Personally will be trying to transform my server which is currently in a fractal R5 case, into a small-ish Homelab rack, combined with all my network equipment. Will require complete relocation of all network equipment in the house as well as cables so it will be a bit of a project. Also on the lookout for a good quality rack so let me know if you have any recs. Still unsure if u want to do full width rack or mini. Part of me really want the UDM Pro from Unifi…
What are your goals and thing you want to accomplish during 2025?
You must log in or register to comment.
Got a 3 year old kid with another on the way. I just need it to be reliable so the kid can watch Sesame Street and the lights keep working.
I want to move my whole server to NixOS. It’s gotten to the point where I have no idea where all the Ubuntu config files went, and handling half of it via Docker vs baremetal. I hope this will allow me to set up proper backups as well, and maybe get better at Nix! I started a few days ago using the VM feature, but it’s tricky to work on for now, perhaps I haven’t found the right workflow.
I went this route from the start and love it. In case you need some resources:
- VimJoyer is excellent: https://www.youtube.com/watch?v=a67Sv4Mbxmc
- Do secrets using SOPS: https://www.youtube.com/watch?v=G5f6GC7SnhU
- NixOS and Restic are an amazing combination, full backups in 20 lines of config. This article was my best find for this: https://francis.begyn.be/blog/nixos-restic-backups . Tip: you can easily write systemd services to trigger each software’s preferred backup strategy and simply schedule them to run before the Restic backup - I have them all copy the backups to one folder that then Restic backs up, works great for me!
Hope this helps a bit. I found the effort to be very worth it, but took me almost half a year to get comfortable with it.
Thank you! It definitely does, I will be using that Restic article for sure! I actually use NixOS on my main laptop, which I found via Vimjoyer’s videos. It’s great, though I wish documentation for more advanced usage was more readily available. I started making the server, currently my biggest roadblock is testing the infrastructure without going live (I made the flake generate a VM for now but it takes a long time to build it every edit and I can’t even get ssh working) and figuring out how I’ll eventually install it with minimal downtime.
On the topic of build times, it took me too long to learn that nixos-rebuild supports remote build workers and targets.
For example, if I am editing on my laptop, want to build on my desktop, and apply the build to my file server, then I’d run…
me@laptop$ nixos-rebuild test \ --flake ~/wherever-it-lives \ --build-host desktop \ --target-host file-server \ --use-remote-sudoThe host names should match the name of the nixosConfiguration output from your flake. If they don’t I think you can specify like,
--target-host .Remote sudo avoids having to SSH as root.
Bonus tip: Having Tailscale on every machine makes this work reliably from anywhere, network speed as the limit.
Is there a reason(s) you’re doing NixOS over something like ProxMox? A friend of mine has been moving his lab over to ProxMox containers so i was thinking to do the same thing, but curious about NixOS since I’ve seen a few people mention it. Thanks!
The entirety of Nix configuration is in somewhere between 1 and 3 files depending on how you like your poison.
It’s immutable, so stuff can’t just change on you.
Every change you make is stored into a new configuration and you can roll back to any configuration you’ve ever done with a reboot, so it’s kind of hard to brick it.
Apps can’t just go in and modify your users or your host table or any of the other configs so it’s got an extra layer of security. But then, the package system has more packages than God and is maintained by a million randos with very little oversight.
It has some substantially neat tricks. I moved from one box to another by just doing a fresh install, moving its three configuration files and letting syncthing rebuild my home directory from my other box.
I think, if I were going to use Nix as a home server, I just install all of the services directly on the OS. Updates and configurations for everything would be maintained by Nix itself.
No reason you can’t use NixOS in a VM on Proxmox.
My container host OS is another immutable, uCore, which I run in a VM on Proxmox.
Never said you couldn’t I was assuming OP was running VMs inside of Nix
Nix is great if your fine with the packages and configuration they provide. If you want other stuff or features not provided it is a giant pain in the ass and not worth it. And you’ll get oh just write a flake or just write a package file for it.
Tried it didn’t like it. To much work to get somethings working. Went back to docker.
Start setting one up.
Have fun!
Same!
Might get around to tidying this 20-year-old mess up a bit - tho I’m not sure where to start lol.
I am not a proud man.
I appreciate you posting your balls like this.
Fuck it it works. Lol
I think what I need to do correctly on my homelab this year, is setup off-site backups. I currently only backup to seperate drives and machines inside my own home. I need to setup something at my parents place to take weekly and monthly backups.
Other than that, my media server needs a bigger storage drive.
Hetzner storage box is super cheap and works with rclone. They have a web interface for configuring regular zfs snapshots too so you don’t have to worry about accidental deletions/ransomware.
