State of Homelab 2026

State of Homelab 2026(mrlokans.work)

124 points by swq115 57 days ago | 98 comments

This is very cool, but you should not use Cloudflare Tunnels to stream media. This is forbidden by their terms of service (or at the very least not the intended use of Tunnels and they may disable your service). Use Wireguard or Tailscale instead.

https://www.xda-developers.com/cloudflare-tunnels-are-great-...

ZeWaka 57 days ago | |

Yep, I rent a $5 VPS in my region that I tailscale to for exactly that reason, as well as to un-CGNAT myself.

For an easy GUI solution for the latter, highly recommend Nginx Proxy Manager.

watermelon0 57 days ago | |

Cloudflare Tunnel publicly exposes your services, whereas Wireguard/Tailscale are VPNs.

Tailscale (but not Headscale) offers Funnel, which is a reverse proxy, but you cannot use it with your own domain.

Pangolin is the closest alternative to CF Tunnel, but self-hosted NetBird with reverse proxy functionality can also be used.

oynqr 57 days ago | | |

The intersection of people who can self host headscale or netbird and those who can not set up their own reverse proxy is probably the empty set.

antihero 57 days ago | |

Can tailscale funnel do custom domains yet?

Personally I'm switching to rathole+traefik, weirdly something I was researching and experimenting with in the early hours of this morning (I have now not slept and have to go to work).

ffsm8 57 days ago | | |

Haven't used it like that myself, but stumbled upon this last year

https://tailscale.com/docs/concepts/domain-ownership

This let's you use your own domain for your tailnet, isn't the funnel but - but isn't it even better? Unless you actually want a publicly routable domain name, then you're back some hosted ingress I guess

jasonfrost 57 days ago | |

IIRC CF terms were about caching media not streaming media

AdrienPoupa 57 days ago | | |

Since https://blog.cloudflare.com/updated-tos it is not completely clear if you disable Cloudflare's cache indeed. Still the terms are unclear enough that they could cut you out, and I'd feel uneasy exposing a Jellyfin instance publicly, but that's just me :)

jsphweid 57 days ago |

This is not so much a fantasy about "being independent". Instead, it's a fantasy about being a sysadmin.

antihero 57 days ago | |

I actually really like not having to worry if some licensing deal means my access to music I love gets shut off.

altmanaltman 57 days ago | |

Isn't responsibility the trade off for independence?

You can't have one without the other.

hombre_fatal 57 days ago | |

A good example of that is the guys on r/homelab explaining how they built a NAS so their wife could save her phone media without Google Photos.

Man, paying Google/Apple $5/mo is surely a much better solution for her. And are you really doing 3-2-1 on that?

Save the dicking around for your own stuff.

stratts 57 days ago | | |

Both my wife and I are reluctant to upload our entire photo collection spanning 20+ years to the cloud. Immich has been working really well for us, the experience for her is just as seamless as it would be for Google Photos, I think.

And at $180/yr for the 2TB of storage we'd need to pay for, vs. maybe $200 in hardware, it pays itself off pretty quickly... if you exclude the time spent setting it up and administering it. But I don't mind, it's a bit like digital gardening for me.

user_7832 57 days ago | | |

> Man, paying Google/Apple $5/mo is surely a much better solution for her. And are you really doing 3-2-1 on that?

Just some days back someone on reddit posted how their 14yo son (via a family/linked Google account) used Gemini Live to, err, enjoy himself with the camera on.

All his accounts are now permanently locked for CSAM.

So, yes, not being beholden to a megacorp absolutely has its uses.

pbasista 57 days ago | | |

> Man, paying Google/Apple $5/mo is surely a much better solution for her.

According to which criteria?

There are values beyond "basic convenience" that are important as well. Being independent from a subscription service is one of them. Having full control over your own media being another.

Moreover, subscriptions in general have disadvantages. For example:

1. If a subscription service decides to increase their prices tenfold, there is nothing a customer can do to stop them.

2. If they decide to stop operating completely, a customer also has no say into the matter.

3. If the subscription service decides to just unilaterally stop offering the service to a particular user, they can do so at their own discretion, at any time.

