What is a « complete » personal homelab you might ask? To me, it should check all of these boxes:
Basic Requirements
- Secured – everything should be secured, unless stated otherwise
- Exposable – this one is tricky, but I say there should be as little surface exposed as desired, but exposing something should be easy
- Observable – telemetry, telemetry, telemetry! As well as logs
- Configurable – everything should be done through configuration
- Scalable – adding new hardware to the lab shouldn’t be a problem
- Serviceable – spinning up new services shouldn’t be difficult
- Movable – I should be able to move some parts, or all parts, to other hardware, or perhaps even other cloud providers
Personal Requirements
Now, on top of that, I had some personal needs:
- SSO with 2FA/MFA support
- Office-like apps for collaboration including teams equivalent
- Support of IaaS, PaaS, and SaaS
- Simple docker management
- Shared storage
- Development environment
- Hosting capabilities
I am very much close to my goal!
My Current Stack
Here’s what powers my homelab:
Core Infrastructure
- Keycloak – OIDC identity provider
- Nginx Proxy Manager – SSL proxy management
- Pi-hole – internal secured DNS proxy
- Crowdsec – security analysis and threat detection
- Docker Compose – orchestrates everything above + all my hosted personal projects
Productivity & Collaboration
- Nextcloud – my personal intranet and file sharing
- OnlyOffice – office applications suite
- Coder – remote development environment
- Jenkins – CI/CD pipeline with GitHub integration
Monitoring & Management
- Portainer – view and manage all Docker containers
- Prometheus – telemetry collection
- Cockpit – host access to hardware
- Metabase – data analysis and visualization
Databases
- PostgreSQL – primary relational database where many apps like Keycloak, Crowdsec and Metabase connect or ingest data
- MongoDB – NoSQL database for data aggregation and personal applications
Service Deployment Workflow
When I want to add a new service, my process is:
Enable service internally
Add the proxy to CloudFlare (this allows me to generate the SSL certificate)
Add the proxy in Nginx Proxy Manager (i.e. app-n.michel-roberge.com) with a Let’s Encrypt certificate
Et voilà! The service is now accessible through that subdomain
Configure service to use OIDC when it is supported (easiest option)
5a. Or configure an OIDC sidecar for the app (still easy)
I will probably implement some scripts and a UI to automate this process, so I don’t forget a step or make a human mistake.
What’s Next?
At this stage, some of my older apps are not yet using OIDC. This will be next on my list.
Also next on my list will be logically broken-down docker-compose files per subject or domain, with proper README files and .env examples.
« What do I get out of this » you might ask. Well, many things:
- I have my own private space, fully self-controlled
- I learn. A lot.
- -I have a lot of interesting tools I can use to facilitate my personal projects
- I have fun!
Building a homelab is more than just running services – it’s about creating a learning environment that grows with your needs while maintaining security and flexibility.