Overview
Grafana dashboard for monitoring Internet connection stats
This is a work in progress as I get everything documented.
My home network is a self-hosted environment designed for automation, media management, and system orchestration. It runs a Docker-based infrastructure that leverages various containerized services for AI-powered automation, notifications, and home management.
The primary goals of this setup are:
- Scalability & security
- Self-sufficiency
- Efficient container management
- Automation & AI integration
This project highlights my network and server administration skills, DevOps mindset, and ability to integrate diverse technologies into a cohesive, reliable system.
Hardware
Grafana dashboard for monitoring server resources
My home network setup is built on a 3-server setup: The border router runs OPNsense and provides DNS, DHCP, and mail services to the LAN. The other two servers run Ubuntu with Docker Compose managing containerized services.
Primary server
- Ubuntu server running Docker compose to manage containerized services
- Provides core network services
- Hardware: Beelink SER5 5560U Mini PC
- CPU: AMD Ryzen™ 5560U
- GPU: Integrated Radeon Vega 7
- RAM: 48GB
- Drives:
- 500GB internal NVMe – host OS and supplemental storage
- 256GB internal SDD – container data storage
- 4TB external HDD – media/file server storage
- 8TB external HDD – centralized backup storage
Secondary server
- Ubuntu server running Docker compose to manage containerized services
- Provides supplemental services and hosts personal websites
- Hardware: Beelink MINI S12 Pro
- CPU: Intel® N100
- GPU: Integrated Intel® UHD
- RAM: 16GB
- Drives:
- 500GB internal SATA3 SSD – host OS and general storage
- 2TB external SSD – primary media and file storage
Border router
- OPNsense
- Provides routing, firewall, physical separation of IoT network, DNS, DHCP, and SMTP services for LAN
- Hardware: Topton 4x i226-V 2.5Gbps micro firewall
- CPU: Intel® Celeron® J4125
- GPU: Integrated Intel® UHD
- RAM: 8GB
- Drives:
- 128GB internal NVMe – host OS
Docker services
Grafana dashboard displaying container resource usage overview for primary server
These are the services (non-comprehensive) that are provided by Docker on the primary and secondary Linux servers.
Primary server
Smart home & automation
- Home Assistant – used to manage smart home, provide entities to Node-RED with which it can interact, and provide UI for interacting with smart home devices
- Node-RED – powers event-driven smart home automation
- EMQX – MQTT broker used to communicate with Zigbee devices via Zigbee2MQTT and as messaging queue for Node-RED automations
- Zigbee2MQTT – used to bridge Zigbee devices with MQTT for integration into Home Assistant
- Z-Wave JS UI – integrates Z-Wave devices into Home Assistant
- ESPHome – allows easy programming of ESP32 devices and greatly simplifies integration with Home Assistant
- eufy-security-ws – used to integrate Eufy Security cameras into Home Assistant for event notifications and camera images
- MediaMTX – provides interface to Eufy Security cameras for streaming live video
AI & computer vision
- YOLO API (trash can detection) – provides API to YOLO instance that detects trash cans in security camera images
- YOLO API (object detection) – provides API to YOLO instance that detects objects in security camera images to verify detections made by the security system’s built-in AI
- Ultralytics YOLO11 – deep learning model providing fast and accurate real-time object detection and image segmentation
- Piper – locally-hosted text-to-speech (TTS) service used for audible announcements on smart speakers
Monitoring
- Telegraf – scrapes data from Ubuntu host and other services and stores data in InfluxDB buckets for later processing/graphing with Grafana
- Grafana – provides dashboard for viewing graphed data from InfluxDB and MariaDB databases
- Scrutiny – provides web UI for S.M.A.R.T. hard drive monitoring tool as well as email notifications when an issue has been detected
Networking & security
- CloudFlare Tunnel – provides selective public access to services behind CG-NAT and firewall
- fail2ban – bans abusive IP addresses based on log entries from a number of services
- Authelia – provides authentication for web-based services that do not have their own built-in authentication (authenticates against LDAP backend)
- NGINX – web server used behind Traefik reverse proxy for CDN and core web server functionality in development projects
- Acme.sh – automatically renews SSL certificates with Let’s Encrypt
Databases & caching
