Guides

G'day and welcome to my guides!

You'll find various bits of useful information here. I've written this for myself, as these particular apps are either

• Annoying to configure

• Not well documented online or

• Are stable enough for me to forget how to configure them, but not stable enough to last forever (looking at you Pterodactyl)

• ... Or my friends have asked me how to replicate something

A piece of advice,

You will never have 99% uptime and people accessing your homelab are not entitled to your time either. If your Plex server is down, they can use Netflix. The 'luxury' of paying money for those services is uptime and support.

Don't make your homelab your second job.

How this documentation is written

Sectioned documentation

We're all busy and can't dedicate 3 straight hours to 1 task.

Where logical, I have split my doco into multiple pages and a page should be completed in a single sitting. I've tried to keep each page to less than 30 minutes of work. This means that you can complete a page, look after your kids, then come back and do another.

Errors

If I'm expecting an error to occur, I'll write it into the doco. Otherwise, refer to the troubleshooting section on the left and/or Google.

Some things to consider

Here are some basic things to consider for your Homelab

Password vault

Save all of your data into a password vault - a lot of API keys cannot be re-viewed after being generated and rolling them will break any services that use them

Use SSH keys

SSH keys allow for password-less authentication - the device connecting requires the username and key and off it goes.

Authentication

I'm using OAuth with a third party service. At the end of the day, I trust Google, Github, Facebook etc to have better security standards than an authentication provider written by someone as a hobby. These tools won't have the ability to protect against complex attacks or DDOS.

The self hosted solutions are usually open source, which means green hats can review and report vulnerabilities, it also means they're availabe for bad actors to find and exploit.

Whwn I have to set a username and password, I'm randomly generating both and putting them behind Cloudflare - hopefully with both Cloudflare Zero Trust AND Cloudflare security rules

Managing updates

I'm using GitOps to manage my container updates. It is best practice to not use the "latest" tag as these may be dev/testing builds or come with breaking changes.

Cyber Security

Cyber security should be high on your thoughts list, especially if you are port forwarding services. I'm in the process over overhauling the CyberSec in my Homelab and am writing documentation in Crowdsec for this.

Don't store important data on your homelab

Another controversial take, but this one comes with a story.

Previously I had hosted Bitwarden as a docker container in my homelab. I ended up deciding to pay the $10ish a year to support the devs and shifted my vault over to their cloud version.

I had forgotten to update an old device pointing at the local version and when I accessed that device it couldn't authenticate. I did some digging and realized that the front-end of the container wasn't loading. The container and its database had died some time ago and I didn't have a backup to restore from.

I was lucky as I had already shifted my data away.

Backups

Back up your important data somewhere - preferebly offsite.

Don't force other people to use your homelab

Your homelab is your hobby - not everyone else is going to want to use it. Sure, make it available, but be aware of what may go wrong if something breaks. You don't want to have a drive die and then lose all of your families photos.