homelab
networking
linux
self-hosting
Homelab v1: The Fundamentals (Legacy Reference)
⚠️ LEGACY DOCUMENT This was the original plan for building a homelab with services running directly on bare metal across multiple machines. After creating this plan, I decided to pivot to a Proxmox-based virtualization architecture (see Homelab v2: Proxmox Architecture) to gain deeper experience with hypervisors, container orchestration, and platform engineering—skills more aligned with modern SRE/infrastructure work.
This document is kept as reference material for the concepts, networking fundamentals, and service configurations it covers, but does not represent the current homelab implementation.
Goal: Build a private network at home where you understand every machine, every IP, every connection. Learn networking and Linux by doing, not by reading.
Output: Blog posts documenting your learnings. Proof of work for job applications.
Philosophy: Every service you run will be something you actually use. No theoretical demos. Real tools that make your development workflow better.
What You're Building
YOUR PRIVATE NETWORK (192.168.68.0/24)
══════════════════════════════════════
┌─────────────┐
│ INTERNET │
└──────┬──────┘
│
┌──────▼──────┐
│ ROUTER │
│ 192.168.68.1│
└──────┬──────┘
│
┌────────────────────────────┼────────────────────────────┐
│ │ │
▼ ▼ ▼
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ RASPBERRY PI │ │ THINKCENTRE │ │ MACBOOK PRO │
│─────────────────│ │─────────────────│ │─────────────────│
│ 192.168.68.58 │ │ 192.168.68.11 │ │ 192.168.68.12 │
│ │ │ │ │ │
│ Role: │ │ Role: │ │ Role: │
│ • DNS (Pi-hole) │ │ • Web (Nginx) │ │ • NAS (Samba) │
│ • VPN (Tailscale│ │ • DB (Postgres) │ │ • Backups │
│ /Headscale) │ │ • Git (Gitea) │ │ • File Storage │
│ • Ad Blocking │ │ • Docker │ │ │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│
│
┌────────▼─────────┐
│ MAC MINI M2 │
│──────────────────│
│ 192.168.68.10 │
│ │
│ Role: │
│ • Monitoring │
│ (Grafana) │
│ • Metrics │
│ (Prometheus) │
│ • Uptime Kuma │
│ • Lightweight │
│ Apps │
└──────────────────┘
Access from your M3 MacBook Pro (daily driver) via SSH to all nodes.
The Four Machines
| Machine | RAM | IP | OS | Role | Services | Why This Role |
|---|---|---|---|---|---|---|
| Raspberry Pi 3 | 1GB | 192.168.68.58 | Raspberry Pi OS | Network Infrastructure | Pi-hole (DNS), Tailscale (VPN) | Low power, always on, handles network-level services |
| Thinkcentre | 16GB | 192.168.68.11 | Arch Linux | Multi-Purpose Server | Nginx (web), PostgreSQL (DB), Gitea (Git), Docker | Most RAM, your workhorse for heavy services |
| Mac Mini M2 | 8GB | 192.168.68.10 | macOS | Monitoring + Apps | Grafana, Prometheus, Uptime Kuma, Node.js apps | Fast M2 chip, perfect for real-time dashboards |
| MacBook Pro 2012 | 16GB | 192.168.68.12 | Ubuntu 20.04 | Storage + Backups | Samba (NAS), Restic (backups) | 500GB SSD + spare drives for storage |
Your M3 MacBook Pro (daily driver) is NOT part of the homelab. You SSH from it to access all these machines.
What You'll Learn (Blog Post Ideas)
| Topic | What You'll Do | Blog Post Title Ideas |
|---|---|---|
| IP Addressing | Assign static IPs to all machines | "How IP Addresses Actually Work" |
| SSH | Set up key-based auth, SSH between all machines | "SSH Keys: Why I Never Type Passwords Anymore" |
| DNS | Run your own DNS server with Pi-hole | "I Run My Own DNS Server (And Block Every Ad)" |
| Linux Basics | Navigate, manage processes, read logs | "20 Linux Commands I Use Every Day" |
| systemd | Create and manage services | "Understanding systemd: Linux's Init System" |
| Web Servers | Host websites with Nginx | "Why I Use Nginx: A Deep Dive into Web Serving" |
| Databases | Run PostgreSQL on your homelab | "Self-Hosting a PostgreSQL Database" |
| Git | Self-host with Gitea | "I Built My Own GitHub at Home" |
| Monitoring | Set up Grafana + Prometheus | "Monitoring My Homelab with Beautiful Dashboards" |
| VPN | Remote access with Tailscale | "I Access My Homelab from Anywhere with Tailscale" |
| File Sharing | Set up Samba NAS | "Building a NAS From Spare Hard Drives" |
| Backups | Automate with Restic | "My Homelab Backup Strategy" |
| Docker | Run containers | "Getting Started with Docker: A Practical Guide" |
| Networking | Understand subnets, routing, ports | "Home Networking: What Your Router Actually Does" |
| Power Management | UPS graceful shutdown | "Running a Homelab on a UPS: What You Need to Know" |
Step 1: Understand Your Network
Before touching anything, understand what you have.
Your Network Right Now
Your Router (TP-Link Deco): 192.168.68.1
├── Hands out IPs via DHCP (probably 192.168.68.100 - 192.168.68.254)
├── Acts as gateway to internet
└── Runs its own DNS (which forwards to your ISP)
When a device joins:
1. Device asks router "What's my IP?"
2. Router picks one from its pool (e.g., 192.168.68.137)
3. Router tells device "Use me (192.168.68.1) as your gateway and DNS"
What You'll Change
Your Router: 192.168.68.1
├── Still hands out IPs via DHCP
├── Still acts as gateway
└── BUT: Tells all devices to use Pi (192.168.68.58) for DNS
Your servers get STATIC IPs (or DHCP Reserved IPs):
├── Pi: 192.168.68.58 (DHCP Reserved)
├── Thinkcentre: 192.168.68.11 (Static)
├── MacBook Pro: 192.168.68.12 (Static)
└── Mac Mini: 192.168.68.10 (Static)
Blog Post Material: "What is a Subnet?"