- Redis – provides object storage to other containers for caching and session management
- MongoDB – used for services requiring NoSQL storage
- MariaDB – used for services requiring SQL-based relational database storage
- InfluxDB – stores Home Assistant entity history as well as Telegraf data for processing and graphing in Grafana
- PostgreSQL – used for services requiring Postgres-specific relational database storage
- phpMyAdmin – provides web UI for managing MariaDB/MySQL
Media & file management
- Jellyfin – provides locally-hosted media server (think Netflix but local) for streaming movies and TV shows, listening to music, reading books, and reading comic books
- Jellysearch – provides fast full-text search for Jellyfin by proxying search queries from Jellyfin
- uses dedicated instance of Meilisearch
- FileFlows – distributed, automated conversion of media files into a standardized format for ingestion into Jellyfin
- Samba – shares files on server with Mac/Windows/Linux clients using CIFS protocol
- Avahi – provides ZeroConf/mDNS for Samba server so shares show up automatically in GUI clients
Backup & system maintenance
- Kopia – network-connected backup system providing centralized backups to multiple servers and user devices on the LAN
- Diun – sends emails when a Docker image update has been detected
- dockcheck-web – web UI to see which Docker images have updates available
Productivity & self-hosting
- NextCloud – provides web-based file access (think Google Drive), client file sync (think Dropbox), calendar/tasks/contacts sync, and OpenID Connect (OIDC) services for SSO (authenticates against LDAP backend)
- uses centralized MariaDB container instance
- Collabora Online – provides web-based document editing to NextCloud (similar to Microsoft Office 365/Google Docs)
- Light LDAP (LLDAP) – provides single source of truth for user identity and authentication for other containers
- Outline – self-hosted tool for managing notes and projects (think Microsoft Loop or Notion)
- uses dedicated Redis and Postgres containers for isolation and security
- Bookstack – self-hosted tool for managing notes and projects similar to Outline (potentially deprecating Bookstack and switching); currently used to document network setup as well as household management in the event of my death (e.g., location of water shut-offs, circuit breaker, items to remember when winterizing house, odd quirks about the house, etc.)
Secondary server
AI & computer vision
- Whisper ASR Box – web API interface for faster-whisper to transcribe audio using AI (e.g., creating subtitles for movies without subs)
Monitoring
- Telegraf – scrapes data from Ubuntu host and other services and stores data in InfluxDB buckets for later processing/graphing with Grafana
- Scrutiny – provides web UI for S.M.A.R.T. hard drive monitoring tool as well as email notifications when an issue has been detected
Databases & caching
- Redis – provides object storage to other containers for caching and session management
- MariaDB – used for services requiring SQL-based relational database storage
- PostgreSQL – used for services requiring Postgres-specific relational database storage
Backup & system maintenance
- Kopia – network-connected backup system providing centralized backups to multiple servers and user devices on the LAN
- Diun – sends emails when a Docker image update has been detected
- dockcheck-web – web UI to see which Docker images have updates available
Media & file management
- Samba – shares files on server with Mac/Windows/Linux clients using CIFS protocol
- Avahi – provides ZeroConf/mDNS for Samba server so shares show up automatically in GUI clients
- Jellystat – provides statistics on Jellyfin server usage
- uses dedicated PostgreSQL container instance for isolation and security
- Bazarr – downloads subtitles for movies/shows missing subtitles; also utilizes Whisper web service to transcribe audio using AI
Productivity & self-hosting
- Vaultwarden – password manager; open source implementation of Bitwarden server
- This website – this very website is hosted on my secondary server
- Photography website – WordPress site running WooCommerce
- uses dedicated Mariadb container instance for isolation and security
- Mealie – self-hosted recipe management
- OwnTone – daapd server (iTunes media server) allowing Apple’s Music app to access Jellyfin music natively
- Plausible – self-hosted website analytics that’s watching you right now
- uses dedicated PostgreSQL container instance for isolation and security
- Github actions API – small API I developed to accept incoming webhooks from Github actions to perform deployments locally