This is very cool, but you should not use Cloudflare Tunnels to stream media. This is forbidden by their terms of service (or at the very least not the intended use of Tunnels and they may disable your service). Use Wireguard or Tailscale instead.
There should be volunteer groups at local libraries running these services for their local communities.
It’d be a great way for kids to learn to operate services and a great alternative for anyone who wants to use the fantastic open source stuff that’s out there but lacks expertise or time.
> There should be volunteer groups at local libraries running these services for their local communities.
The problem with bespoke anything in computers is always the support.
No one wants to be on the hook for customer support. I absolutely agree with them.
There are a ton of "services" that exist solely to enable people to cut a check and say "Customer support is over there. Go talk to them and leave me alone."
Cloudflare Tunnel is a wonderful thing. In fact, Cloudflare itself is fantastic for homelabbers because it gives you so much for free. I used to just host direct on my own home IP, but nowadays I find it easier to just `cloudflared`. Don't have to worry about the firewall and any breaches into my network and all of that stuff.
I started from a similar place as you and then eventually now my IaaC for my homelab is just idempotent bash scripts written by Claude. The pattern I find with dependencies is that they have the property that someone wants to change some attribute and so the program needs to evolve for the attribute to be changeable. This means programs evolve to have many hinges and the interactions cause bugs one cannot reason about.
My needs for the homelab are fairly simple and the script can encode all the information it needs. As a human, writing such a script is tedious. As a human with an AI assistant, I've found that this is so much easier to worry about because bash is a fairly stable target.
Both my wife and I are reluctant to upload our entire photo collection spanning 20+ years to the cloud. Immich has been working really well for us, the experience for her is just as seamless as it would be for Google Photos, I think.
And at $180/yr for the 2TB of storage we'd need to pay for, vs. maybe $200 in hardware, it pays itself off pretty quickly... if you exclude the time spent setting it up and administering it. But I don't mind, it's a bit like digital gardening for me.
> Man, paying Google/Apple $5/mo is surely a much better solution for her. And are you really doing 3-2-1 on that?
Just some days back someone on reddit posted how their 14yo son (via a family/linked Google account) used Gemini Live to, err, enjoy himself with the camera on.
All his accounts are now permanently locked for CSAM.
So, yes, not being beholden to a megacorp absolutely has its uses.
yes, the economics, and ease of use, of google/apple cloud storage is unmatched
and yes, most people willing to endeavor into the area are hobbyist, with all that entails
however, reading even one story of someone losing access to their cloud photos for xyz reason, is enough to decide that you ought to have some mechanism in place to ensure ownership of your data
Software wise I find stuff pretty easy to set and forget. It's hardware that's always been the issue for me. When your power or internet goes out, everything goes down. While you move property, every thing is down. Currently my server has developed an issue with randomly crashing and rebooting I haven't been able to resolve yet.
Using a VPS entirely removes the hardware aspect, but it also mostly defeats the point of self hosting.
I don’t think it defeats the point at all. Uploading photos to Google is a massive privacy concern. Apple is maybe better in that way, but very limited cross-platform support, and when I’ve tried it, poor performance & pricing. Neither do well at higher end photography either.
For secrets management, I basically just use fnox everywhere (https://fnox.jdx.dev/). It's a frontend to tons more options than sops, although `age` is still included. I also think the DX is better but to each their own.
I recently did the math and was floored to see I’d be spending 1.3k per year on streaming alone. So I said screw it, bought a nas and 36 TB of hard drives and set up an arr stack. I cancelled all of our streaming subscriptions 2 months ago and it’s been the best decision I’ve ever made. Plus my whole family is doing the same from all around town. I’m saving my extended family on the order of 5-6k per year total.
The nas is going to pay itself off in a few months, then it’s all savings from there. If only these media billionaires didn’t get so greedy, I would have happily kept paying them.
Especially with Claude code, setting up something like this is basically just sitting down and prompting for a couple of hours.
The emerging benefits are nice too. Like we don’t have to sift through junk of Netflix or Hulu to find stuff we would actually watch. All of it is stuff we would watch because we added it ourselves. Really fun!
Another huge benefit is you can actually get high-bitrate streaming. Ripping a 4k Blu-ray & streaming it from home (for those who may not want to sail the seas) is sooooo much higher quality than typical streaming.
> I originally intended to try out the NixOS for the sake of reproducible builds and being able to store the configuration in a single place but got too lazy about it.
Ironically once I got over the hump of learning NixOS, I can't imagine using anything else for declarative configuration. Too lazy to use a traditional system which requires custom wiring.
You are doing more than I am (e.g. synchronized file storage, books, music), but I have radarr, sonarr, overseerr, plex, and supporting apps for movies and tv shows. Plex is available externally through its remote access feature. For the actual request system, I run OpenClaw with an Overseerr extension. This allows me to manage titles remotely via Telegram without any kind of tunnel or SSO. Simple and gets the job done for the solo-user scenario.
This is very cool, but you should not use Cloudflare Tunnels to stream media. This is forbidden by their terms of service (or at the very least not the intended use of Tunnels and they may disable your service). Use Wireguard or Tailscale instead.
https://www.xda-developers.com/cloudflare-tunnels-are-great-...
Yep, I rent a $5 VPS in my region that I tailscale to for exactly that reason, as well as to un-CGNAT myself.
For an easy GUI solution for the latter, highly recommend Nginx Proxy Manager.
There should be volunteer groups at local libraries running these services for their local communities.
It’d be a great way for kids to learn to operate services and a great alternative for anyone who wants to use the fantastic open source stuff that’s out there but lacks expertise or time.
> There should be volunteer groups at local libraries running these services for their local communities.