192.168.68.0/24 means:
├── Network: 192.168.68.x
├── Usable IPs: 192.168.68.1 to 192.168.68.254
├── Broadcast: 192.168.68.255
└── /24 = 256 addresses (2^8)
All devices with 192.168.68.x can talk to each other directly.
To reach the internet, they go through the gateway (192.168.68.1).
Step 2: Set Up the Raspberry Pi (DNS Server)
What You'll Learn
- Flashing an OS
- Basic Linux navigation
- systemd services
- How DNS works
Do This
# 1. Flash Raspberry Pi OS Lite (64-bit) to USB SSD
# Use Raspberry Pi Imager on your Mac Mini
# Enable SSH in the imager settings
# Set username: pi, password: [your choice]
# 2. Boot the Pi, find its current IP
# Check your router's admin page, or:
ping raspberrypi.local
# 3. SSH into it
ssh pi@[current-ip]
# 4. Set a static IP (or DHCP Reservation)
# For now, we use DHCP Reservation at 192.168.68.58 (via Deco app)
# Once wired, we'll configure static IP 192.168.68.13 for eth0
# 5. Reboot (if changing IP)
# 6. SSH to new IP (if changing IP)
ssh pi@192.168.68.58
# 7. Install Pi-hole
curl -sSL https://install.pi-hole.net | bash
# Follow the prompts, use defaults
# 8. Change your router's DHCP settings
# Set DNS server to: 192.168.68.58
# Now ALL devices on your network use your Pi for DNS
Verify It Works
# From your Mac Mini:
nslookup google.com 192.168.68.58
# Should return Google's IP, served by YOUR Pi
# Check Pi-hole dashboard:
# Open browser: http://192.168.68.58/admin
Install Tailscale (VPN for Remote Access)
Access your homelab from anywhere - coffee shop, work, vacation.
Option 1: Tailscale (Easiest)
# Install Tailscale
curl -fsSL https://tailscale.com/install.sh | sh
# Start Tailscale
sudo tailscale up
# Follow the URL to authenticate in your browser
# This connects your Pi to your Tailscale network
# Enable exit node (route ALL traffic through your homelab)
sudo tailscale up --advertise-exit-node
# Enable subnet routes (access local network devices)
sudo tailscale up --advertise-routes=192.168.68.0/24
Option 2: Headscale (Self-Hosted Tailscale) - Advanced
For true self-hosting, install Headscale on your Thinkcentre later. Tailscale is perfect for v1.
What this gives you:
- Access your homelab from anywhere with internet
- No port forwarding needed (NAT traversal)
- Encrypted WireGuard VPN
- Access to all services: Pi-hole, Grafana, Gitea, NAS
From your M3 MacBook Pro anywhere:
# Install Tailscale on your laptop
brew install tailscale
# Connect to your network
sudo tailscale up
# Now you can SSH from anywhere:
ssh pi
ssh thinkcentre
ssh nas
# Access web services:
# http://pi.lab/admin (Pi-hole)
# http://monitor.lab:3000 (Grafana)
# http://git.lab:3000 (Gitea)
What you learned:
- VPN concepts and WireGuard protocol
- Remote access security
- NAT traversal
- Network routing
Blog post: "I Access My Homelab from Anywhere with Tailscale"
Commands You Learned
| Command | What It Does |
|---|---|
ssh user@ip |
Connect to remote machine |
sudo |
Run command as root |
nano file |
Edit a file |
cat file |
View a file |
systemctl status pihole-FTL |
Check if Pi-hole service is running |
reboot |
Restart the machine |
tailscale status |
Check VPN connection status |
tailscale ip |
Show your Tailscale IP |
Step 3: Set Up the Thinkcentre (Multi-Purpose Server)
You already have Arch Linux. Keep it. Arch teaches you more because it doesn't hide things.
This is your workhorse. 16GB RAM means it can handle multiple services simultaneously.
What You'll Learn
- Package management (pacman)
- Web server configuration (Nginx)
- Running PostgreSQL databases
- Self-hosting Git with Gitea
- Docker basics
- systemd service management
- Running multiple services on one machine
Set Static IP
# SSH from Mac Mini (use current IP first)
ssh ashish@192.168.68.59
# Arch uses systemd-networkd or NetworkManager
# Check which one:
systemctl status NetworkManager
systemctl status systemd-networkd
# If NetworkManager (likely):
nmcli con show
# Note your connection name (e.g., "Wired connection 1" or "Your-Wifi-Name")
nmcli con mod "Your-Wifi-Name" \
ipv4.addresses 192.168.68.11/24 \
ipv4.gateway 192.168.68.1 \
ipv4.dns 192.168.68.58 \
ipv4.method manual
nmcli con up "Your-Wifi-Name"
# Now SSH to new IP
ssh ashish@192.168.68.11
Install Nginx (instead of Caddy)
# 1. Create your website directory and content
sudo mkdir -p /var/www/mysite
sudo chown -R $USER:$USER /var/www/mysite
cat << 'EOF' | sudo tee /var/www/mysite/index.html
<!DOCTYPE html>
<html>
<head>
<title>My Homelab</title>
</head>
<body>
<h1>Hello from my Thinkcentre with Nginx!</h1>
<p>This website is served from my homelab.</p>
<p>Server IP: 192.168.68.11</p>
</body>
</html>
EOF
# 2. Update system and install Nginx
sudo pacman -Syu --noconfirm # Update system (if not already)
sudo pacman -S nginx
# 3. Configure Nginx
sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak # Backup original
sudo nano /etc/nginx/nginx.conf # Edit the config file
# Replace the existing 'server { ... }' block (usually listens on port 80) with:
# server {
# listen 80;
# listen [::]:80;
# server_name 192.168.68.11; # Or use 'localhost' if you prefer for now
#
# location / {
# root /var/www/mysite; # Your website directory
# index index.html index.htm;
# try_files $uri $uri/ =404; # Essential for serving static files
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root /usr/share/nginx/html;
