My Homelab Setup

Original Article ↗ Hacker News Discussion ↗

Reverse proxying, DNS, and service access

  • Many suggest fronting services with a reverse proxy (Nginx, Caddy, Traefik, HAProxy, Nginx Proxy Manager) plus local DNS so apps live at subdomains instead of ip:port.
  • Caddy is praised for simple config and Cloudflare/Tailscale integrations; some dislike its plugin model or distributed configuration.
  • Alternatives include Cloudflare Tunnels, Tailscale Serve/Services, AdGuard Home / Pi-hole with split DNS, and simple dnsmasq or mDNS.
  • Several recommend using a real domain with wildcard DNS and ACME (Let’s Encrypt) for internal TLS, even if records never resolve publicly.

Password managers and hostnames

  • Shared IP or base domain causes issues for tools like Bitwarden and 1Password.
  • Workarounds: subdomains per service, including ports in URLs, and tweaking per-entry matching rules. Some find defaults (base-domain matching) unintuitive or dangerous.

Backups and storage choices

  • Restic + object storage (Backblaze B2, Hetzner Storage Box, BorgBase) is common; benefits cited include encryption, deduplication, and being NAS-agnostic.
  • Some question using Restic when TrueNAS offers native backup features; others prefer tool independence from a specific NAS OS.
  • Hetzner’s S3-compatible storage is criticized for frequent degraded performance; Storage Box is praised.
  • Concerns raised about running long‑term storage without ECC RAM, though others report ZFS working fine with modest RAM if dedup is off.

Homelab vs “just a NAS/server”

  • Debate over whether this setup is a “real” homelab or a light self-hosted box.
  • One side argues homelab implies experimentation/learning or more complexity; others reject gatekeeping and say any home experimentation counts.
  • Practical split: some keep NAS and compute/router roles strictly separate for reliability and security; others embrace all‑in‑one for simplicity.

Hardware, power, and scale

  • Many note that homelab loads are usually light; CPU is mostly idle, RAM and disk are the real constraints.
  • Older desktops, mini PCs, and small workstations are widely used; some warn about high power bills from big servers vs low‑watt micros or ARM Macs.

Off‑site and “friend” backups

  • Multiple commenters run off‑prem backups to family/friends using Tailscale/WireGuard and ZFS or borg, sometimes with disk seeding to avoid upload bottlenecks.
  • This is seen as a privacy‑preserving alternative to major cloud providers.

VPN and remote access tools

  • Tailscale is popular; others suggest Headscale, NetBird, Pangolin, plain WireGuard, or Unifi-style site‑to‑site.
  • Some explicitly avoid exposing services to the public internet even via tunnels.

Restic on laptops

  • Restic is reported to resume interrupted backups cleanly (except possibly the very first run).
  • Systemd timers and anacron are suggested to deal with sleep/uptime patterns.