Cover photo by JOHN TOWNER on Unsplash
All for One, and One for all!
The duality of self-hosting isn’t always easily explained. Why do we bother to sit down and waste valueable hours with frustration? Is it for privacy, freedom, responsibility or just to advance our very own skill in this matter? Or maybe it’s for your friends and family?
I started self-hosting around 2017 when I got into my apprenticeship as a IT-Systemintegrator, it all started with a friend giving me a simple debian VM in his proxmox cluster, I learned NGINX and how to set up Wordpress. It was in 2018 that Shibabox.eu was born. I got my very first own VPS at contabo (which to this day I still use) for a mere 5 euros a month. The offer was unbeatable, 4 cores and 8GB of RAM with 512GB of SATA SSD storage. That’s the main reason why I’m keeping it around to this day!
At the very start nothing was organized, I didn’t even understand the best practices with DNS servers, name conventions or security. I started using the VPS just for gameservers like Minecraft, SCP: Secret Lab or Garry’s Mod. I ran my stuff through screen and went by practices I learned from my apprenticeship. Eventually I’d sit down and migrate my wordpress instance to my VPS, set up Nextcloud and learned using daemons and services in Linux and some simple automization using cronjobs. Time passed with me trying stuff out, eventually I’d be done with my apprenticeship in 2020 just when COVID started and moved into my own place.
One for all
Of course what was my first investment? A Raspberry Pi 3b+, it was my main testing ground as I started out with docker which I found out about thanks to TechnoTimLive on YouTube. I was mesmerized by container technologies and from there it was a steep road into Kubernetes and more DevOps schenanigans. Eventually I’d invest into a Dell Optiplex SFF - used for around 200 euros - and started playing around with K3S.
Up until that point, anything I had hosted was for friends and trying to establish a community, I stuck to that ambition as I set up my own authentication provider and started offering services to friends - cloud storage, gameservers, online tools, my mailserver with custom domain. People used it alot at the start, but eventually that usage also dropped and people went back to their subscription and cloud based services by Google and co. I felt like I had failed and I kept trying more and more to improve and to make it better, wanted to know what made people want to use those services over mine, if it was trust issues or comfortability? I would never find out.
So where did this all head out to? In 2021 I would pull the lever. Homelab V2 was born and I started anew. This time for a smaller circle of friends but still public. In 2022 I’d move to Leipzig, new apartment - new possibilities. Homelab V3 was born. This time against my better judgement, people that were actively using my services were allowed to remain. The rest got kicked out. I would invest into a SDN solution for at home and I’d split services over multiple devices, I started to think about security and started running my containers unprivileged and cracked down on accessibility of my machines to the internet. I’d introduce Traefik as a loadbalancer / reverse-proxy and my raspberry-pi would be used as a bastion-host / DNS server. In 2023 I started work on Homelab V3.1, a minor overhaul which just added another VPS that I started renting out, and a Synology NAS for easier storage management.
Now it’s 2024, my boyfriend and I moved together into a way larger apartment. And thus the idea of Homelab V4 was born.
All for one
Majority of my homelab is only accessible network internal or via VPN. My Synology NAS has only one endpoint exposed to the internet which is for sharing files via the drive application. I got stuff hosted on my VPS which is accessible still…
The first one:
- Mailserver
- a vaultwarden instance to share temporary passwords and such securely with friends
- Uptime Kuma
- Pterodactyl Panel for control over gameservers
- My main website
- A CDN for static content
The second one:
- A Firefish instance for my gateway to the Fediverse
- Wings for containerized gameservers
A third one, for bypassing my CG-NAT.
I have been pondering how to make it better, started writing ansible playbooks to automate system and container updates, backups and even the initial provision of a new machine with a setup to connect via S2S-VPN.
I came to the conclusion that when hosting for yourself or your closest friends and family, something like Kubernetes is maybe a bit overkill, so I am sticking with docker-compose. It’s ressource efficient and I don’t require high-availablility, if a service or my internet goes down then so be it, I got backups. In order to clean up my managed pool of applications, I started moving all the static pages hosted by multiple NGINX instances into Cloudflare pages and have been making great use of that offer.
I am making use of Grafana Cloud’s free tier and have them hosting my logging and monitoring platform. My alerting is handled by Uptime-Kuma which will be wandering to a Oracle Cloud Free-Tier instance soon enough. The same goes for my main site, what is the purpose of it anyway? It’s just supposed to be a landing page for anyone stumbling upon my projects or if they ever get lost and find their way there. Using a full-blown CMS is just too much for that, so I will probably just also move that onto a simple static page that links to all important places that I do host publically.
Well, where does that leave me now? In IT there’s the saying: “If it works, don’t touch it!” and that’s kind of where I want to go. I am well on my way to automate any updates that are needed to be performed regularily, if anything breaks it will auto-recover and notify me - I will have to put in minimal effort to keep all systems running. As long as cloudflare still offers their “Pages” feature for free I won’t have to worry about this either, and I am leaving de-facto no attack vectors available where I have to put any extra measures into place. I am getting to a point where I can say " I am happy with how it is".
So as long as the datacenters where my VPS are hosted don’t burn to the ground or someone decides to rip out the internet cable from our front-door I am well set until atleast any kind of hardware-fault would occur.
To summarize:
- Automate last bits
- Save ressources by dedicating less to my own hardware and using free options
- Leave less attack vectors for brute-force or exploits
- Lean back and relax
If there ever will be a Homelab 4.1, or even a 5.0 I can’t tell. I don’t see the need for self-hosted AI and my current storage solution will leave me happy for quite a while. If you have any ideas or impressions from what you read, feel free to reach out - I am more than happy to discuss!