# }
# }
# 4. Start and enable Nginx
sudo systemctl enable --now nginx
sudo systemctl status nginx
Verify It Works
# From Mac Mini browser:
# Open http://192.168.68.11
# You should see your page!
# Or from terminal:
curl http://192.168.68.11
Add Local DNS Entry
On Pi-hole admin (http://192.168.68.58/admin):
- Go to Local DNS → DNS Records
- Add:
mysite.lab→192.168.68.11
Now you can access http://mysite.lab from any device on your network!
Install PostgreSQL (Database)
Your applications need databases. Learn to run one.
# Install PostgreSQL
sudo pacman -S postgresql
# Initialize the database cluster
sudo -u postgres initdb -D /var/lib/postgres/data
# Start and enable PostgreSQL
sudo systemctl enable --now postgresql
# Check it's running
sudo systemctl status postgresql
# Create a database for your apps
sudo -u postgres createdb myapp_db
# Create a user
sudo -u postgres psql
# In psql:
CREATE USER myapp_user WITH PASSWORD 'secure_password';
GRANT ALL PRIVILEGES ON DATABASE myapp_db TO myapp_user;
\q
# Test connection
psql -U myapp_user -d myapp_db -h localhost
What you learned:
- PostgreSQL setup and initialization
- Creating databases and users
- Granting permissions
- Connecting to databases
Blog post: "Self-Hosting PostgreSQL on My Homelab"
Install Gitea (Self-Hosted Git)
Your own private GitHub. Push code here instead of always using GitHub.
# Install Docker (we'll run Gitea in a container)
sudo pacman -S docker docker-compose
# Start and enable Docker
sudo systemctl enable --now docker
# Add your user to docker group
sudo usermod -aG docker $USER
# Log out and back in for this to take effect
# Create Gitea directory
mkdir -p ~/gitea
cd ~/gitea
# Create docker-compose.yml
cat << 'EOF' > docker-compose.yml
version: "3"
services:
gitea:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
ports:
- "3000:3000"
- "222:22"
volumes:
- ./data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
EOF
# Start Gitea
docker-compose up -d
# Check it's running
docker ps
Access Gitea:
- Browser:
http://192.168.68.11:3000 - Complete the web installer (use your PostgreSQL database if you want, or SQLite for simplicity)
Add DNS entry in Pi-hole:
git.lab→192.168.68.11
Now you can:
# From your M3 MacBook Pro:
git remote add homelab http://git.lab:3000/username/repo.git
git push homelab main
What you learned:
- Docker basics
- docker-compose for multi-container apps
- Running services in containers
- Git server setup
Blog post: "I Built My Own GitHub at Home with Gitea"
Commands You Learned
| Command | What It Does |
|---|---|
pacman -S pkg |
Install package on Arch |
pacman -Syu |
Update system |
systemctl enable --now svc |
Start service and make it start on boot |
systemctl status svc |
Check service status |
journalctl -u caddy |
View Caddy logs |
curl url |
Fetch a webpage from terminal |
docker ps |
List running containers |
docker-compose up -d |
Start containers in background |
docker-compose logs |
View container logs |
docker-compose down |
Stop containers |
Step 4: Set Up the MacBook Pro (NAS)
What You'll Learn
- Disk management
- Mounting drives
- Samba file sharing
- Permissions
Prepare the Machine
# SSH from Mac Mini
ssh user@192.168.68.12
# Set static IP (Ubuntu uses Netplan)
sudo nano /etc/netplan/01-netcfg.yaml
# Replace with:
network:
version: 2
ethernets:
enp0s25: # Your interface name, check with: ip link
dhcp4: no
addresses:
- 192.168.68.12/24
gateway4: 192.168.68.1
nameservers:
addresses:
- 192.168.68.58
# Apply
sudo netplan apply
Connect Your Spare Drives
# List all drives
lsblk
# You'll see something like:
# sda 500G (your main SSD)
# sdb 1T (spare drive 1)
# sdc 2T (spare drive 2)
# Create mount points
sudo mkdir -p /mnt/storage1
sudo mkdir -p /mnt/storage2
# Format drives (WARNING: erases everything!)
sudo mkfs.ext4 /dev/sdb
sudo mkfs.ext4 /dev/sdc
# Mount them
sudo mount /dev/sdb /mnt/storage1
sudo mount /dev/sdc /mnt/storage2
# Make mounts permanent (survive reboot)
sudo nano /etc/fstab
# Add lines:
/dev/sdb /mnt/storage1 ext4 defaults 0 2
/dev/sdc /mnt/storage2 ext4 defaults 0 2
Set Up Samba (Network File Sharing)
# Install Samba
sudo apt update
sudo apt install samba
# Create a shared folder
sudo mkdir -p /mnt/storage1/shared
sudo chmod 777 /mnt/storage1/shared
# Configure Samba
sudo nano /etc/samba/smb.conf
# Add at the bottom:
[HomeShare]
path = /mnt/storage1/shared
browsable = yes
read only = no
guest ok = yes
# Restart Samba
sudo systemctl restart smbd
# Check it's running
sudo systemctl status smbd
Access From Mac Mini
# In Finder: Cmd+K
# Enter: smb://192.168.68.12/HomeShare
# Or: smb://nas.lab/HomeShare (after adding DNS entry)
# From terminal:
# Mount the share
mkdir -p ~/mnt/nas
mount_smbfs //guest@192.168.68.12/HomeShare ~/mnt/nas
Add DNS Entry
On Pi-hole: nas.lab → 192.168.68.12
Set Up Automated Backups (Restic)
Protect your data. Automate backups of all your homelab machines.
