Apprentice Project: Homelab

From concept to implementation

by Jonas Veit

Why did I set up a home lab in the first place?

You may recall one of our previous article. In it, one of our experienced employees presented his home lab running Proxmox for data privacy at home. And since I had already gained a lot of valuable knowledge during my training, I wanted to become an enthusiastic home lab user myself.

Inspired by that colleague and driven by my own desire to disclose as little data as possible to data behemoths like Google, Meta, or Amazon – aka the big tech giants – my Homelab adventure began.

Current Status

What started out as just a few services and tools has since grown significantly: I now have a 4-node Proxmox cluster with on-site and off-site Proxmox backup servers, monitored via Checkmk, and an OpenSense enterprise-level firewall.

First, my setup

Physical Network Setup

You can see how all of this works together on the hardware and network sides in my block diagrams. Physically, there are two large, separate areas. A 10-inch rack in the apartment provides internet and Wi-Fi for the living area, while the noisy, heat-generating servers are located in the basement.

The hardware in the network cabinet includes a FRITZ!Box 7530 AX running the latest FRITZ!OS, a FRITZ!Box 7530 running OpenWrt, several network switches, and a mini PC with enough LAN ports for the OPNsense firewall.

The Proxmox VE cluster in the basement runs on a collection of mini PCs and desktop PCs. By a stroke of luck, an enterprise UPS was also added. A 1 GbE 24-port switch also handles the network connections within the basement/cluster as well as the link up to the apartment.

My logical network layout

My Applications

Below are the most important tools, what they can do, and what they are good for.

Invidious

Like most members of Generation Z, YouTube is a daily staple for me, too. Aside from Netflix, Amazon Prime, Disney+, and many other streaming services, there’s unfortunately no other platform that offers such a vast amount of “free” content.

The word “free” is deliberately placed in quotation marks here, because you pay for it with nothing but your time and your data. Every video you watch is factored into the algorithm to determine which videos might interest you—and thus which ads you’ll have to skip after 5 seconds.

To escape this endless flood of ads, Invidious was created. It’s an alternative front end for YouTube, so it’s still the same videos, but with a simpler interface. The advantage here is that it’s separate from Google and your Google Account. Plus, the homepage is no longer an endless temptation to watch more and more videos, since it only shows the latest videos from the channels you’ve subscribed to:

https://github.com/iv-org/invidious

TrueNAS Apple Backup

You've already read about TrueNAS here – a popular NAS solution powered by ZFS. It's open-source and therefore free, making it a practical NAS solution for personal use in home lab circles.

A TrueNAS VM was used as a NAS. For easier management, it runs the Invidious instance as an app, along with two ZFS pools. One of these pools serves as an off-site backup for my best friend’s TrueNAS-based home lab instance, while the second pool is accessible as an SMB share to fulfill a critical role.

TrueNAS is wonderfully suited as an Apple backup solution thanks to the built-in Time Machine compatibility of its SMB shares. This makes it very easy to create Apple backups of the MacBook and move them, along with those of the iPhone and iPad, to an SMB share. Instead of having to pay for expensive iCloud storage, this is a more cost-effective alternative.

https://www.truenas.com/docs/scale/shares/smb/setupbasictimemachinesmbshare/

Gitea (Mirror)

GitHub is one of the largest platforms for code and software. Virtually every type of company in the tech industry has its own GitHub account, whether it uses private or public repositories—especially in the case of open-source software.

You can also find many interesting projects and open-source software on GitHub. To save these and find them quickly later, there are two different services that help you keep track of everything. One is Gitea, a self-hosted version of GitHub with nearly the same feature set.

Gitea Mirror acts as a bridge between your private Gitea instance and the publicly available GitHub. This acts as a bridge between the two services, keeping private repositories in Gitea in sync with their public counterparts on GitHub.

Various methods can be used to select which repositories should be created and kept in sync; some companies use this, for example, to maintain local backups of repositories published on GitHub, while others want to automatically clone all newly created repositories from individual users or organizations.

https://github.com/RayLabsHQ/gitea-mirror

Bambuddy

I've had a Bambulab 3D printer in my basement for quite some time now. It was originally just supposed to be a temporary loan from my best friend for a few weeks.

True to the saying, “Nothing lasts as long as a temporary solution,” it’s still sitting there, of course. Unfortunately, Bambulab printers have a preference for their own software. Popular 3D printer solutions like Octoprint can only be connected to them with some difficulty, using beta plugins.

This is where Bambuddy comes in: It provides a service similar to Octoprint but works flawlessly with Bambulab printers—at least with the A1 used here—and is completely independent of the Bambulab Cloud. A connection to the Bambu Cloud can still be established for syncing slicer presets and some other information.

https://github.com/maziggy/bambuddy

Karakeep

Between my work laptop, my personal computer for work and school, and my gaming PC, I already have three systems in use.

Add an iPad, iPhone, and MacBook to the mix, and we’re already up to six digital devices. All of them serve as a hub for my ideas and information—things I want to be able to find again later.

To keep this chaos under control and avoid having to rely on Google or other cloud providers, Karakeep is the perfect solution. Accessible from any device via a subdomain, it lets you save links. This works much like bookmarks in a browser. With its own app, the whole process is also made very simple on phones and tablets. Additionally, the service saves a copy of the website, which I can still view even after the article has been deleted or the website has been moved.

https://github.com/karakeep-app/karakeep

Romm

Everything used to be better and more beautiful! Whether that’s true is something everyone has to decide for themselves. The fact is, however, that many of the old video games offer a true trip down memory lane to our childhoods. To make sure we don’t lose that feeling and can continue to enjoy classics like *Mario Kart* on the GameCube or *Super Mario 64*, there’s a wonderful piece of software called Romm.

This is based on the naming convention for old video game files, which are often called ROMs. Using API queries, you can populate your ROM collection with metadata and cover art from various databases. The EmulatorJS is also built in, allowing you to play many of the games directly in your browser. Another handy feature is the built-in save function, which allows you to save game progress across platforms and continue playing from another device.

https://romm.app/

My conclusion and my reasons

Almost every week, new reports emerge of data breaches at various providers. Moreover, the volume of data collected by social media platforms and a wide variety of other services grows by the minute.

What started with a PiHole to block ads soon turned into a flood of self-hosted services for me. More and more of these open-source alternatives replaced offerings from the big tech giants in my personal digital ecosystem. With my own domain and the cluster expanding to 4 nodes, I’ve also made enough computing power available for even more containers and VMs.

The last major holdout was my Google email addresses and Google account, which I used for easy login to a bunch of services. After the tedious switch to Proton Mail and setting up aliases via SimpleLogin, however, I overcame that hurdle as well. The Google account was then also able to be phased out with the setup of Invidious.

Using SimpleLogin, you can create anonymized email addresses for every login/service, which can be deactivated or deleted at will; you can even reply from these aliases directly from the account’s email inbox.

Admittedly, it was also a grueling journey through forums, Reddit comments, and Stack Exchange questions, dealing with software that just wouldn’t work or recurring 404 errors that seemed to pop up out of nowhere. But I managed to pull it off.

Finally, it’s worth noting that this never-ending adventure has made me much more aware of the risks of sharing data. “The internet never forgets!” becomes painfully clear here once again. What started out as a harmless nuisance of collected data quickly turns into training data for the next generation of chatbots in today’s age of AI.

Looking ahead, more software will follow. For instance, we plan to introduce a VPN server on OpenSense as well as a Pangolin instance as a reverse proxy for external access to various services.

Let’s see where this project takes me next.