BLOG_POST / everything-i-self-host

Everything I Self-Host at Home

7 min read
1201 words
tiny (~4 min) short (~7 min) long (~11 min)
tl;dr summary

I self-host Nextcloud, Immich, Jellyfin, Home Assistant, Invidious, and a few supporting tools. Here is what runs where, what it replaced, what it costs, and what it changed.

table of contents

Why I self-host

I did not start self-hosting out of frustration with the cloud. I started because I wanted to understand the services I rely on and keep my photos, files, and media under my control. Over time it became a stable, low-noise home setup that supports daily use, reduces some recurring costs, and gives me confidence that core data stays local.

The setup is intentionally small. It is not meant to mimic a cloud provider, and it is not a hobby project that requires nightly attention. The goal is predictable services that keep running, with enough observability and automation to avoid surprises.

Hardware and roles

I run three machines at home. Each has a specific role:

  • illustrious is the public entrypoint and runs the reverse proxy and most external-facing services.
  • portland is the storage host, where bulk data lives.
  • formidable is the daily workstation and the heavy compute box for indexing and ML.

The always-on systems run Arch Linux because it is straightforward and controllable. The workstation runs CachyOS because its defaults are tuned for performance and it is pleasant to use day to day. This split keeps the servers minimal and predictable while the workstation stays fast and responsive.

storage by machine
loading chart…
Total storage per machine (GiB).

Network layout

Only one machine is exposed to the internet: illustrious. My domain points to it, and it is the only host with ports 80 and 443 open on the router. It runs Caddy as the reverse proxy, which terminates TLS and routes traffic to containers on the local network, including services that physically run on portland.

Everything is deployed with Docker Compose. That gives me repeatable config, predictable restarts, and a way to rebuild services without digging through manual steps. Remote access is VPN-only, SSH keys only, and a few services are IP-locked. Authentication is handled per service, which keeps the security model clear and avoids adding extra moving parts.

The storage side is designed for resilience rather than raw speed. portland uses ZFS so I can take snapshots before upgrades and roll back if something goes wrong. I keep regular backups of the most important datasets, but I do not treat the home stack as a substitute for proper offsite redundancy. The goal is to reduce risk in everyday operation without drifting into enterprise-level complexity.

What I host

Media

I use Jellyfin as the media server. The library is made up of DVD rips, Blu-ray rips, CDs, and music I purchased, totaling a few terabytes. The goal is reliable access to my own media rather than a broad streaming catalog. I do not transcode; I prefer direct play and fix files at the source.

For YouTube, I use Invidious. It is the most fragile service in the stack because upstream changes can break it with little notice. When that happens, I update and move on.

Photos and files

For family storage and sync, I use Nextcloud mostly as a shared drive. It is multi-user, reliable, and predictable, which is the main requirement.

For photos and videos, I run Immich. The library is large (100k+ items), and several phones back up to it. I use the ML features, but I do not push indexing onto the always-on servers. That work runs on formidable, because that is literally what a 4090 is for when it is not being dramatic about drivers.

Home automation

I use Home Assistant for a small set of pragmatic automations: smart plugs to measure electricity consumption and the ability to turn devices on or off remotely. The benefit is clear visibility into power usage and fewer unnecessary devices drawing power.

Monitoring and notifications

I use Gatus to track service health and monitor mounted disks on illustrious and portland, including ZFS status. It gives me a quick, clear view of the system state.

For notifications, I use ntfy. It is the endpoint for long-running jobs and scripts where I only need completion or failure alerts. The simpler the alerting surface, the better.

Other services

For recipes, I host Tandoor Recipes. It keeps the experience focused: no ads, no bloat, and fast access to recipe data. On iOS, I use kitshn (also open source), which integrates cleanly with the same library.

On illustrious, I also run bitmagnet behind Gluetun with Proton VPN. It stays isolated behind the VPN and has minimal impact on the rest of the stack. Occasionally illustrious also runs a Minecraft server, which temporarily increases RAM usage.

Updates, encryption, and maintenance

On illustrious and portland, host updates run on a systemd timer and apply nightly. I track security-critical components closely but keep operations conservative by running the LTS kernel and scheduling reboots about once per week. I use kernel-livepatch for many kernel fixes and rely on pacman rollback support (two versions retained) plus a previous-kernel boot entry as a safety net. Gatus and ntfy handle detection and alerts, so I can intervene quickly if anything goes wrong.

I do not have an UPS, so a power loss can still require hands-on work, especially because encryption is intentional friction. portland uses encrypted ZFS via OpenZFS. illustrious and formidable are encrypted as well. After an outage, there is a manual unlock chain: iPhone to formidable, formidable to illustrious, and illustrious to portland.

Costs and tradeoffs

Before this setup stabilized, we were paying for a family cloud bundle, premium music, and a higher streaming tier. Self-hosting does not replace all entertainment spending, but it reduced the number of subscriptions that felt required.

My rough estimate is about 50 EUR/month saved in third-party services. Electricity for the two always-on machines is about 9 EUR/month. Storage for portland was a one-time cost of a bit over 200 EUR. When amortized, the setup still comes out ahead, but I treat the numbers as directional rather than exact.

I also get practical benefits that are hard to price: consistent local latency, predictable access when services change their terms, and the ability to move or analyze my data without additional exports. Those have mattered more than the savings in day-to-day use.

The biggest advantage is fewer dependencies on external decisions: fewer surprise price changes, fewer feature retirements, fewer forced migrations, and better privacy through local data control. The main downside is the single point of failure at illustrious, and the ongoing reality that Invidious can break whenever YouTube changes.

Closing

Self-hosting, for me, is not a rebellion against the cloud. It is a practical way to keep core services predictable, keep sensitive data local, and support the projects I care about without depending on changing third-party policies. It is not the right choice for everyone, but it aligns with how I work and with the level of control I want over my infrastructure.

hash: 89d
EOF