | Hacker News