My Self-Hosting Setup

Original Article ↗ Hacker News Discussion ↗

NixOS and orchestration approaches

  • NixOS draws interest for declarative configs, easy rollbacks, and integrating OS, firewall, and services in one place.
  • Multiple commenters found the Nix language, error messages, and Flakes split off‑putting; suggested “2–3 weeks” of focused learning and heavy reuse of others’ configs.
  • Others stick with Proxmox + Ansible + Docker/Fedora, or nix-darwin only, saying the incremental gain over existing IaC is modest.

Kubernetes, Talos, and “too much homelab”

  • Several “hardcore” setups run Talos Linux, Kubernetes, and Ceph/rook‑ceph on racks full of NUCs or Dell/Supermicro servers.
  • Longhorn was reported to have had high CPU use in the past; rook‑ceph regarded as more battle‑tested.
  • A recurring theme: people who once mirrored production HA stacks at home are now tired of the complexity and noise, and are considering a single powerful host with bare‑metal services or simple Docker/systemd.

Storage, ZFS, and RAID layout

  • ZFS is popular for integrity, encryption, and incremental send/receive.
  • Debate over 4×10 TB RAIDZ2 vs smaller mirrored sets: mirrors may be cheaper and easier to grow (replace 2 disks instead of 4), but some value higher fault tolerance.
  • Strong agreement that RAID is not a backup; many maintain multiple offsite copies, external drives, and scripted checksumming.

Hardware and low‑cost self‑hosting

  • “Cheapskate” options: Intel N100 mini PCs, 1L enterprise “TinyMiniMicro” boxes, used NUCs, older laptops, and Raspberry Pis.
  • Emphasis on low idle power, enough RAM, and some storage expandability; anything ~2010+ can work for light services.
  • Synology is praised as a simpler alternative for many households, though some distrust vendor lock‑in and past security incidents.

Access, VPNs, and SSO

  • Tailscale/headscale is central in the article; commenters compare with:
    • Plain WireGuard (simpler, one exposed port, no third party).
    • Cloudflare Tunnels / Zero Trust and Tailscale Funnel for exposing selected services with SSO at the edge.
  • One tension: family UX vs security. VPN‑only access is seen as too fiddly for some non‑technical users, especially on mobile; others argue VPN + open apps is simpler than per‑app auth.
  • Authelia+LLDAP, authentik, Caddy, YunoHost, Forgejo‑as‑OAuth‑provider, and Cloudflare Access are cited as workable SSO ecosystems.

Proxmox, networking, and ops burden

  • People struggle with Proxmox networking (VLANs, LACP, multiple subnets). Advice:
    • Use OPNsense/other firewalls as the “heart” of the network.
    • Let the router handle subnets/VLANs; use Proxmox bridges per subnet.
    • Don’t overcomplicate with Terraform/Ansible initially; learn basics via docs and videos.

Security, backups, and succession planning

  • Long subthread on encrypting disks vs leaving data accessible to heirs; concerns range from burglary to abusive law‑enforcement searches.
  • Some describe elaborate, rehearsed backup/restoration procedures and laminated “how to restore” instructions; others rely on simple external drives or printed photos.
  • Several note the importance of “what if I die?” documentation for both homelabs and broader financial/tax accounts.

Meta: homelabbing as hobby and career tool

  • Many credit homelabs with accelerating their careers and deep understanding of infra.
  • Others say they’ve “looped back” to minimalism: one box, Docker Compose, few services, rarely touched.
  • General sense: self‑hosting can be easy and low‑maintenance if scoped narrowly; large, production‑like home setups are fun but eventually feel like a second job.