Selfhosted

Learn how to design an implement effective segmentation for my network, get better with OPNsense, and get my private website up and running

Centralised identity management, particularly for machine logon, NFS and maybe a few of the services I run.

Figure out why my new 10GbE NIC won’t read in my repurposed gaming rig (now server), get all my storage migrated over to Ceph, transition my services over to Proxmox hosted Talos k8s stack from my RPi-hosted k3s stack.

Buy a home.

Harvester cluster my everything. I really want to play around with having my servers being stationary, a togo cluster (laptops, and UPS in a suit case), and PC all in the same cluster.

Right now they are all segmented rke2 clusters, but Harvester should make running vms way easier too.

1. Finish building a mini-rack with a server (almost done).
2. Finish cabling the house with CAT6 cables.
3. Migrate the current VPS running my docker services to the self-hosted server.
4. Implement a NAS on the server using a virtualized OpenMediaVault instance.
5. Migrate my network infrastructure from a single asuswrt-merlin router to OPNSense + Cisco Switch.

get around cgnat finally

Get a domain and set about moving over to HTTPS with Let's encrypt and Nginx.

Learn to write an Nginx config. NPM just works so good though.

Fix my permission issues. I have my media zpool on 777 so all the LXCs work and I have to run Libation in a VM as root. I've been banging my head against this on and off for a while.

Figure out why paperless isn't saving to the correct place. Also, figure out where Paperless is saving to.

Containerise Libation.

I give friends and family access to my server via a relay, just a raspberry pi 0 with Tailscale, pihole and nginx on it. I have reasons for going this route. Anyways, get a couple more of those into the wild. Also streamline the process somewhat.

Learn to and create an ACL config for tailscale so I can have services access nothing, users access services, and admins access everything.

I think what I need to do correctly on my homelab this year, is setup off-site backups. I currently only backup to seperate drives and machines inside my own home. I need to setup something at my parents place to take weekly and monthly backups.

Other than that, my media server needs a bigger storage drive.

My server is exactly as I need. Basically 1 year old now. This year I really want to do vlans to control the network more than an off the shelf router. I work in tech and still am struggling because all I know is meraki bullshit and that's not priced for the typical home user.

I'll need a few AP's and a switch and firewall. I don't know what to get or what to buy and each research session ends with more options than I started with. Anyway that's my goal. I'll get there eventually.

Right now it's really just setting up DNScrypt, and maybe swapping some equipment out for lower power consumption.

Many goals, little time, so we'll see what actually materializes 😅

1. Reimplement my Grafana+Loki stack on public cloud, replace Promtail with a proper Prometheus pipeline (queries are making my qnap go brrr)
2. Start up an Immich instance and migrate Google photos to it
3. Set up Authentik or something equivalent for the aforementioned services and others. I already have a basic Traefik test config without authentication but still don't have it working 100%, so everything stays on TailScale for now

I want to replace my single drive Qnap NAS by a diy one. It still works, but I also want to redo my backup process, and it would be a good point to start.

Moving to a rack is nice, I love my rack. If you’re in or near a city I suggest keeping an eye on Craigslist and ebay (search by distance nearest and lowball ones that have been sitting for months) because it’s not uncommon for nice racks to go real cheap as long as you come get them. I got my rack realllll cheap ($40, 42u, fully enclosed with massive pdu) because it’s a 90s ibm rack and it’s welded steel so it’s like 450lbs. Moving it was a nightmare but it’s real sturdy and I’m never moving it again now that it’s in my basement

For my goals in the short term I have to replace a sas cable that caused a crc error on one drive, it only happened once per smart data but still want to get that done asap. I also have another drive that’s beginning to show some smart issues; it’s on the same sas cable so it may be related because the errors didn’t increase (they all were related to an unclean shutdown, confusing things) but it’s old anyway so better safe than sorry I guess.

Medium term I want to finally upgrade my ups. The one I have now is not a rack mount which is part of what led to the unclean shutdown. It’s also a bit undersized. I have a generator for my house so I don’t need something massive but the one I have is 450va and several years old so with the tired battery I only can get about 5m of runtime. It’s more than enough to cover the transfer from power cutting out to generator power but I want something that’s a bit more reliable in case of generator failure. This is pricey though because my array is pretty huge so it’ll probably be held off unless I find a good deal on a dead one that has cheap batteries available

I also want to put the rack on its own circuit. This is something I should do asap because it’s cheap, just gotta find time and rearrange my panel a bit because it’s pretty full. This would be the other part of the unclean shutdown as the outlet would be in a much better location and I could also install a locking outlet

Would also be nice to pick up a super cheap monitor locally, like something for $15-20 from a pawn shop or Craigslist or something for the rack. Earlier this year I had nginx crash on my server and the webui became inaccessible, I had to drag my nice and kind of large desktop monitor down to the basement to solve the issue, would be nice to just have a shitty small monitor on the rack for that

Speaking of nginx I keep meaning to setup some kind of reverse proxy or mdns for all my dockers so that I can just do whatever.whatever instead ipaddress:3993 which makes my password managers barf but I’ll probably just be lazy and edit my hosts file

Longer term I want to add a secondary low power server that can run something like pfsense to handle my routing, then turn my current wireless routers into access points because they kind of suck as routers.

And of course the array could always be bigger, especially if drive prices fall

I will probably realistically only do the drive and cable replacement, the circuit thing since that’ll be like $40 and a half hour of work, the monitor if I can find one, and maybe the hosts file thing. If I run into cash (unlikely) or a crazy deal (you never know) the ups would be my next priority but there’s a million other things going in life (deductibles just reset for health insurance, hooray)

1. don't break stuff
2. upgrade to microOS from Leap, without violating step 1
3. reduce the physical footprint of my server (currently in a massive case, would like to go to mini-ITX)

My city is also planning to roll out fiber, so upgrading my network may become a priority if that happens. My current ISP is limited to 100mbps, but I should be able to get 10gbit once they hook me up (though I'll probably stop well short of that).

I need to move my mishmash of hard drives, fans, cables, and NUC into a proper NAS box, with a proper power supply and a mini itx motherboard.

Get everything migrated across to my new k3s cluster. I’ve been using larger boxes (unraid) and a couple of 1L mini PCs with proxmox to run my homelab until now.. but I work with kubernetes and terraform daily and wanted something declarative.

I’ve now got k3s setup with a handful of services migrated (Immich, Tailscale, Nextcloud etc) but there’s still a ton to go (arr suite, various databases, Plex, Tautulli etc). It’s another job entirely.

I love it but sometimes I wonder why I do this to myself 😅

Moving my servers to Arch (EOS) as my trial for one during 2024 was successful, rock solid. Swapping my router to a Unifi Express as I am switching to an ISP which finally allows me to do so.

Thinking about setting up a NixOS or Guix firewall/router. I like OpenWRT but upgrades are a bit annoying, although should improve with the new packaging system.

The idea of having a single config file I can deploy on new hardware almost immediately is very appealing, however.