homelab
services
These are all the services hosted here, what they are for, and any clients I use with them.
user-facing
- Jellyfin - Media server for movies, TV shows, and music
- Miniflux - Minimalist RSS feed reader
- NetNewsWire - Wonderful all-purpose iOS RSS client
- Vaultwarden - Password manager
- Gitea - Git server - in the process of replacing my GitHub account
- LinkStack - Self-hosted LinkTree alternative
- Homepage - My default new tab page; has info about all my services plus links
- Kiwix - Offline wiki hosting - I have Wikipedia, the Arch Linux wiki, and several others downloaded
- Actual Budget - Excellent budgeting app - it can be automatically synced with your bank, but I have found it to be unstable
- There used to be an official app but it has been discontinued - I added the website to my phone's home screen and it works quite well
- Paperless-ngx - Document management system for legal documents, IDs, bank statements, etc.
- Swift Paperless - iOS client
- Immich - Photo and video management
- Their official mobile apps are quite good
- Grocy - Household management (Am I out of milk? Do I have AAA batteries? What can I make for dinner?)
- Tandoor - Recipe management, so I always know which zucchine muffin recipe is the good one
- Untare - Mobile client (discontinued but it still works for now)
- AudioBookShelf - Audiobook server
- The official mobile client works great
- Calibre Web - Ebook management
- Yomu for iOS is nice and minimal and supports OPDS for use with Calibre Web
- Joplin - Notes (Obsidian alternative)
monitoring
- Dozzle - Docker logs all in one place
- Scrutiny - HDD SMART monitoring, so I know when to prepare for a drive failure
- Speedtest Tracker - Runs scheduled internet speedtests and creates pretty graphs to keep my ISP honest
- Glances - System monitor - I mostly have this for dashboard widgets but it can be useful by itself
networking
- cloudflared - CloudFlare tunnel client for easy and secure external service access
- gluetun - Docker VPN client
- AdGuard Home - DNS filtering - I use this with tailscale to block ads on my phone
Note that I run tailscale on bare metal so it is not listed here, but it is very useful for remote access to services I don't want visible on the open internet as well as SSH access.
downloading
- qBittorrent - The only torrent client I'll ever use
- Radarr - Automated movie fetching
- Sonarr - Automated TV show fetching
- Prowlarr - Torrent indexer that interfaces with the other *arrs
- Bazarr - Automated subtitle fetching (I also use the OpenSubtitles plugin within Jellyfin when needed, but this works hands-off most of the time)
I use LunaSea as a mobile client for Radarr and Sonarr.
environment
This configuration uses .env files to separate secrets from public information and maintain brevity in the main docker-compose.yml
Here are the variables that need to be set in the .env file for each service. Empty variables should be replaced with your values.
cloudflared
TUNNEL_TOKEN: available in the cloudflare zero-trust tunnel dashboard, under install and run a connector
gluetun
The values below are specific to Mullvad VPN. Other providers need different values, refer to gluetun documentation.
VPN_SERVICE_PROVIDER=mullvad
VPN_TYPE=wireguard
WIREGUARD_PRIVATE_KEY=
WIREGUARD_ADDRESSESS=
SERVER_CITIES=
The actual values should be available in the WireGuard configuration from Mullvad.
immich
My current Immich docker setup includes a lot of repetition - when I want to update, I have to change the version in 3 places.
I have plans to improve this, but for now this is what works.
UPLOAD_LOCATION=/media/immich
IMMICH_VERSION="v1.123.0"
TYPESENSE_API_KEY=
DB_PASSWORD=
DB_HOSTNAME=immich_postgres
DB_USERNAME=postgres
DB_DATABASE_NAME=immich
DB_DATA_LOCATION=/docker/immich
REDIS_HOSTNAME=immich_redis
POSTGRES_PASSWORD= # this should be the same as DB_PASSWORD above
POSTGRES_USER=postgres
POSTGRES_DB=immich
joplin
APP_PORT=22300
APP_BASE_URL=
DB_CLIENT=pg
POSTGRES_PASSWORD=
POSTGRES_DATABASE=joplin
POSTGRES_USER=
POSTGRES_PORT=5432
POSTGRES_HOST=joplin-db
# Optional SMTP email options
MAILER_ENABLED=1
MAILER_HOST=
MAILER_PORT=465
MAILER_SECURE=1
MAILER_AUTH_USER=
MAILER_AUTH_PASSWORD=
MAILER_NOREPLY_NAME=
MAILER_NOREPLY_EMAIL=
linkstack
HTTPS_SERVER_NAME=
SERVER_ADMIN=
miniflux
DATABASE_URL=postgres://miniflux:{...}@rss_db:5432/miniflux?sslmode=disable # replace {...} with your postgres password
RUN_MIGRATIONS=1
POSTGRES_USER=miniflux
POSTGRES_PASSWORD= # this is the password used above
POSTGRES_DB=miniflux
paperless
USERMAP_UID=1000
USERMAP_GID=1000
PUID=1000
PGID=1000
PAPERLESS_URL=
# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
PAPERLESS_SECRET_KEY=
PAPERLESS_TIME_ZONE=
PAPERLESS_OCR_LANGUAGE=eng
PAPERLESS_REDIS: redis://paperless_broker:6379
PAPERLESS_OCR_USER_ARGS: '{"invalidate_digital_signatures": true}'
# Optional SMTP email settings
PAPERLESS_EMAIL_HOST=
PAPERLESS_EMAIL_PORT=587
PAPERLESS_EMAIL_USE_TLS=true
PAPERLESS_EMAIL_HOST_USER=
PAPERLESS_EMAIL_HOST_PASSWORD=
PAPERLESS_EMAIL_FROM=
speedtest tracker
PUID=1000
PGID=1000
APP_KEY=
APP_URL=
DB_CONNECTION=sqlite
APP_TIMEZONE=
DISPLAY_TIMEZONE=
SPEEDTEST_SCHEDULE=0,15,30,45 * * * * # run speedtest every 15 minutes
tandoor
# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
SECRET_KEY=
# allowed hosts (see documentation), should be set to your hostname(s) but might be * (default) for some proxies/providers
ALLOWED_HOSTS=
# add only a database password if you want to run with the default postgres, otherwise change settings accordingly
DB_ENGINE=django.db.backends.postgresql
POSTGRES_HOST=tandoor-db
POSTGRES_DB=tandoor
POSTGRES_PORT=5432
POSTGRES_USER=tandoor
POSTGRES_PASSWORD=
vaultwarden
DOMAIN=
# dollar signs must be replaced with two dollar signs to properly escape variables in this token
ADMIN_TOKEN=
# optional SMTP email settings
SMTP_HOST=
SMTP_FROM=
SMTP_PORT=587
SMTP_SECURITY=starttls
SMTP_USERNAME=
SMTP_PASSWORD=