Self Hosting

This article is intended to be an ever-evolving guide to setting up a self-hosting solution, put together as I try out and learn various steps myself.

Location

I want to host with my own hardware where feasible, mostly so I have control over costs but general control and independence reasons are appealing also.

I don't have a static IP and don't really want the fuss of getting one, nor making my home IP publically visible. For this reason I've opted to run a small VPS on an external hosting provider to act as a public gateway to locally hosted content. I also want to run a VPN on this VPS, so I can access services only visible to my home network while away from it. For the external provider I went with Hetzner for reasons of price, reputation and that they are based in Europe. I wasn't too happy with the extent of personal data they collect during registration but understand why they do it.

Hardware

I have a hodge-podge of old hardware laying around and where possible am trying to use that over buying anything new. That said, my Raspberry Pi was ancient and I don't think it was up to the task of running my planned services, so I grabbed a Raspberry Pi 5 with 8 GB RAM. I had a couple of old SSDs - one 256 GB and one 2 TB, so hooked them up via PCIe to USB connectors. The Pi is running on WiFi at the moment, although I could attach it to Ethernet over the house wiring if there is a performance issue.

Public Host

I'm running a Debian image on a small Hetzner VPS. This hosts public facing services, such as my personal website and Forgejo code repository.

Home Network

My home network just consists of a Raspberry Pi based server for now - with access from various laptops, mobile clients and a Smart Tv. I don't have any short term plans to add to that. It isn't exposed to the public internet but is planned to be accessible by VPN.

Operating System

For now, I've gone with the default Debian image for the Raspberry Pi. I wasn't too careful setting it up so have ended up with a full blown desktop installation. Hopefully in future I can eventually get Guix running on there, which I'm currently happily using on my laptop.

Core Services

These are the core services that support access, monitoring and security on my system.

DNS

I'm using pi-hole for ad blocking and am planning to also use it for internal DHCP/DNS management on my home network.

For starters I set it up to act as a DHCP server. Before starting I needed to configure the pi to get a static IP, this is through /etc/network/interfaces.

Then I followed option 'Alternative 1' on the pi-hole getting started docs:

git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole
cd "Pi-hole/automated install/"
sudo bash basic-install.sh

Finally I forced my router's DHCP server to only assign one IP, a fixed one to the pi and then enabled DHCP serving on the Pi.

VPN: Wireguard

I want to use Wireguard to allow access to services on my home network that are not intended to be public. It will also allow serving of services that are meant to be public via the VPS and reverse proxy.

https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04

Backup

Considering rsync or BorgBackup

Updates

Manual or watchtower

Monitoring

Undecided

Services

Credentials

Vaultwarden

Email

Custom self host for receive with, custom and gmail for sending

Photos

Immich

Music

Navidrome

Documents

Nextcloud

Calendar, Contacts, Notes

Nextcloud

Code

Forgejo

Personal Site

Proxied through VPN and reverse proxy

Social

Self host Mastodon or GoToSocial