This all means that whatever value is being "obtained" by using a subscription service, it is only going to last for as long as the provider wants it to last.

denkmoon 57 days ago | | |

and lose a lifetime's worth of pictures because Google identified a pic of your toddler in their pyjamas as CSAM and nuked your life. Or your 13y/o kid fiddled with themselves infront of gemini. etc

Of all the dicking around one can do in a homelab, and I'm guilty of plenty of it, setting up some network storage for photo backup is easily one of the highest value things you can do.

puppymaster 57 days ago | | |

ha even better on /r/localllm husbands are scratching their head why their wives and kids just won't use their local chatgpt. It's fast and i bought 4 5090 for this why won't they use it!

Brothers, maybe they don't want you to see all their private chats with AI?

sylens 56 days ago | | |

The upfront costs are pretty big but over time it’s not too bad to do 3-2-1. I doubt you’ll come out on top of Google every time - there’s a reason their prices are so low, and that’s more of an incentive to leave than to save a few dollars.

For me, I run Immich off a Beelink S12 Pro mini PC, with the photos themselves stored on my Synology NAS. Every night, I backup the VM with docker that runs Immich to the NAS, then the entire NAS gets backed up to Synology’s Cloud. My upfront costs were the NAS, the drives, and the mini PC, and my ongoing costs are electricity and the cloud storage fee for Synology’s cloud (about $70/year for a terabyte). That’s not cheaper than Google, but it does prevent them from having access to photos of my kids and family.

lostmsu 57 days ago | | |

Well no, Google at some point in mid 201x screwed up some of photos hosted on Photos.

My personal backup has been flawless (so far).

Would have spent a couple thousand $ by now, if stayed on it.

whoahwio 57 days ago | | |

yes, the economics, and ease of use, of google/apple cloud storage is unmatched

and yes, most people willing to endeavor into the area are hobbyist, with all that entails

however, reading even one story of someone losing access to their cloud photos for xyz reason, is enough to decide that you ought to have some mechanism in place to ensure ownership of your data

dugite-code 57 days ago | | |

Except with modern tooling it's not a huge task anymore to run these services.

Cost wise on the right hardware it is very cheap to run, add the privacy/personal control aspect it's no wonder so many people do it.

easterncalculus 55 days ago | | |

Got a lot of downvotes here but this is just good advice. One of the good things about the split between the "homelab" and "selfhosted" communities - they are solving fundamentally different things.

At the very least, it should be a separate network segment between 'things that have to run all the time, especially for other people' and the network you set up weird storage arrays or BGP or whatever you're having fun with.

poulpy123 56 days ago | |

Honestly it's not for everyone, but if you have reasonable expectations and needs, and have some linux knowledge (or the motivation to get it) it's not extremely difficult

cadamsdotcom 57 days ago |

There should be volunteer groups at local libraries running these services for their local communities.

It’d be a great way for kids to learn to operate services and a great alternative for anyone who wants to use the fantastic open source stuff that’s out there but lacks expertise or time.

bsder 57 days ago | |

> There should be volunteer groups at local libraries running these services for their local communities.

The problem with bespoke anything in computers is always the support.

No one wants to be on the hook for customer support. I absolutely agree with them.

There are a ton of "services" that exist solely to enable people to cut a check and say "Customer support is over there. Go talk to them and leave me alone."

nateberkopec 57 days ago |

For secrets management, I basically just use fnox everywhere (https://fnox.jdx.dev/). It's a frontend to tons more options than sops, although `age` is still included. I also think the DX is better but to each their own.

znnajdla 57 days ago | |

I just use Infisical self hosted

cassianoleal 57 days ago | | |

Seeing that fnox explicitly lists Infisical as a supported provider, I imagine they serve different purposes.

8cvor6j844qw_d6 57 days ago | |

Looks interesting, thanks for sharing. I am using SOPS, might be a good replacement.

import 57 days ago |

> There’s something appealing in that idea, being independent and prepared, a male fantasy likely never coming to life

There’s still cloudflare in the middle of the everything and it doesn’t make it “independent”.

arjie 57 days ago |

Cloudflare Tunnel is a wonderful thing. In fact, Cloudflare itself is fantastic for homelabbers because it gives you so much for free. I used to just host direct on my own home IP, but nowadays I find it easier to just `cloudflared`. Don't have to worry about the firewall and any breaches into my network and all of that stuff.

I started from a similar place as you and then eventually now my IaaC for my homelab is just idempotent bash scripts written by Claude. The pattern I find with dependencies is that they have the property that someone wants to change some attribute and so the program needs to evolve for the attribute to be changeable. This means programs evolve to have many hinges and the interactions cause bugs one cannot reason about.