True. I’d have to get the €11/month box for it though. It’s cheaper to set up one of my Raspberry Pi’s with an external drive I already have. I just need to figue out how it’s best to transfer and dedublicate the data. :)
Nope, you don’t need any VPS to use it, it comes with an SFTP interface.
https://www.hetzner.com/storage/storage-box/
offsite backup for $2/TB and no download fees, 1/3rd the price of B2.
Yeah. I would need the 5 TB one for my stuff, so that is the €11/month box.
Ah, ok I see.
Personally I’d recommend restic and backblaze b2 if I were you. Dedup and quick.
only need dedup if your data is duplicated
Which they expressly said they wanted in the comment I responded to…
I got no backups ao ur doing better than me. If 1 ssd dies there goes all my data.
Backups are key! Need to work on this myself too!
I did this recently. Opendrive is free up to 5 gb and works with rclone. All I’m backing up is the config and data needed to recreate my containerized services. I’ve even had to recreate them from the backup, once.
I snagged an old fiber LTO5 drive… just got to work out how to get it powered and then spend hours fiddling with silly old tapes.
Buying a 16 TB hard drive for… purposes.
You can say piracy here, it’s a safe space. Or, ya know, porn.
Learn how to design an implement effective segmentation for my network, get better with OPNsense, and get my private website up and running
I had a blast learning and configuring vlans for my smart switch and putting all the IOT devices on their own network.
Do you happen to remember what learning resources you used?
get around cgnat finally
Tailscale? 👉👈 🥺
That’s what I’m currently using and it doesn’t cut it, especially for streaming movies
Literally just finished configuring headscale on a free (pay as you go) oracle vps because I’m behind cgnat. Getting tailscale on pfsense to connect to a headscale server was a chore but finally got it.
I’m using tailscale now and yeah, their relay servers are very spotty. I do have an ampere free tier just sitting around that i was planning to use as a relay for an overlay network, but that’s all been in the planning phase all year.
To start - moving services from bare metal to rootless Podman containers running via quadlets. It’s something I have had in mind for a while but keep second guessing the distro choice. Long-ish release cadence, systemd-networkd and a recent Podman version in the native repos, well supported, and not Ubuntu.
So far openSUSE Leap seems like the winner. A testing machine is up to install everything, write some deployment scripts, and decide on a storage layout and partitioning scheme.
If anyone has another distro to recommend that checks these boxes let me know!
I like rolling release for the desktop, but only want critical patches in any given month for this server, and a major upgrade no more than every 3-4 years. Or an immutable server distro. But it doesn’t seem like networkd is an option for the ones I’ve looked at (Fedora CoreOS, openSUSE MicroOS), and I am not sure if I want to figure out Ignition/Combustion right now.
Next project - VLANs on Mikrotik.
OP - Navepoint makes good racks for reasonable money. I have a Pro series 9u from them and it went together without any problems. It’s on the wall with a pretty big ups in it.
Thanks for the recommendation!
If I hadn’t been using Unraid for my server I too think I’d be rocking OpenSuse, but probably MicroOS as you mentioned.
Hardware perspective i need a nas. I got myself some piece of acer oem thats not too shit just need a case and some drives (i dont wanna just make stack of drives on top of the stack of old oems i call a homelab).
Am getting starlink installed cos shitty rural aussie internet is shit. So gonna have to do some fucking around to make that work.
Would like some local media reccommendation algorithm (can probs just write some code to dump jellyfin into openwebui and task an llm).
Gotta set up an image gen ai and hook that up to openwebui.
Gotta set up an email server to make authelia notifications not just dumped to a file.
Ohh and i got literaly no backups of anything (well except my docker composes that are on git).
Other than that we will see what i want.
- don’t break stuff
- upgrade to microOS from Leap, without violating step 1
- reduce the physical footprint of my server (currently in a massive case, would like to go to mini-ITX)
My city is also planning to roll out fiber, so upgrading my network may become a priority if that happens. My current ISP is limited to 100mbps, but I should be able to get 10gbit once they hook me up (though I’ll probably stop well short of that).
Get a domain and set about moving over to HTTPS with Let’s encrypt and Nginx.
Learn to write an Nginx config. NPM just works so good though.
Fix my permission issues. I have my media zpool on 777 so all the LXCs work and I have to run Libation in a VM as root. I’ve been banging my head against this on and off for a while.
Figure out why paperless isn’t saving to the correct place. Also, figure out where Paperless is saving to.
Containerise Libation.