# Install Restic
sudo apt update
sudo apt install restic
# Create a backup repository on your NAS
mkdir -p /mnt/storage1/backups
restic init --repo /mnt/storage1/backups
# Create a script to backup other machines
mkdir -p ~/scripts
nano ~/scripts/backup-homelab.sh
# Add:
#!/bin/bash
export RESTIC_REPOSITORY=/mnt/storage1/backups
export RESTIC_PASSWORD="your-secure-password"
# Backup Thinkcentre (via SSH)
restic backup --tag thinkcentre root@192.168.68.11:/var/www
restic backup --tag thinkcentre root@192.168.68.11:/home
# Backup Pi
restic backup --tag pi root@192.168.68.58:/etc/pihole
# Prune old backups (keep last 7 days, 4 weeks, 6 months)
restic forget --prune --keep-daily 7 --keep-weekly 4 --keep-monthly 6
echo "Backup completed: $(date)"
# Make executable
chmod +x ~/scripts/backup-homelab.sh
# Test it
~/scripts/backup-homelab.sh
# Schedule daily backups with cron
crontab -e
# Add line (runs at 2 AM daily):
0 2 * * * /home/your-username/scripts/backup-homelab.sh >> /var/log/backup.log 2>&1
What you learned:
- Backup strategies
- Restic for incremental backups
- Cron jobs for automation
- Remote backups via SSH
Blog post: "My Homelab Backup Strategy with Restic"
Commands You Learned
| Command | What It Does |
|---|---|
lsblk |
List block devices (disks) |
fdisk -l |
Detailed disk info |
mkfs.ext4 /dev/sdX |
Format disk with ext4 filesystem |
mount /dev/sdX /path |
Mount a disk |
df -h |
Show disk usage |
chmod 777 dir |
Give everyone full permissions |
restic init |
Initialize backup repository |
restic backup |
Create a backup |
restic snapshots |
List all backups |
restic restore |
Restore from backup |
crontab -e |
Edit cron jobs |
Step 4.5: Set Up the Mac Mini M2 (Monitoring + Apps)
Why this machine: M2 is fast. Perfect for real-time dashboards and lightweight applications.
What you'll run:
- Grafana (dashboards)
- Prometheus (metrics collection)
- Uptime Kuma (service monitoring)
- Your Node.js/Python apps
What You'll Learn
- Monitoring and observability
- Metrics collection
- Dashboard creation
- Service health checks
- Running applications on macOS servers
Set Static IP on macOS
# Check current network interface
ifconfig
# Set static IP via System Preferences:
# System Preferences → Network → Ethernet/Wi-Fi → Advanced → TCP/IP
# Configure IPv4: Manually
# IP Address: 192.168.68.10
# Subnet Mask: 255.255.255.0
# Router: 192.168.68.1
# DNS Server: 192.168.68.58
# Or via command line:
sudo networksetup -setmanual "Ethernet" 192.168.68.10 255.255.255.0 192.168.68.1
sudo networksetup -setdnsservers "Ethernet" 192.168.68.58
Install Homebrew (if not already)
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Install and Configure Prometheus
Prometheus collects metrics from all your machines.
# Install Prometheus
brew install prometheus
# Configure Prometheus
nano /opt/homebrew/etc/prometheus.yml
# Replace with:
global:
scrape_interval: 15s
scrape_configs:
# Prometheus itself
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
# Node exporters (we'll install these on each machine)
- job_name: 'raspberry-pi'
static_configs:
- targets: ['192.168.68.58:9100']
- job_name: 'thinkcentre'
static_configs:
- targets: ['192.168.68.11:9100']
- job_name: 'macbook-nas'
static_configs:
- targets: ['192.168.68.12:9100']
- job_name: 'mac-mini'
static_configs:
- targets: ['localhost:9100']
# Start Prometheus
brew services start prometheus
# Access: http://192.168.68.10:9090
Install Node Exporter on All Linux Machines
Node Exporter exposes system metrics (CPU, RAM, disk, network).
On Raspberry Pi:
ssh pi
sudo apt install prometheus-node-exporter
sudo systemctl enable --now prometheus-node-exporter
On Thinkcentre:
ssh thinkcentre
sudo pacman -S prometheus-node-exporter
sudo systemctl enable --now prometheus-node-exporter
On MacBook Pro NAS:
ssh nas
sudo apt install prometheus-node-exporter
sudo systemctl enable --now prometheus-node-exporter
On Mac Mini (macOS):
brew install node_exporter
brew services start node_exporter
Install and Configure Grafana
Grafana creates beautiful dashboards from Prometheus metrics.
# Install Grafana
brew install grafana
# Start Grafana
brew services start grafana
# Access: http://192.168.68.10:3000
# Default login: admin / admin (change on first login)
Set up your first dashboard:
- Open
http://192.168.1.10:3000in browser - Login (admin/admin, set new password)
- Add Data Source:
- Click "Add data source"
- Choose "Prometheus"
- URL:
http://localhost:9090 - Click "Save & Test"
- Import a dashboard:
- Click "+" → Import
- Dashboard ID:
1860(Node Exporter Full) - Select Prometheus data source
- Click "Import"
Now you have a beautiful dashboard showing CPU, RAM, disk, network for ALL your machines!
