This repository contains setup templates and configuration files for various applications running in my home lab environment. It serves as a centralized location for maintaining and versioning infrastructure-as-code configurations.
| Group | Name | Domain | Ports | Backup | Update | SSO |
|---|---|---|---|---|---|---|
| glance | Glance | home | - | ✅ | ✅ | - |
| ha | Homeassistant | ha | - | ✅ | ✅ | ✅ |
| Mariadb | - | 3306 |
✅ | manual | - | |
| monaserver | Stick It Server | stick-it | - | ✅ | manual | - |
| Minio | minio, minio-admin | 9000, 9001 |
✅ | manual | - | |
| postgis | Db | - | - | ✅ | ✅ | - |
| tempserver | Tempserver | temppi | 8081 |
✅ | manual | - |
| traefik | Reverse Proxy | traefik | 443, 80 |
✅ | ✅ | ✅ |
| backup | Autorestic | - | - | - | manual | - |
| telegraf | Telegraf | - | - | - | ✅ | - |
| watchtower | Watchtower | - | - | - | manual | - |
| Group | Name | Domain | Ports | Backup | Update | SSO |
|---|---|---|---|---|---|---|
| immich-app | Immich Server | immich | - | ✅ | ✅ | ✅ |
| Immich Machine Learning | - | - | ✅ | ✅ | - | |
| Redis | - | - | ✅ | ✅ | - | |
| Database | - | - | ✅ | ✅ | - | |
| Immich Kiosk | diashow | - | ✅ | ✅ | ✅ | |
| jellyfin | Jellyfin | jellyfin | 8096 |
✅ | ✅ | ✅ |
| logging | Influxdb | influx | - | ✅ | ✅ | - |
| Grafana | grafana | - | ✅ | ✅ | ✅ | |
| Prometheus | prometheus | - | ✅ | ✅ | - | |
| Uptime Kuma | uptime | - | ✅ | ✅ | ✅ | |
| nextcloud | Nextcloud | nextcloud | - | ✅ | ✅ | ✅ |
| Database | - | - | ✅ | ✅ | - | |
| Redis | office | - | ✅ | ✅ | - | |
| Stirling Pdf | - | - | manual | - | ||
| pocket-id | Pocket Id | sso | - | ✅ | ✅ | - |
| stick-it-homepage | App | stick-it-home | - | ✅ | manual | - |
| traefik | Reverse Proxy | traefik | 443, 80 |
✅ | ✅ | ✅ |
| adguard | Adguardhome | dns | 53 |
- | ✅ | ✅ |
| Adguard Exporter | - | - | - | manual | - | |
| backup | Autorestic | - | - | - | manual | - |
| telegraf | Telegraf | - | - | - | ✅ | - |
| watchtower | Watchtower | - | - | - | manual | - |
| Group | Name | Domain | Ports | Backup | Update | SSO |
|---|---|---|---|---|---|---|
| pi-hole | Pihole | - | 4080, 53 |
- | ✅ | ✅ |
| Pihole Influxdb | - | - | - | ✅ | - | |
| traefik | Traefik | - | 443, 80 |
- | ✅ | ✅ |
| Crowdsec | - | - | - | manual | - | |
| adguard | Adguardhome | dns | 53 |
- | ✅ | ✅ |
| Adguard Exporter | - | - | - | manual | - | |
| telegraf | Telegraf | - | - | - | ✅ | - |
| watchtower | Watchtower | - | - | - | manual | - |
The homelab uses a WireGuard VPN hosted on an Ionos VPS with a public IP to securely connect remote devices (thinkpad, medion, NAS, and mobile devices) in a private network. Services run on the thinkpad and medion laptops in my parents basement.
Internet Access: External clients connect via HTTPS to the public IP, where a Traefik reverse proxy routes requests to services running on the internal devices over the encrypted VPN tunnel.
Internal Access: Clients connected to the VPN can directly access services without going through the reverse proxy, providing access to services that are not reachable from the outside.
Network Architecture:
graph TB
subgraph Internet["🌐 Internet"]
Users["External Users<br/>VPN Clients"]
end
subgraph Ionos["Ionos VPS - Public IP"]
PublicIP["Public IP Address"]
WGServer["WireGuard Server"]
NginxProxy["Nginx Reverse Proxy"]
end
subgraph VPN["🔒 WireGuard VPN Network"]
TP["💻 Thinkpad<br/>Services: glance, ha,<br/>tempserver, postgis"]
MD["💾 Medion<br/>Services: immich, jellyfin,<br/>nextcloud, adguard + more"]
NAS["📦 NAS<br/>Backups & Storage"]
Mobile["📱 Mobile Devices"]
end
Users -->|HTTPS| PublicIP
PublicIP --> NginxProxy
NginxProxy -->|Routes Services| WGServer
WGServer -->|Encrypted Tunnel| VPN
Mobile -.->|VPN Connection| WGServer
The goal of this repository is to:
- Maintain version control of configuration files
- Document setup procedures
- Backup setup procedures
- Share deployment configs with friends :)
Each application folder contains the used setup (mostly docker-compose.yml) and the used configuration files with exempted secrets.