goonK

Homelab / Unclouding

A living page about learning to self-host, run small infra, and keep it boring (in a good way).

Why

  • Practice platform thinking: deployments, backups, upgrades, and failure modes
  • Keep ownership of my data and services where it makes sense
  • Learn by running real systems, not just reading docs

At a glance

Internet
  │
      └─ VPS: xpekatt-hel (Ubuntu, Hetzner) [PUBLIC]
        ├─ Nginx Proxy Manager (public ingress)
        ├─ f1-dashboard
        └─ Delve (+ other containers)
        │
        └─ Tailscale tailnet (private)
          ├─ VPS: claw-hel (Ubuntu, Hetzner)
          │    └─ openclaw
          │
          └─ Home: thunkstation (OpenMediaVault)
            ├─ Immich (+ other containers)
            ├─ Gitea + runners (CI/CD jobs)
            └─ Prometheus + Grafana

    Only xpekatt-hel is internet-facing; 
    everything else is reachable via Tailscale.

Machines

  • thunkstation (physical box)
    • OpenMediaVault
    • Runs containers, including Immich, Jellyfin and a few others
    • Private Gitea instance + Gitea runners for CI/CD jobs
    • Prometheus + Grafana for metrics and dashboards
  • xpekatt-hel (VPS, Ubuntu @ Hetzner)
    • Runs containers including f1-dashboard and Delve (plus other services)
    • Nginx Proxy Manager for routing
  • claw-hel (VPS, Ubuntu @ Hetzner)
    • Runs openclaw
    • Not public-facing: accessed via SSH from other Tailscale nodes (and via Telegram)

Network

  • Tailscale mesh: all machines live on the same tailnet and can talk to each other directly
  • Public ingress: only xpekatt-hel is exposed to the internet (via Nginx Proxy Manager)
  • Private services: thunkstation and claw-hel are only reachable over Tailscale
  • Routing: because xpekatt-hel is also on Tailscale, it can forward traffic to containers/services running on the other machines

Observability

  • node-exporter runs on each machine and exposes health/metrics
  • Prometheus scrapes metrics and stores time series data (on thunkstation)
  • Grafana dashboards sit on top (on thunkstation)

Principles

  • Backups exist (and are tested)
  • Updates are planned (and reversible)
    • pin versions where it matters
    • keep notes on breaking changes
  • Observability: logs first, then metrics when needed
  • Small surface area: fewer moving parts, fewer surprises

Todo

  • Move more config/docker compose files into git.
  • Migrate away from OMV and just run a normal distro, OMV is good but bulky.
  • Move the OMV box out of the kitchen. :P