I give friends and family access to my server via a relay, just a raspberry pi 0 with Tailscale, pihole and nginx on it. I have reasons for going this route. Anyways, get a couple more of those into the wild. Also streamline the process somewhat.
Learn to and create an ACL config for tailscale so I can have services access nothing, users access services, and admins access everything.
Why not caddy?
Momentum really. I’m on NPM now, it works and it’s great. I didn’t put much thought into it. I’m generally happy with npm, it’s mostly just something to learn next and plain nginx made sense.
Check out traefik as an alternative to nginx or npm
Hopefully I can finally get the IPv6 stack fully working.
OPNsense works, Proxmox works, LXC works, Docker works but Docker Swarm does not.
Either I move away from Docker Swarm or a miracle happens and they finally fix their IPv6 support in 2025.
As a networking noob: what are the benefits to having/using an IPv6 stack? I realize that eventually we all have to move to IPv6, but any point in being early on it?
IPv6 is pretty much identical to IPv4 in terms of functionality.
The biggest difference is that there is no more need for NAT with IPv6 because of the sheer amount of IPv6 addresses available. Every device in an IPv6 network gets their own public IP.
For example: I get 1 public IPv4 address from my ISP but 4,722,366,482,869,645,213,696 IPv6 addresses. That’s a number I can’t even pronounce and it’s just for me.
There are a few advantages that this brings:
- Any client in the network can get a fresh IP every day to reduce tracking
- It is pretty much impossible to run a full network scan on this amount of IP addresses
- Every device can expose their own service on their own IP (For example: You can run multiple web servers on the same port without a reverse proxy or multiple people can host their own game server on the same port)
There are some more smaller changes that improve performance compared to IPv4, but it’s minimal.
Well this certainly has me intrigued!
The no NAT thing really messed with my brain and was probably the hardest thing to overcome for me.
I love havingipv6. Hard to learn and had roadblocks but now that it’s set up works fine.
Does it matter no but just nice to know I have it figured out.
From a hardware perspective I need more storage. Am thinking I’ll probably end up with a second Synology NAS unit before the end of the year with 4 hard drives at whatever a reasonable price vs size point it at the time I do it (likely 12-14Tb drives at this stage). Bought drives 2 at a time last time so I’m running two RAID1 pairs right now on the existing unit - adding 4 new drives at once to the home lab will let me move all that content to the new drives and reformat the existing ones into a RAID5 array and get an extra 12Tb of storage.
The one I already have does support adding the 5 drive expansion bay, but figuring that with a second NAS I can move some of my Docker instances currently running on a dedicated laptop onto the second NAS which takes one computer out of the setup as well.
Maintenance wise I’ve just only done my 2024 maintenance stuff that I do each year. This year it was going through my password vault and making sure everything was synced up, had complex passwords, had two factor enabled where applicable, etc, as well as setting up unique email addresses for every service I’m using (they just forward to the same inbox) to help me track who’s been selling my info. Have already found a local fast food outlet who has from that.
Have also rotated all my SSH keys, made sure they were all upgraded to Ed25519 from RSA, set up unique keys for the three devices I regularly use so I can revoke one individually if required, made sure all my hardware was running the latest updates (my RPi running my Pi-hole instance was still on Buster so I had to get that updated before I could even update Pi-hole), etc.
Also swapped my Mullvad connection on my gateway to use Wireguard instead of OpenVPN since they’re dropping support later this year.
Honestly I’d love to invest in some sort of rack mounting for home, its something I should look into some more, but right now I just have a whole section of the wardrobes in my study for equipment and tech storage. It’s working for now although I worry about it in summer with not a massive amount of heat dissipation in there. This weekend is supposed to be close to 40 degrees Celsius both days 🥵
In 2025 RAID does not work. It will not protect you from errors. it’s all a mirage. The only sane option these days is ZFS.
I’ve got ZFS on my older NAS which is a FreeNAS box I build myself a while back (an old HP N40L), the Synology one is using BTRFS (only because it doesn’t support ZFS). That being said, I’m well aware of bitrot, the RAID is to protect against a drive dying, and the vast majority of stuff on the NAS is stuff where a flipped bit isn’t going to be the end of the world even if the file system doesn’t catch it. For stuff that’s more important I keep multiple copies of it or and/or have a backup in the cloud.
- Deprecate the Raspberry Pi entry point for incoming traffic, move to NUC instead.
- Switch from PiHole to Adguard
- Move IoT equipment to separate VLAN
What are the reasons for the Pi Hole to Adguatd switch?
Adguard has a more polished UI and has a bunch of nicer features that Pi Hole doesn’t. The most important one for me being able to use it as a DNS remotely (eg: my phone) without a VPN.