My needs for the homelab are fairly simple and the script can encode all the information it needs. As a human, writing such a script is tedious. As a human with an AI assistant, I've found that this is so much easier to worry about because bash is a fairly stable target.

Anyway, apart from that, I landed on using systemd's containers that use podman but otherwise not too different. My (far less polished) version of this post as a memory aid to myself: https://wiki.roshangeorge.dev/w/One_Quick_Way_To_Host_A_WebA...

znnajdla 57 days ago |

In Ukraine I have visited SaaS company offices serving production traffic with an actual bunker like this. Physically underground.

tobi_bsf 57 days ago |

I will never get why the F people are putting all this stuff into the public internet vs just using tailscale.

antihero 57 days ago | |

It is nice to download an app and then just point it at a public URL as opposed to having to rely on the device being in the same tailnet.

s_ting765 57 days ago | |

Tailscale is an overkill solution. Opening ports 80 and 443 for a reverse proxy is enough security provided your apps don't have broken authentication. I've been doing this for years now.

Hamuko 57 days ago | | |

Validating every single service I run on my home server for security (currently at 30 containers + other non-containerised random crap) vs. enabling the built-in Wireguard server on my router (which is more or less as simple as setting up Tailscale). I have a very different idea on which of these is overkill.

fiend00 57 days ago | |

An external non-technical user needs to connect to your Jellyfin via their Smart TV (that doesn't have tailscale available to install), I guess.

nodesocket 57 days ago |

I have a homelab with 4x Raspberry Pi 4's running Kubernetes a GMKtec Intel i5-12450H and a ProLiant ML350p Gen8 (which uses an ungodly amount of power). I'd add the following software/tools which have been awesome:

  - Portainer running on GMKtec & ProLiant
  - Dozzle (docker log viewer) on GMKtec & ProLiant
  - Beszel (server monitoring, awesome) all hosts
  - Kubetail (Kubernetes log viewer on Pi K8s)
  - HomeAssistant
  - Jellyfin
  - UptimeKuma (uptime and notifications)
  - Semaphore UI (ansible playbook runner)
  - Metabase (querying and visualization for dbs)

mrmlz 57 days ago | |

I've recently upgraded my ageing X8SIL Supermicro with an i5 to a X10 Sm board with a 2960 V4 14core Xeon... I was expecting a horrible power situation but it's less than 100w with a handful of spinning disks etc.

I see lots of people complaining on power with their re-used ProLiant and others etc. Is it the throttling or bios settings that messes with the idle power?

Or are you just running it at 100% and my low usage is what saves my electricity bill?

nodesocket 57 days ago | | |

I'm at about 150 watts at idle with 2x Intel E5-2640 with 8x drives. I've gone through the BIOS pretty thoroughly and optimized as much as possible.

willio58 57 days ago |

I recently did the math and was floored to see I’d be spending 1.3k per year on streaming alone. So I said screw it, bought a nas and 36 TB of hard drives and set up an arr stack. I cancelled all of our streaming subscriptions 2 months ago and it’s been the best decision I’ve ever made. Plus my whole family is doing the same from all around town. I’m saving my extended family on the order of 5-6k per year total.

The nas is going to pay itself off in a few months, then it’s all savings from there. If only these media billionaires didn’t get so greedy, I would have happily kept paying them.

Especially with Claude code, setting up something like this is basically just sitting down and prompting for a couple of hours.

The emerging benefits are nice too. Like we don’t have to sift through junk of Netflix or Hulu to find stuff we would actually watch. All of it is stuff we would watch because we added it ourselves. Really fun!

anon7000 57 days ago | |

Another huge benefit is you can actually get high-bitrate streaming. Ripping a 4k Blu-ray & streaming it from home (for those who may not want to sail the seas) is sooooo much higher quality than typical streaming.

Gigachad 57 days ago | | |

It is so sad how with the internet we have accepted terrible media quality. Instant messaging and social media reduces photos to 1MP and heavily compressed. It's fine for a photo or meme you are only looking at once and scrolling past. But if it's something you'd want to save, the quality is garbage.

I'd honestly rather apps stop providing hosted media and just do the delivery, let me worry about backing up history. iMessage seems to be the only one sending things in full quality.

ZaoLahma 57 days ago | |

I do a hybrid, where I keep lowest tier subscriptions but choose to watch content off of our media server setup at the highest available quality, without advertisement.

