Curious Coder: A Portfolio

a.k.a. michel-roberge.com

Contact me on LinkedIn

ResumeLogin

© 2025 michel-roberge.com. All Rights Reserved.

Homelab - My personal cloud coming to life

Friday, June 27, 2025 at 12:00:00 AM

What is a « complete » personal homelab you might ask? To me, it should check all of these boxes:

Basic Requirements

  • Secured – everything should be secured, unless stated otherwise
  • Exposable – this one is tricky, but I say there should be as little surface exposed as desired, but exposing something should be easy
  • Observable – telemetry, telemetry, telemetry! As well as logs
  • Configurable – everything should be done through configuration
  • Scalable – adding new hardware to the lab shouldn’t be a problem
  • Serviceable – spinning up new services shouldn’t be difficult
  • Movable – I should be able to move some parts, or all parts, to other hardware, or perhaps even other cloud providers

Personal Requirements

Now, on top of that, I had some personal needs:

  • SSO with 2FA/MFA support
  • Office-like apps for collaboration including teams equivalent
  • Support of IaaS, PaaS, and SaaS
  • Simple docker management
  • Shared storage
  • Development environment
  • Hosting capabilities

I am very much close to my goal!

My Current Stack

Here’s what powers my homelab:

Core Infrastructure

  • Keycloak – OIDC identity provider
  • Nginx Proxy Manager – SSL proxy management
  • Pi-hole – internal secured DNS proxy
  • Crowdsec – security analysis and threat detection
  • Docker Compose – orchestrates everything above + all my hosted personal projects

Productivity & Collaboration

  • Nextcloud – my personal intranet and file sharing
  • OnlyOffice – office applications suite
  • Coder – remote development environment
  • Jenkins – CI/CD pipeline with GitHub integration

Monitoring & Management

  • Portainer – view and manage all Docker containers
  • Prometheus – telemetry collection
  • Cockpit – host access to hardware
  • Metabase – data analysis and visualization

Databases

  • PostgreSQL – primary relational database where many apps like Keycloak, Crowdsec and Metabase connect or ingest data
  • MongoDB – NoSQL database for data aggregation and personal applications

Service Deployment Workflow

When I want to add a new service, my process is:

  1. Enable service internally

  2. Add the proxy to CloudFlare (this allows me to generate the SSL certificate)

  3. Add the proxy in Nginx Proxy Manager (i.e. app-n.michel-roberge.com) with a Let’s Encrypt certificate

  4. Et voilà! The service is now accessible through that subdomain

  5. Configure service to use OIDC when it is supported (easiest option) 5a. Or configure an OIDC sidecar for the app (still easy)

I will probably implement some scripts and a UI to automate this process, so I don’t forget a step or make a human mistake.

What’s Next?

At this stage, some of my older apps are not yet using OIDC. This will be next on my list.

Also next on my list will be logically broken-down docker-compose files per subject or domain, with proper README files and .env examples.

« What do I get out of this » you might ask. Well, many things:

  • I have my own private space, fully self-controlled
  • I learn. A lot.
  • -I have a lot of interesting tools I can use to facilitate my personal projects
  • I have fun!

Building a homelab is more than just running services – it’s about creating a learning environment that grows with your needs while maintaining security and flexibility.