This is what i did but on the router. I have openwrt on the router. You can install an extension called PBR (policy based routing) on it.

Then you set up one wireguard interface that’s in the same firewall zone as your LAN to your lan and another that’s in the WAN. You can create policies to route any outbound connections (including the ones from your mobile client devices) through the commercial WAN wireguard connection.

In addition for family members access i set up a pangolin instance (kind of like tailscale but selfhosted) on a Hezner VPS and a very simple oauth provider (pocket id) for authentication. Ive got a bunch of users and nobody had any problems with the signup process after i sent them the invite link.

That way i can always be directly in my lan but other users can access without accessing my lan at all.

Surgeon.

Seeing tech ceo’s at the trump inauguration got me sick in the stomach. I unsubscribed from everything out of spite and nausea and learned to selfhost over the course of what is almost a year now. At first it took up all my spare time and made my wife crazy. Now it’s been several weeks since i last had to sudo anything.

It also opened my eyes to how stupid everything IT related in my country is. My municipality for example bought for what has now become a billion fucking euros a digital health record system from Epic. It’s the shittiest piece of software ive ever used, fully closed source and there’s ongoing customization costs trying to get it to work. We’re also a 100% onboard with office360 (copilot and all).

As a phycisian ive used AI to check if i have missed anything in my train of thought. Never really changed my decision though. Has been useful to hather up relevant sitations for my presentations as well. But that’s about it. It’s truly shite at interpreting scientific research data on its own for example. Most of the time it will parrot the conclusions of the authors.

Just run a small linux pc and a wireless keyboard+mouse

Ive been very satisfied with my two user instance set up using the AIO container via docker compose. They have that as a standardized deployment method nowadays. You can choose additional integrated services like onlyoffice and schedule backups via borg in the AIO mastercontainer’s webUI. My server (with a i3 coffee lake and 16GB DDR4) has 14 other services including immich and jellyfin. No performance issues whatsoever. I think nextcloud has really stepped it up.

We (me and my wife) even use the kanban board as a PWA Although it’s a little clunky it works and all the deadlines even show up as tasks in my ical. Caldav was a bit weird to set up though.

Using the virtual file sync client for osx so most of the files are actually never kept on the client device.

Religion?

My duckdns domain was deemed untrustworthy and i hit the firewall with it.

Spinning up a pangolin instance on a vps and getting a proper .fi (finland) domain fixed it. Plus it’s pretty bad form exposing ports directly instead of using a reverse proxy (and im guessing youre not using something like fail2ban and crowdsec and geoblocking either to keep the bots out.) Pangolin is an “all in one” solution that uses traefik for reverse proxy, handles certs automatically and almost automates the setup of Crowdsec for you. I highly recommend it. Can be used locally too if needed.

Im on the same boat. Especiakly claude opus 4.5 writes better scripts in 20s than i could in 2 hours of web search and debugging

For critical baremetal/live situations i will use the docs and/or use AI for debugging help only.

Im on the same boat, Pangolin on a vps with some other services. Really inpressed with pangolin and usung pocket id for oauth witg great success

I’ve been using desec.io since it’s european, non profit and privacy oriented. Bring your own domain though. Works well, although my caddy plugin has problems getting certs sometimes. My pangolin instance never has any issues getting certs so might be caddy desec plugin specific.

Id recommend setting up a domain even if just for local use. No-ip.com is at least working for me right now (i have free throwaway domain set up there and my router is keeping my dynamic ip dns records up to date so i can wireguard into my router/lan even if the ip changes).

You dont need to expose your services but if you ever do want to, it’s so much easier if youve got a working reverse proxy infront already set up plus you can use https via let’s encrypt certifications inside LAN

Setting up (sub)domains in lan forces you to learn to use a reverse proxy like caddy traefik or nginx. Personally to me NPM(nginx proxy manager) was the easiest to use but i use caddy nowadays. For half a year i didnt expose anything but after wanting to share some albums with the extended family i decided to do so via pangolin hardened with crowdsec running on a virtual private server. Pangolin - while not as easy as tailscale is selfhosted and is very well documented and works well. Then internally, i still have my casdy reverse proxy and certs.

All the services work with the same domain names internally (via the routers dns) and externally. Internally the domain simply points to my severs LAN address. Externally the domain points to my VPS where Pangolin relays my internal domains to the users but adds an extra authentication layer/recerseproxy/access control layer infront. For authentication i use Pocket ID. I can reach nextcloud and access and edit all my documents and other files right there in the browser from any computer which is very convinient.

Im using debian btw and non zfs system, so mileage may of course vary.

Two 4tb disks in raid 1 is a waste of money for most selfhosters. Unless you really want to avoid downtime due to disk failure. (and even then you could get a power outage or a network failure). A second disk will protect you from disk failure but not from other forms of data loss (like you fucking up something and erasing all of your family photos).

Do you also plan to buy some cold storage medium and cloud storage or a remote backup server or something (for 3+2+1 backups)? thats way more important.

Ive got an office pc with a 9th gen intel i3 4 core, 16gb RAM, you can propably find one for 100-200 dollars. Ive installed a 4TB NVMe into it.

For nightly remote backups i have a pi with another 4TB NVMe(overkill for sure, you could use pretty much anything for this) and for cold store i have 4TB external that i plug in when i remember.

I run docker and immich, nextcloud+office, jellyfin + a bunch of smaller services. I could perhaps use a little bit a better gpu for jellyfin transcoding sometimes with certain 4k files. Otherwise no need for upgrades.