Install Uptime Kuma (Service Monitoring)
Monitor if your services are up and get alerts when they go down.
# Install Node.js (if not already)
brew install node
# Install Uptime Kuma
mkdir -p ~/services/uptime-kuma
cd ~/services/uptime-kuma
npx uptime-kuma-server@latest
# Or use Docker:
docker run -d --restart=always \
-p 3001:3001 \
-v uptime-kuma:/app/data \
--name uptime-kuma \
louislam/uptime-kuma:1
# Access: http://192.168.1.10:3001
Set up monitoring:
- Open
http://192.168.1.10:3001 - Create admin account
- Add monitors:
- Pi-hole:
http://192.168.1.13/admin - Website:
http://mysite.lab - Gitea:
http://git.lab:3000 - NAS: Check port
445(SMB) - Grafana:
http://192.168.1.10:3000
- Pi-hole:
Get notifications via Discord, Slack, email when services go down.
Add DNS Entries
On Pi-hole:
monitor.lab→192.168.1.10(Grafana)uptime.lab→192.168.1.10(Uptime Kuma)
What You Learned
- Setting up Prometheus for metrics collection
- Installing node exporters across different OSes
- Creating Grafana dashboards
- Service uptime monitoring
- macOS server configuration
Blog posts:
- "Monitoring My Homelab with Grafana and Prometheus"
- "I Built a Dashboard to Monitor All My Servers"
- "Uptime Monitoring: Know When Your Services Go Down"
Step 5: SSH Everywhere
Set up SSH keys so you never type passwords.
On Your Mac Mini
# Generate a key (if you haven't)
ssh-keygen -t ed25519 -C "your-email@example.com"
# Press Enter for default location, no passphrase for convenience
# Copy to all machines
ssh-copy-id pi@192.168.1.13
ssh-copy-id user@192.168.1.11
ssh-copy-id user@192.168.1.12
# Now you can SSH without passwords!
ssh pi@192.168.1.13 # No password needed
Create SSH Aliases
# Edit SSH config
nano ~/.ssh/config
# Add:
Host pi
HostName 192.168.1.13
User pi
Host thinkcentre
HostName 192.168.1.11
User your-username
Host nas
HostName 192.168.1.12
User your-username
# Now you can just type:
ssh pi
ssh thinkcentre
ssh nas
Your Network, Visualized
After completing all steps:
┌──────────────────────────────────────────────────────────────────────────────┐
│ │
│ YOUR HOME NETWORK (192.168.1.0/24) │
│ ════════════════════════════════════ │
│ │
│ ┌──────────────────────────────────────────────────────────────────────┐ │
│ │ ROUTER (192.168.1.1) │ │
│ │ Gateway to the internet │ │
│ │ DHCP: 192.168.1.100-254 │ │
│ │ DNS: Points to Pi (192.168.1.13) │ │
│ └──────────────────────────────────────────────────────────────────────┘ │
│ │ │
│ ┌───────────────────────┼───────────────────────┐ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐ │
│ │ RASPBERRY PI │ │ THINKCENTRE │ │ MACBOOK PRO │ │
│ │ 192.168.1.13 │ │ 192.168.1.11 │ │ 192.168.1.12 │ │
│ │ 1GB RAM │ │ 16GB RAM │ │ 16GB RAM │ │
│ │──────────────────│ │──────────────────│ │──────────────────│ │
│ │ │ │ │ │ │ │
│ │ Services: │ │ Services: │ │ Services: │ │
│ │ • Pi-hole (DNS) │ │ • Caddy (Web) │ │ • Samba (NAS) │ │
│ │ • Tailscale VPN │ │ • PostgreSQL DB │ │ • Restic Backup │ │
│ │ • Ad Blocking │ │ • Gitea (Git) │ │ • File Storage │ │
│ │ │ │ • Docker │ │ • 500GB + spare │ │
│ │ Power: 5W │ │ │ │ │ │
│ │ Always On │ │ Power: 65W │ │ Power: 45W │ │
│ │ │ │ Workhorse │ │ Storage Beast │ │
│ └──────────────────┘ └──────────────────┘ └──────────────────┘ │
│ │ │ │ │
│ └───────────────────────┼───────────────────────┘ │
│ │ │
│ ┌─────────▼──────────┐ │
│ │ MAC MINI M2 │ │
│ │ 192.168.1.10 │ │
│ │ 8GB RAM │ │
│ │────────────────────│ │
│ │ │ │
│ │ Services: │ │
│ │ • Grafana Monitor │ │
│ │ • Prometheus │ │
│ │ • Uptime Kuma │ │
│ │ • Node.js Apps │ │
│ │ │ │
│ │ Power: 15W │ │
│ │ Monitoring Hub │ │
│ └────────────────────┘ │
│ │
│ ┌──────────────────────────────────────────────────────────────────────┐ │
│ │ LOCAL DNS ENTRIES (managed by Pi-hole at 192.168.1.13) │ │
│ │ ────────────────────────────────────────────── │ │
│ │ mysite.lab → 192.168.1.11 (Your website) │ │
│ │ git.lab → 192.168.1.11 (Gitea server) │ │
│ │ nas.lab → 192.168.1.12 (File server) │ │
│ │ pi.lab → 192.168.1.13 (Pi-hole dashboard) │ │
│ │ monitor.lab → 192.168.1.10 (Grafana) │ │
│ │ uptime.lab → 192.168.1.10 (Uptime Kuma) │ │
│ └──────────────────────────────────────────────────────────────────────┘ │
│ │
│ ACCESS FROM: Your M3 MacBook Pro (daily driver) via SSH │
│ Total Power: ~130W (under 1 hour on UPS during outage) │
│ │
└──────────────────────────────────────────────────────────────────────────────┘
Real-World Workflows
Here's how you'll actually use this homelab:
Workflow 1: Building and Deploying a Web App
┌─────────────────────────────────────────────────────────────────┐
