Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/paologaleotti/homeserver

Personal declarative config for my home server
https://github.com/paologaleotti/homeserver

homeserver nix server

Last synced: 5 days ago
JSON representation

Personal declarative config for my home server

Host: GitHub
URL: https://github.com/paologaleotti/homeserver
Owner: paologaleotti
Created: 2024-07-29T17:25:04.000Z (7 months ago)
Default Branch: main
Last Pushed: 2024-09-24T16:39:18.000Z (5 months ago)
Last Synced: 2025-01-31T10:51:12.975Z (16 days ago)
Topics: homeserver, nix, server
Language: Nix
Homepage:
Size: 28.3 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # homeserver

**work in progress!!**

This repository contains the (very simple) declarative configuration for my home server. The software stack is based on [NixOS](https://nixos.org/),

a Linux distribution that is configured declaratively using several configuration files.

The entire infrastructure uses containers and it is a single `docker-compose` file.

## Architecture

![Diagram](https://github.com/user-attachments/assets/3e03119c-e651-41d3-ae21-92e6a10c9cc5)

I try to keep the setup as simple as possible, to avoid headache (and beacuse i don't want to spend a lot of time mantaning it).

All my services run as **Docker containers** in bridge mode, using Docker Compose.

All ports exposed by services are also exposed on the firewall config in NixOS, and they are always accessible inside the local network.

## Remote access

I do not have a public IP address and i'm also behind a very shitty double-NAT.

In order to access my services and home network from outside, i use [Tailscale VPN](https://tailscale.com/). This way, i don't have to worry about NAT and such because Tailscale

does automatic NAT-traversal and, if the client is connected to the VPN, i can access my home network from everywhere.

Yes, i know it is possible to setup WireGuard to NAT-traverse using an online VPS, but i wanted to avoid having to also mantain that.

## Services

![dashboard](https://github.com/user-attachments/assets/50eaa6e6-9982-485f-ac47-e520742cc091)

Running on Docker containers:

- [Homarr](https://homarr.dev/): Server dashboard

- [AdGuard Home](https://github.com/AdguardTeam/AdGuardHome): Network level ad blocking DNS

- [PhotoPrism](https://www.photoprism.app/): Self-hosted photo archive solution

  - note: i will probably switch to [Immich](https://immich.app/) when it is more stable.

- [Backrest](https://github.com/garethgeorge/backrest): Automatic data backup

- [Prometheus](https://prometheus.io/): Metrics, alerts gathering

- [Grafana](https://grafana.com/): Data visualization

- *arr suite (Radarr, Sonarr, Prowlarr): Services for pirating movies and TV shows

- [Jellyfin](https://jellyfin.org/): Media server

- [qBittorrent NOX](https://hub.docker.com/r/qbittorrentofficial/qbittorrent-nox): Web UI for qbittorrent

Running on the host:

- [Tailscale client](https://tailscale.com): VPN to access the network from remote

- [Cockpit](https://cockpit-project.org/): Web-based system administration tool