My Homelab Setup Journey

Todo

• Setup Proxmox ZFS Pool
• Purchase a domain name and get the required certificate from ACME ✅ 2025-04-30
  • https://pve.proxmox.com/wiki/Renaming_a_PVE_node
  • https://forum.proxmox.com/threads/hostname-fqdn-huh.63667/
• Setup auto-patching of Proxmox OS
• Setup a NAS for dufs and CTFd to use
• Setup Proxmox Backup
• Run vulnerability scans with Greenbone
  • https://www.reddit.com/r/selfhosted/comments/1end5j6/advice_on_exposing_some_services_on_proxmox_to/
• Setup Linux Users with Principle of Least Privilege
• Setup Proxmox ACL (Software Firewall)

April 23 2025

• Setup old desktop to start running again, and plugged in:
  • 512GB HDD
  • 8TB HDD
• Realized that setting up any sort of RAID on the server would waste a ton of storage, since RAID only strips and mirrors from the smallest disk, which would mean 7.5TB are wasted.
• Watched this video: (https://inv.nadeko.net/watch?v=AP61_ETd2GE) on how to setup NAS on proxmox. Decided to use a Proxmox ZFS Pool to handle storage
• The domain FQDN must be left as invalid, since I dont have a certificate at this point in time. https://forum.proxmox.com/threads/hostname-fqdn-huh.63667/. I set mine as host1.invalid
• I finish the installation, and then access the webUI on my laptop
• To update the system to allow for the disk tab to be visible, we first:
  • Disable enterprise repos and enable non-subscription repos in the webui
  • We run this script: https://community-scripts.github.io/ProxmoxVE/scripts?id=post-pve-install
• The second disk that is 8T must be partitioned before proxmox is able to see it and attach it as storage https://forum.proxmox.com/threads/how-to-add-hard-drive-to-host.119376/ or https://inv.nadeko.net/watch?v=zIoDXWKsorg
  • I decided to use it as Proxmox LVM-Thin Storage
  • 
  • 

April 25 2025

I setup Tailscale

April 29 2025

Today i just bought a hostname

April 30 2025

I renamed the hostname, forgot to backup and ruined my nodes. now i have to reinstall…

• Its ok though, we ended up adding everything back really quickly
• We setup NGINX
• DDNS with a porkbun script
• We also setup Certificates
• Setup router port forwarding to lead to nginx’s port 80 and 443

March 1 2025

• I setup firewall rules for each node

March 2 2025

• We need to setup CI/CD for each website that runs on my server (as i will update them constantly, especially the obsidian vault)
• I create a Github Runner, and then create a systemD service to run it on startup
  • There is a specific technicality that github runner run.sh script must be ran as user, and LXC does not allow user services. So, we must edit the sudoers file to only allow the specific command sudo systemctl restart mysite.service
• create a systemD service to run the web app as the webrunner user

May 25 2025

• We tried setting Invidious directly. Failed for videoJS reasons. Trying to diagnose why

May 27 2025

• We setup Kubernetes

May 29 2025

• The issue with my previous invidious instance was that, invidious’s tutorial expected the reverse proxy to run on the same device that is hosting invidious. My device was not!
• So, obviously we expose the original website, but I did not expose the server (invidious companion) to the public, so I changed that in NGINX to create a new subdomain for the server, now thats publically accessible!!!