I don't mind paying for what I consume, but God damn is the value proposition at the floor currently. Here even the rather expensive mid tier subscription gives you 1080p at most with all the big players. It's as if they somehow converged to this model and aren't competing anymore. Coincidence, I'm sure.

kenniskrag 57 days ago | |

Is that legal? Do you avoid uploading somehow?

poulpy123 56 days ago | | |

Of course it's not legal

globular-toast 57 days ago | |

Alternatively, you could not give them your money or your time. Find other hobbies and kick the "content" addiction.

SuperMouse 57 days ago |

For me it's a Intel n100 box with Proxmox. Auto Updates (without auto reboot) fully activated). It just works.

For accessing my home network I've rented a 1€-VPS that acts as a Wireguard connection hub.

stefandesu 57 days ago | |

Can you point us to the service that offers a 1€ VPS?

Hamuko 57 days ago | | |

Probably of interest to you: https://lowendbox.com/blog/1-vps-1-usd-vps-per-month/

SuperMouse 57 days ago | | |

Ionos (VPS XS+)

1 Core with 512MB RAM combined with Wireguard easily shuffles a few GBit/s.

prmoustache 57 days ago |

Author seems to be mixing up homelab and selfhosting which are 2 different concepts.

Self hosting is hosting services and data you actively use. While I don't seek 99.9999% of availability, this is not where I want to explore and break things on purpose.

Homelab is en environment one use to learn and that is ready to be scratched/broken for the sake of learning. This is definitely not the place where I want to host my personnal services and files (or at least not as primary copy/endpoint).

atlgator 57 days ago |

You are doing more than I am (e.g. synchronized file storage, books, music), but I have radarr, sonarr, overseerr, plex, and supporting apps for movies and tv shows. Plex is available externally through its remote access feature. For the actual request system, I run OpenClaw with an Overseerr extension. This allows me to manage titles remotely via Telegram without any kind of tunnel or SSO. Simple and gets the job done for the solo-user scenario.

zihotki 57 days ago |

For those who's looking into a good homelab servers - better look at the refurbrished/used mini-pc based on 5th gen of Intel, like i5 11500T (HP ProDesk 400 G5 Mini for example), or ryzen. You'll get better thermals, better CPU, more expansion slots for cheaper than you can get out of NUC.

On top of that, resellers also often have upgrades for RAM and NVME available. WD-Red OEM 1Tb for less than 100 dollars sounds like bargain.

theandrewbailey 57 days ago | |

> 5th gen of Intel, like i5 11500T

That's an 11th gen Intel Core CPU, not 5th.

colordrops 57 days ago |

> I originally intended to try out the NixOS for the sake of reproducible builds and being able to store the configuration in a single place but got too lazy about it.

Ironically once I got over the hump of learning NixOS, I can't imagine using anything else for declarative configuration. Too lazy to use a traditional system which requires custom wiring.

MrLokans 57 days ago | |

I'll definitely give it a try, somewhere in the future

lukebaze 57 days ago |

The support problem is real, but it's also solvable if you're not trying to support strangers. Ran Nomad + Consul for 50 services at my last place and the ops overhead was brutal until we stopped treating it like a public service. In practice, homelab stuff works great when it's just you or a small team that actually knows how to SSH into a box. Library volunteers handling production services for the community? That's a different animal entirely, fwiw.

ceinewydd 57 days ago |

Looking forward to the follow up post, State of Bunker 2029.

lorenzohess 57 days ago |

How do you feel about the privacy implications of Cloudflare theoretically being able to read all your data? I guess this theoretical downside is outweighed by the practical upsides?

MrLokans 57 days ago | |

Yes, the convenience of being able to access your data everywhere is very hard to overcome. The largest downside is the reliability of the Cloudflare platform, as if it goes down, you'll have problems accessing any of the exposed services, and it has indeed been problematic some time ago, when they were down for an extended period of time.

If I overcome my laziness, I'm going to invest a bit into Tailscale/WireGuard set-up, with some bastion host perhaps.

oaiey 57 days ago |

Sounds more like a state of the private download engine to me :)

cybercatgurrl 57 days ago |

I was with you until you decided to gender your desires.

oofbaroomf 57 days ago |

Seems like it's down right now. I guess that's the "State of Homelab"? :)

KomoD 57 days ago | |

Up for me.