_         _ _       _
| |       | | |     | |
| | ____ _| | | ___ | | __
| |/ / _` | | |/ _ \| |/ /
|   < (_| | | | (_) |   <
|_|\_\__,_|_|_|\___/|_|\_\

Home server infrastructure overview


Categories: networking servers infrastructure linux

I’ve been running a home server for over 10 years, and it’s evolved significantly over time. It all started with an old desktop PC running Debian, acting as a NAS and Minecraft server. Today, my setup is much more complicated.

My current setup includes:

Server

The server runs on second-hand enterprise hardware, which has proven reliable. The key specs are:

My storage setup consists of:

I use ZFS for both NAS and VM storage due to its reliability and built-in snapshot capabilities. The NAS pool is shared via NFS, and all VMs are backed up daily to the 2TB HDD using Proxmox’s built-in backup feature.

Software and Services

I currently host several services on my home server, including:

Proxmox VE

For virtualization, I’m running Proxmox VE, a Debian-based platform that includes built-in support for the ZFS filesystem. Proxmox has been my go-to solution for over 5 years for managing virtual machines.

Virtual Machines

All services are hosted on Debian 12 virtual machines. I use a Debian 12 cloud image as the base OS for each VM. Cloud-init is used for network configuration and SSH key setup, making it simple to clone templates and deploy new VMs quickly. In the future, I plan to start deploying the VMs using Terraform.

Ansible

I use Ansible to handle configuration and deployment tasks. I’ve created a base role that applies to every VM, which includes installing common software, setting up firewall rules, performing optimizations and hardening. All actual applications that I host are also deployed using Ansible.

Docker

All applications run inside Docker containers on the VMs. I deploy the containers using Ansible, it makes deploying and uppgrading containers as simple as updating the tag and running the playbook. I am currently use Docker as the container runtime, but I’m considering switching to Podman, which I already use on my workstations.

Networking and Security

Firewall Configuration

I use UFW to manage firewall rules across VMs. I use Ansible to deploy the firewall rules. The firewall is configured to allow only SSH access from the LAN and the VPN server, with all other incoming traffic denied by default.

Nginx for Reverse Proxy and SSL

Each VM hosting a web application uses Nginx as a reverse proxy, which also handles the SSL certificates.

Local DNS and SSL certificates

I use Unbound as my local DNS server. I have assigned DNS entries like servicename.domain.tld to each of my self-hosted services.

I use Let’s Encrypt to obtain SSL certificates for my self-hosted services. A dedicated VM runs the getssl script, using the DNS verification method to obtain wildcard certificates (as I don’t have a static IP). These certificates are then distributed to all VMs that need them.

Future improvements