Homelab Review of 2022

| Dec 22, 2022

Introduction

As the year comes to a close, I thought it would be fun to go over the state of my homelab in 2022. This year has been a fun experiement with my homelab, introducing some really neat tools and making better use of the existing ones.

So, without further ado - let’s look at what my homelab looks like now, and discuss what I want to bring to the table in 2023.

Current Homelab Setup

I run the vast majority of my services on an Intel NUC running Ubuntu 22.04 and store my files on a Synology NAS DS220+ with an 8TB Seagate IronWolf Hard Drive.

Note: The above links are Amazon Affiliate links and, as such, I receive monetary compensation for any associated purchases.

My current homelab can be safely categorised into five sections:

Media

Jellyfin

My primary service here is Jellyfin - for those of you who don’t know what Jellyfin is, it is a media library tool built on the same codebase as Emby. Many homelabbers make use of similar services, such as Plex. I, however, found that Plex was too restrictive for what I wanted to do, and also the requirement for an account puts me off it. The fact that many features are locked behind the ‘Plex Pass’ lead me to look for an alternative early in 2022, and an alternative I found!

Jellyfin has a lot going for it, but for me, the fact I can do things like run watch parties utilising the SyncPlay library is amazing. Not only that, but the various apps you can get for smart TVs, and Android devices has made it a mainstay for the homelab.

image

Utility

VaultWarden

The primary tool in this section is VaultWarden. VaultWarden is a password management tool which utilises BitWarden under the hood. Having previously used tools such as KeypassXC and LastPass, I wanted to have a password manager that was completely controlled by me, but also provided the functionality of accessing it from any device, with no restrictions. VaultWarden allows me to do this very easily, and provides great functionality for generating new passwords, storing OTP secrets and managing additional secure information like credit/debit cards and API keys/access tokens.

Networking

For general networking, we have quite a few services. The most critical of these are Pi-Hole and NGINX Proxy Manager.

Pi-Hole

Pi-Hole is primarily used as a network-wide ad-blocker. As long as my devices are using it as a DNS server, they will have a significant number of ads and tracking blocked, no apps required. Additionally, I use Pi-Hole to handle the DNS mappings for my internal services - so, if I need to access things like Pi-Hole or my NGINX Proxy Manager, I can use <service>.local.ashcorp.dev. It certainly saves me from remembering a bunch of port numbers!

NGINX Proxy Manager

NGINX Proxy Manager is the primary way I handle the external DNS mappings for my services. It manages the SSL for my domain name, so I can just flick a switch and have SSL working on it. It also supports custom NGINX configurations for any services that have particular requirements for the headers etc (such as when doing custom theming for them).

image

Monitoring

I also run a few services for monitoring things - these are Uptime-Kuma and Homepage.

Homepage

If you’ve ever run more than a handful of services, you’ve probably heard of Homer. Homer is a commonly-used way to build a Dashboard of your services. It does have a lot of customisation and theming options, and supports a number of integrations out of the box. However, I ran into a number of issues with it - specifically that it wouldn’t save my configuration changes and even if it did, it required a full re-build of the dashboard. Not ideal when things are regularly changing or need to be reconfigured. Enter - Homepage. Homepage is another dashboard-based service, but features instant updating and has a generally better layout in my opinion. It also has a very nice benefit of giving regular status updates for the integrated services (like Pi-Hole and NGINX Proxy Manager).

image

Uptime-Kuma

For monitoring uptime, I’m using Uptime-Kuma. Uptime-Kuma is a great tool for monitoring anything from physical servers, web services or even game servers! I use it to monitor the overall uptime of my Jellyfin service and all my servers that I manage (including my non-homelab ones). It has a relatively simple interface, and features status pages which I can set up and push updates to in case any incidents occur.

Apache Guacamole

The final tool in this secction is Apache Guacamole. Previously I attempted to use a tool called Teleport, which aims to build a ‘bastion’ server of sorts, that you connect into and then bounce off of. Unfortunately, the configuration of Teleport didn’t play nicely with a number of my servers, and I found myself spending more time fighting Teleport than it saved me. So, in the end, I switched to Guacamole, a well-known remote access tool. With this, I was able to set up my connections to various servers and have them effectively reverse-proxied back to my homelab and protected behind multi-factor authentication. While Guacamole isn’t the prettiest tool, it is a functional one and has been very helpful for managing things remotely.

Automation

Huginn

A new tool that I have recently adopted is Huginn - an automation tool for web-related tasks and services. If you’ve ever used something like IFTTT or Zapier, you will be familiar with the concept behind Huginn. Huginn allows me to automate tasks for web scraping and API calls which I can then use in a variety of ways. I currently am using this to track when various shows or films I’m interesting in watching are available digitally, which I then publish to a channel on my Guilded server as a webhook. It certainly has a challenging learning curve in putting the pieces together, but it is a functional replacement to those (now heavily monetised) services.

image

What Changed in 2022 and Why

One of the most notable changes that happened in 2022 was dropping some of the services I didn’t really make use of. Previously, I was using Traefik to handle my reverse proxy requirements, but swapped to NGINX Proxy Manager due to the level of complexity and complication of handling labels with Docker containers. Additionally, the fact that NPM has a solid Web UI for managing things made it the better choice for me.

I also dropped Authelia, an authentication and OAuth provider frontend. Initially, I was using this to handle things like user management for the Jellyfin and file storage services I was hosting. But since I’ve dropped a number of the services that would benefit from it, I ended up removing it from the stack. I may introduce it again in the future if the need arises, however.

Lessons Learned

After a recent move to a new studio, I found myself in a conundrum - I had to switch ISPs and ended up with no internet for the first week or so after moving in. As a result, a significant portion of my homelab became unavailable.

Initially, I was not too worried about this, but due to the fact that I had no router, I had no way of accessing anything stored on my Synology NAS. To futher make matters worse, due to the networking configuration of the devices, I couldn’t even use them in a device-to-device network (aka, link-local).

So, I was without all my services and files no matter what. This had also highlighted one critical issue - my password manager VaultWarden was no longer available to me. While my device had my existing details/passwords cached, I could not add new ones; this meant that any new accounts I had to create for things like utility companies, or my new ISP, I had to store locally until I could get VaultWarden back up and running.

Future Plans

As I was moving without an existing router, I decided that in the coming year I will finally get around to building my own router using OPNSense, a fork of the popular Pfsense software. I will be building it with the Fujitsu Futro S920 Thin Client, and will use that to build a much better network structure than I’ve had these last few months. I also want to eventually introduce a SIM-based LTE/4G router as a failover internet connection for if I’m ever in a situation like I was, where I have no internet from my ISP.

I also have been considering introducing Tailscale VPN as a solution for managing all of my servers and services. Given that it provides a mesh network rather than a bastion server, I feel it would be a good way to manage everything, including from my mobile devices.

And finally, I want to build in some better redundancy into my homelab - I mentioned this in a previous blog post, but the nature of my year has meant that I haven’t really had the time (or energy) to spend re-architecting the entire structure from the ground up. My plan is to finally do this work once the new router is built and I can take a month or two to rebuild things in the way that I wanted initially; with redunancy and protection in mind.

Final Summary

Thanks for taking the time to read this post - I can appreciate it’s a particularly wordy one. 2022 has been a challenging year for me personally, so being able to provide services to friends and have something to keep me occupied has been a huge boon. If you have any questions about homelabs, whether that’s building one yourself, or need advice on different services, you can always find me on Guilded, Mastodon or Twitter.

Enjoy the rest of 2022, and see you again in 2023!