home_lab_v2_logic.png

Visual overview of the home lab network and service layout

Tailscale

Standard port forwarding isn't an option for me as my ISP uses CGNAT. To bypass this, I use Tailscale to create secure, point-to-point mesh tunnels.

These tunnels are built on the WireGuard protocol, which encrypts the traffic and allows me to access my services from anywhere without exposing them to the public internet. Most of my stack runs on the system VPN, but I use Docker sidecars to isolate Jellyfin and this portfolio.

Docker Containers

Media Streaming: I run Jellyfin for my movie library, with Sonarr, Radarr, and Prowlarr handling the automation and indexing. qBittorrent manages the downloads in the background.

Photo Backup: I use Immich for high-performance mobile photo backups. It serves as my primary alternative to Google Photos, ensuring my data stays on my own hardware.

Cloud Storage: I use Filebrowser as a self-hosted Google Drive alternative to manage and access my files from any device. For simple, direct transfers, I also run a basic SFTP server.

Maintenance & Hosting: Beszel monitors system resources in real-time, which is essential for managing the 4GB RAM limit. This portfolio is also hosted here and made public via Tailscale Funnel.

To improve the lab's storage capacity and multitasking capabilities, I have the following upgrades planned:

• • RAM Upgrade: Increasing from 4GB to 8GB to provide more overhead for the Docker stack and prevent OOM (Out of Memory) issues.
• • Storage Expansion: Adding a 1TB HDD specifically for the Immich library. Since photo backups don't require NVMe speeds, an HDD is a more cost-effective solution for bulk data.
• • Redundancy: Implementing a basic backup rotation for the configuration files of my primary services.