The problem with bespoke anything in computers is always the support.
No one wants to be on the hook for customer support. I absolutely agree with them.
There are a ton of "services" that exist solely to enable people to cut a check and say "Customer support is over there. Go talk to them and leave me alone."
Cloudflare Tunnel is a wonderful thing. In fact, Cloudflare itself is fantastic for homelabbers because it gives you so much for free. I used to just host direct on my own home IP, but nowadays I find it easier to just `cloudflared`. Don't have to worry about the firewall and any breaches into my network and all of that stuff.
I started from a similar place as you and then eventually now my IaaC for my homelab is just idempotent bash scripts written by Claude. The pattern I find with dependencies is that they have the property that someone wants to change some attribute and so the program needs to evolve for the attribute to be changeable. This means programs evolve to have many hinges and the interactions cause bugs one cannot reason about.
My needs for the homelab are fairly simple and the script can encode all the information it needs. As a human, writing such a script is tedious. As a human with an AI assistant, I've found that this is so much easier to worry about because bash is a fairly stable target.
Anyway, apart from that, I landed on using systemd's containers that use podman but otherwise not too different. My (far less polished) version of this post as a memory aid to myself: https://wiki.roshangeorge.dev/w/One_Quick_Way_To_Host_A_WebA...
This is not so much a fantasy about "being independent". Instead, it's a fantasy about being a sysadmin.
A good example of that is the guys on r/homelab explaining how they built a NAS so their wife could save her phone media without Google Photos.
Man, paying Google/Apple $5/mo is surely a much better solution for her. And are you really doing 3-2-1 on that?
Save the dicking around for your own stuff.
Both my wife and I are reluctant to upload our entire photo collection spanning 20+ years to the cloud. Immich has been working really well for us, the experience for her is just as seamless as it would be for Google Photos, I think.
And at $180/yr for the 2TB of storage we'd need to pay for, vs. maybe $200 in hardware, it pays itself off pretty quickly... if you exclude the time spent setting it up and administering it. But I don't mind, it's a bit like digital gardening for me.
> Man, paying Google/Apple $5/mo is surely a much better solution for her. And are you really doing 3-2-1 on that?
Just some days back someone on reddit posted how their 14yo son (via a family/linked Google account) used Gemini Live to, err, enjoy himself with the camera on.
All his accounts are now permanently locked for CSAM.
So, yes, not being beholden to a megacorp absolutely has its uses.
yes, the economics, and ease of use, of google/apple cloud storage is unmatched
and yes, most people willing to endeavor into the area are hobbyist, with all that entails
however, reading even one story of someone losing access to their cloud photos for xyz reason, is enough to decide that you ought to have some mechanism in place to ensure ownership of your data
Except with modern tooling it's not a huge task anymore to run these services.
Cost wise on the right hardware it is very cheap to run, add the privacy/personal control aspect it's no wonder so many people do it.
Software wise I find stuff pretty easy to set and forget. It's hardware that's always been the issue for me. When your power or internet goes out, everything goes down. While you move property, every thing is down. Currently my server has developed an issue with randomly crashing and rebooting I haven't been able to resolve yet.
Using a VPS entirely removes the hardware aspect, but it also mostly defeats the point of self hosting.
I don’t think it defeats the point at all. Uploading photos to Google is a massive privacy concern. Apple is maybe better in that way, but very limited cross-platform support, and when I’ve tried it, poor performance & pricing. Neither do well at higher end photography either.
In Ukraine I have visited SaaS company offices serving production traffic with an actual bunker like this. Physically underground.
Sounds more like a state of the private download engine to me :)
For secrets management, I basically just use fnox everywhere (https://fnox.jdx.dev/). It's a frontend to tons more options than sops, although `age` is still included. I also think the DX is better but to each their own.
I just use Infisical self hosted
Looks interesting, thanks for sharing. I am using SOPS, might be a good replacement.
I recently did the math and was floored to see I’d be spending 1.3k per year on streaming alone. So I said screw it, bought a nas and 36 TB of hard drives and set up an arr stack. I cancelled all of our streaming subscriptions 2 months ago and it’s been the best decision I’ve ever made. Plus my whole family is doing the same from all around town. I’m saving my extended family on the order of 5-6k per year total.
The nas is going to pay itself off in a few months, then it’s all savings from there. If only these media billionaires didn’t get so greedy, I would have happily kept paying them.
Especially with Claude code, setting up something like this is basically just sitting down and prompting for a couple of hours.
The emerging benefits are nice too. Like we don’t have to sift through junk of Netflix or Hulu to find stuff we would actually watch. All of it is stuff we would watch because we added it ourselves. Really fun!
Another huge benefit is you can actually get high-bitrate streaming. Ripping a 4k Blu-ray & streaming it from home (for those who may not want to sail the seas) is sooooo much higher quality than typical streaming.
Looking forward to the follow up post, State of Bunker 2029.
> I originally intended to try out the NixOS for the sake of reproducible builds and being able to store the configuration in a single place but got too lazy about it.
Ironically once I got over the hump of learning NixOS, I can't imagine using anything else for declarative configuration. Too lazy to use a traditional system which requires custom wiring.
Seems like it's down right now. I guess that's the "State of Homelab"? :)
Up for me.
You are doing more than I am (e.g. synchronized file storage, books, music), but I have radarr, sonarr, overseerr, plex, and supporting apps for movies and tv shows. Plex is available externally through its remote access feature. For the actual request system, I run OpenClaw with an Overseerr extension. This allows me to manage titles remotely via Telegram without any kind of tunnel or SSO. Simple and gets the job done for the solo-user scenario.