│ FROM YOUR M3 MACBOOK PRO (Coffee Shop) │
└─────────────────────────────────────────────────────────────────┘
│
▼
1. Connect to Tailscale VPN
2. Write code in VS Code
3. Push to Gitea
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ YOUR HOMELAB │
├─────────────────────────────────────────────────────────────────┤
│ │
│ Thinkcentre (192.168.1.11): │
│ • Receives git push to http://git.lab:3000 │
│ • PostgreSQL database ready for your app │
│ • Caddy serves your website at http://mysite.lab │
│ │
│ Mac Mini (192.168.1.10): │
│ • Grafana shows your app's metrics │
│ • Uptime Kuma alerts if site goes down │
│ │
│ MacBook Pro NAS (192.168.1.12): │
│ • Automated backups at 2 AM every night │
│ • Git repo backed up │
│ │
└─────────────────────────────────────────────────────────────────┘
Workflow 2: Remote Administration
# You're at work, want to check your homelab
# Connect to Tailscale VPN
tailscale up
# SSH to any machine
ssh pi # Check Pi-hole logs
ssh thinkcentre # Restart a service
ssh nas # Check disk space
# View dashboards
open http://monitor.lab:3000 # Grafana metrics
open http://uptime.lab:3001 # Service status
open http://pi.lab/admin # DNS stats
Workflow 3: Accessing Files from Anywhere
# From your M3 MacBook Pro
# Mount NAS via Finder (Cmd+K)
smb://nas.lab/HomeShare
# Or copy files via command line
scp large-file.zip nas:/mnt/storage1/shared/
# Or sync entire directory
rsync -avz ~/Documents/ nas:/mnt/storage1/backups/documents/
Workflow 4: Database-Backed Application
Your App (Node.js on Mac Mini)
↓
Connects to PostgreSQL on Thinkcentre (192.168.1.11:5432)
↓
Database persists data
↓
Backed up nightly to NAS via Restic
Quick Reference Card
Print this. Tape it to your wall.
╔════════════════════════════════════════════════════════════════════════════╗
║ HOMELAB v1 QUICK REFERENCE ║
╠════════════════════════════════════════════════════════════════════════════╣
║ ║
║ MACHINES ║
║ ──────── ║
║ Pi: 192.168.68.58 ssh pi (1GB RAM, 5W) ║
║ Thinkcentre: 192.168.68.11 ssh thinkcentre (16GB RAM, 65W) ║
║ Mac Mini: 192.168.68.10 ssh macmini (8GB RAM, 15W) ║
║ MacBook NAS: 192.168.68.12 ssh nas (16GB RAM, 45W) ║║
║ ║
║ ALL SERVICES AT A GLANCE ║
║ ──────────────────────── ║
║ DNS/Network: http://pi.lab/admin (Pi-hole + Tailscale) ║
║ Website: http://mysite.lab (Nginx on Thinkcentre) ║
║ Git Server: http://git.lab:3000 (Gitea on Thinkcentre) ║
║ Monitoring: http://monitor.lab:3000 (Grafana on Mac Mini) ║
║ Uptime: http://uptime.lab:3001 (Uptime Kuma on Mac Mini) ║
║ NAS: smb://nas.lab/HomeShare (Samba on MacBook) ║
║ Database: 192.168.68.11:5432 (PostgreSQL on Thinkcentre) ║
║ ║
║ SERVICES BY MACHINE ║
║ ─────────────────── ║
║ Raspberry Pi (192.168.68.58): ║
║ • Pi-hole (DNS + ad blocking) ║
║ • Tailscale (VPN for remote access) ║
║ ║
║ Thinkcentre (192.168.68.11): ║
║ • Nginx (web server) ║
║ • PostgreSQL (database) ║
║ • Gitea (Git server) ║
║ • Docker (container runtime) ║
║ ║
║ Mac Mini M2 (192.168.68.10): ║
║ • Grafana (monitoring dashboards) ║
║ • Prometheus (metrics collection) ║
║ • Uptime Kuma (service monitoring) ║
║ • Your Node.js/Python apps ║
║ ║
║ MacBook Pro (192.168.68.12): ║
║ • Samba (file sharing / NAS) ║
║ • Restic (automated backups) ║
║ ║
║ COMMON COMMANDS ║
║ ─────────────── ║
║ ssh user@host Connect to machine ║
║ systemctl status svc Check if service is running ║
║ journalctl -u svc View service logs ║
║ journalctl -f Follow all logs live ║
║ docker ps List running containers ║
║ ip addr Show IP addresses ║
║ df -h Disk usage ║
║ htop Process monitor ║
║ tailscale status Check VPN connection ║
║ restic snapshots List backups ║
║ sudo reboot Restart machine ║
║ sudo shutdown -h now Power off machine ║
║ ║
║ POWER OUTAGE - GRACEFUL SHUTDOWN ORDER ║
║ ────────────────────────────────────── ║
║ When UPS alarm sounds (~10 min battery left): ║
║ ║
║ 1. ssh macmini "sudo shutdown -h now" (Stop monitoring) ║
║ 2. ssh nas "sudo shutdown -h now" (Stop NAS + backups) ║
║ 3. ssh thinkcentre "sudo shutdown -h now" (Stop web/db/git) ║
║ 4. ssh pi "sudo shutdown -h now" (Stop DNS last) ║
║ ║
║ Total time: ~2 minutes. UPS lasts 50+ minutes at full load. ║
║ ║
║ TROUBLESHOOTING ║
║ ─────────────── ║
║ Service won't start: journalctl -u service-name -n 50 ║
║ Check all services: systemctl list-units --failed ║
║ DNS not resolving: nslookup example.com 192.168.68.58 ║
║ Can't reach service: ping 192.168.68.X ║
║ Tailscale not connected: tailscale status; tailscale up ║
║ Disk full: df -h; du -sh /* ║
