2026-05-27
My Homelab Setup
I have a server sitting in my room. Small form factor machine, 16GB RAM, 2TB SSD, running Ubuntu. It hosts most of the services I use day to day. Photos, passwords, music, documents, a Minecraft server, monitoring, a few side projects. All of it is mine, running on hardware I own, in a place that I control.
This is what is running and how it is set up.
The stack
Everything runs in Docker containers, organised with Docker Compose. I started off homelabbing using Portainer to manage stacks, but now have matured a little bit more and moved to just Docker Compose without a middleman. Compose files live in a private GitHub repo. External access goes through a Cloudflare tunnel, so nothing is exposed directly to the internet and I do not have to open ports on my router. Nginx acts like a backup when Cloudflare goes down.
The services:
| Service | What it does |
|---|---|
| Vaultwarden | Self-hosted Bitwarden with all premium features |
| Immich | Photo and video backup, mobile app included |
| Navidrome | Streams my music library to any device |
| Paperless-ngx | Scans and indexes documents |
| Nginx Proxy Manager | Internal reverse proxy and SSL |
| Portainer | Docker management UI |
| Homepage | Dashboard |
| Minecraft | Minecraft server |
| ntfy | Push notifications |
| Beszel | Server monitoring |
| Linkwarden | Bookmark manager |
Why this is actually useful
Vaultwarden is a drop-in Bitwarden replacement that unlocks all premium features: TOTP codes, emergency access, encrypted file attachments. Bitwarden Premium costs $10 a year. Vaultwarden costs nothing to run.
Immich replaces my previous Ente subscription. The mobile app automatically backs up photos and videos. The interface has face recognition, map view, albums, sharing. Your photos are on your hardware and nowhere else.
Navidrome turns a music library into a proper streaming service. Any Subsonic-compatible client works with it. I use it from my phone, my laptop, desktop, anywhere where I can access it. No algorithm deciding what I should listen to, no catalogue shrinking because a label pulled their deal.
Minecraft hosting for a private server costs a few euros a month minimum from any host. Running it yourself costs nothing extra once the machine is already on.
Cloudflare tunnels mean I can reach everything from anywhere without a VPN or open ports. I open my phone on the other side of the world and Immich, Vaultwarden, Navidrome all work exactly the same as at home. The tunnel runs as a systemd service and I have not had to think about it since I set it up.
Backups
This part matters more than the services themselves.
Backups run via restic to a Hetzner Storage Box, roughly 4 euros a month for 1TB. The backup covers Postgres dumps, Docker volumes, the Vaultwarden data directory, the full photo library, music, Minecraft worlds, and config files. Restic handles deduplication and encryption.
I learned this the hard way during a server rebuild: a backup is only useful if you have also tested restoring from it. The restic restore itself worked fine. The Postgres dump for Immich did not, because the schema had changed between versions and I had never verified the restore process. I lost album metadata. The photos were fine.
The real reason
Cloud services are convenient until they are not. Prices go up. Features get removed. Companies get acquired. Data gets analysed. At some point you are renting access to your own photos and your own passwords and your own music on someone else's terms.
Running your own infrastructure is not for everyone. It takes time to set up and occasional time to fix things when they break. But when it works, it just works, and nothing about it changes unless you change it.