║ ║
╚════════════════════════════════════════════════════════════════════════════╝
Blog Post Changelog Template
Use this template for your blog:
# Homelab Changelog
## [Date] - v1.0 Initial Setup
### Infrastructure
- ✅ Raspberry Pi as DNS server (Pi-hole) + VPN (Tailscale)
- ✅ Thinkcentre as multi-purpose server (Nginx, PostgreSQL, Gitea, Docker)
- ✅ Mac Mini M2 as monitoring hub (Grafana, Prometheus, Uptime Kuma)
- ✅ MacBook Pro as NAS (Samba) and backup server (Restic)
- ✅ Static IP addressing for all machines (192.168.68.0/24)
- ✅ SSH key authentication across all nodes
### Services Running
- **Network:** Pi-hole blocking ads network-wide, Tailscale for remote access
- **Web:** Nginx serving websites at mysite.lab
- **Development:** Gitea self-hosted Git at git.lab:3000
- **Database:** PostgreSQL ready for applications
- **Monitoring:** Grafana dashboards showing all server metrics
- **Uptime:** Uptime Kuma monitoring all services with alerts
- **Storage:** Samba NAS accessible at nas.lab
- **Backups:** Automated Restic backups running nightly at 2 AM
### What I Learned
- DNS resolution and ad blocking with Pi-hole
- Setting up VPNs with Tailscale for remote access
- Running databases (PostgreSQL) in production
- Self-hosting Git with Gitea
- Docker basics and containerization
- Monitoring with Prometheus and Grafana
- Automated backups with Restic
- systemd service management
- Network file sharing with Samba
- Static IP assignment across different Linux distros
### Metrics (Week 1)
- Pi-hole: Blocked X ads (Y% of total queries)
- Uptime: All services 99.X% available
- Backups: X GB backed up, X snapshots created
- Power: ~130W total draw
- Services: 12+ services running across 4 machines
### Blog Posts Published
1. "SSH Keys: Why I Never Type Passwords Anymore"
2. "I Run My Own DNS Server (And Block Every Ad)"
3. "Self-Hosting PostgreSQL on My Homelab"
4. "I Built My Own GitHub at Home with Gitea"
5. "Monitoring My Homelab with Grafana and Prometheus"
6. "I Access My Homelab from Anywhere with Tailscale"
7. "My Homelab Backup Strategy with Restic"
8. "Why I Use Nginx: A Deep Dive into Web Serving"
### Challenges Overcome
- [Describe any issues you faced and how you solved them]
- [E.g., "Docker permission issues on Arch Linux - fixed by adding user to docker group"]
### Next Steps (v1.1)
- [ ] Add HTTPS with Let's Encrypt certificates
- [ ] Set up Headscale (self-hosted Tailscale alternative)
- [ ] Implement log aggregation (Loki?)
- [ ] Create custom Grafana dashboards
- [ ] Add more applications to Mac Mini
- [ ] Expand NAS storage with additional drives
- [ ] Set up CI/CD pipeline with Gitea Actions
All Services at a Glance
| Service | Machine | Port | URL | Purpose |
|---|---|---|---|---|
| Pi-hole | Pi | 80 | http://pi.lab/admin | DNS + ad blocking |
| Tailscale | Pi | - | - | VPN for remote access |
| Caddy | Thinkcentre | 80 | http://mysite.lab | Web server |
| PostgreSQL | Thinkcentre | 5432 | 192.168.1.11:5432 | Database |
| Gitea | Thinkcentre | 3000 | http://git.lab:3000 | Git server |
| Docker | Thinkcentre | - | - | Container runtime |
| Grafana | Mac Mini | 3000 | http://monitor.lab:3000 | Dashboards |
| Prometheus | Mac Mini | 9090 | http://192.168.1.10:9090 | Metrics collection |
| Uptime Kuma | Mac Mini | 3001 | http://uptime.lab:3001 | Service monitoring |
| Samba | MacBook | 445 | smb://nas.lab/HomeShare | File sharing |
| Restic | MacBook | - | - | Automated backups |
What's Next? (Future Versions)
You've built v1.0 - a fully functional homelab with monitoring, backups, and remote access. Here's how to expand:
| Version | What You Add | What You Learn | Estimated Effort |
|---|---|---|---|
| v1.0 | Everything above | Fundamentals | ✅ DONE |
| v1.1 | HTTPS with Let's Encrypt | TLS certificates, domain setup | 1-2 days |
| v1.2 | Headscale (self-hosted Tailscale) | VPN server, coordination servers | 2-3 days |
| v1.3 | CI/CD with Gitea Actions | Automated testing, deployment | 3-5 days |
| v1.4 | Log aggregation (Loki + Promtail) | Centralized logging | 2-3 days |
| v1.5 | Traefik reverse proxy | Advanced routing, middleware | 2-4 days |
| v2.0 | Public services (expose website) | Dynamic DNS, port forwarding, security | 1 week |
| v2.1 | Media server (Jellyfin/Plex) | Transcoding, streaming | 2-3 days |
| v2.2 | Home Assistant | IoT, automation | 1-2 weeks |
| v3.0 | Kubernetes (if you want) | Container orchestration | 2-3 weeks |
For now: Focus on v1.0. Get everything working. Write about it. Build proof of work.
Then expand based on what you actually need, not what's theoretically cool.
Total Cost
| Item | Cost | Notes |
|---|---|---|
| Hardware | ₹0 | You already own all 4 machines |
| Electricity | ~₹520/month | 130W × 24h × 30 days × ₹8/kWh |
| Domain (optional) | ~₹800/year | Only if you want public access |
| Tailscale | ₹0 | Free tier (up to 100 devices) |
| Software | ₹0 | 100% FOSS (Pi-hole, Nginx, Gitea, Grafana, etc.) |
| Total Monthly | ~₹520 | Less than Netflix + Spotify combined |
| Total Annual | ~₹6,240 | ~$75 USD per year |
What you get for ₹520/month:
- Private DNS server blocking ads for your entire network
- VPN access to your homelab from anywhere
- Self-hosted Git server (private GitHub)
- PostgreSQL database for unlimited projects
- Monitoring dashboards for all services
- NAS with spare drive storage
- Automated daily backups
- Web server hosting unlimited sites
- Real infrastructure experience
Compare to cloud costs:
- AWS t3.medium: ~₹3,000/month
- DigitalOcean droplet: ~₹800/month
- GitHub private repos: ~₹400/month
- S3 storage: ~₹200/month for 100GB
Your homelab: More powerful, more private, better learning experience, cheaper.
This Is Your Proof of Work
When you complete v1.0, you'll have:
Technical Skills (Résumé Material)
Infrastructure:
- ✅ Set up and managed 4-node homelab (Raspberry Pi, x86 servers, Apple Silicon)
- ✅ Configured static IP addressing and subnetting (192.168.1.0/24)
- ✅ Deployed Pi-hole for network-wide DNS and ad blocking
- ✅ Implemented VPN with Tailscale for secure remote access
Web Services:
- ✅ Deployed Nginx web server with virtual hosts
- ✅ Self-hosted Git server (Gitea) with Docker
- ✅ Configured PostgreSQL database for production use
- ✅ Managed multiple services on limited resources
Monitoring & Observability:
- ✅ Built monitoring stack (Prometheus + Grafana)
- ✅ Deployed Uptime Kuma for service health checks
- ✅ Created dashboards visualizing infrastructure metrics
- ✅ Set up alerting for service outages
DevOps & Automation:
- ✅ Implemented automated backups with Restic
- ✅ Configured cron jobs for scheduled tasks
- ✅ SSH key authentication across all nodes
- ✅ Docker containerization basics
Systems Administration:
- ✅ Linux server management (Ubuntu, Arch, Raspberry Pi OS)
- ✅ systemd service management
- ✅ Network file sharing (Samba/NFS)
- ✅ Disk management and mounting
- ✅ Log analysis with journalctl
Portfolio & Blog Content
8+ Blog Posts:
- "SSH Keys: Why I Never Type Passwords Anymore"
- "I Run My Own DNS Server (And Block Every Ad)"
- "Self-Hosting PostgreSQL on My Homelab"
- "I Built My Own GitHub at Home with Gitea"
- "Monitoring My Homelab with Grafana and Prometheus"
- "I Access My Homelab from Anywhere with Tailscale"
- "My Homelab Backup Strategy with Restic"
- "Why I Use Caddy Instead of Nginx"
Bonus content:
- Network diagrams showing your architecture
- Grafana dashboard screenshots
- Uptime reports and availability metrics
- Power consumption and cost analysis
What Employers See
Instead of:
- "I took a course on Docker"
- "Familiar with Linux"
- "Studied networking concepts"
You can say:
- "I run a 4-node homelab with 12+ services (Pi-hole, Gitea, Grafana, PostgreSQL)"
- "I self-host my own Git server and database infrastructure"
- "I monitor my infrastructure with Prometheus and Grafana dashboards"
- "I implemented automated backups and disaster recovery"
- "I configured VPN access for remote administration"
This is tangible, verifiable, real experience.
Interview Talking Points
When asked "Tell me about a project you built":
"I built a homelab with 4 machines running 12+ services. I started with a Raspberry Pi as a DNS server using Pi-hole, which blocks ads network-wide. Then I set up a Lenovo Thinkcentre running Arch Linux as a multi-purpose server hosting Nginx for web serving, PostgreSQL for databases, and Gitea - which is like my own private GitHub. I configured a Mac Mini M2 as a monitoring hub with Grafana and Prometheus to visualize metrics from all my servers, and Uptime Kuma to alert me if services go down. Finally, I repurposed an old MacBook Pro as a NAS with Samba and set up automated backups with Restic. The entire setup runs on ~130W, costs me about ₹500/month, and I can access it from anywhere with Tailscale VPN. I documented the entire build on my blog with 8+ technical posts."
Follow-up questions you can answer:
- "How do you handle failures?" → Talk about Uptime Kuma alerts and backup restoration
- "What about security?" → SSH keys, VPN, no password auth, firewall rules
- "How do you monitor performance?" → Grafana dashboards, Prometheus metrics
- "What was the hardest part?" → Describe a real challenge you overcame
The Real Value
This homelab teaches you:
- Systems thinking - Understanding how services interact
- Troubleshooting - Things will break, you'll fix them
- Resource constraints - Working within limits (RAM, CPU, power)
- Documentation - Writing about your work forces clarity
- Real experience - Not simulated labs, actual running services
This is exactly what hiring managers want to see.
Not certificates. Not courses. Real infrastructure you built and operate.
You're Ready. Start Building.
Stop planning. Start doing.
- Set up the Raspberry Pi (1-2 hours)
- Configure SSH everywhere (30 minutes)
- Deploy Pi-hole (20 minutes)
- Write your first blog post
- Keep building
Your homelab is your learning environment and your proof of work.
Make it real.