My Home Lab: A Personal Chronicle of Building the Ultimate Personal Server

I've always been a tech enthusiast, and building my home lab has been a personal journey—a living record of my quest to create the ultimate personal server. This lab isn’t just about running containers or hosting apps; it’s a hands-on project that shows what I can really do when theory meets practice.

From Idea to Reality
It all started with a simple idea: to build a space where I could experiment, learn, and truly showcase my technical skills. Tired of interviews that seem stuck in the past, I decided to put together a setup that speaks for itself. This home lab is my answer to proving that my abilities go far beyond what a few outdated questions can measure.

What’s Running in My Lab
At the heart of my setup is Portainer, which I use to manage a variety of containerized applications. Here’s a look at some of the key stacks:

• GitLab: For version control and CI/CD pipelines.
• Plex: To stream my media collection.
• Ghost: For hosting my personal blog.
• Heimdall: Serving as a neat dashboard to keep track of all my services.
• HomeAssistant: For smart home management.
• Pi-hole: To block ads and boost network security.
• check the list below

And that’s just the beginning—I keep adding free, open source tools that help me push the limits of what my server can do.

Security First
Security is a top priority in my lab. I’ve integrated features like Cloud Tunnel to set up secure remote access and follow Ubuntu hardening practices to protect the system. Using reliable, open source security tools ensures that my setup stays robust against potential threats.

The Hardware Backbone
All this software runs on a solid foundation. My home lab is powered by:

• Operating System: Ubuntu 24.04
• Desktop Environment: KDE Plasma 5.27.12, with KDE Frameworks 5.115.0 and Qt 5.15.13
• Kernel: 6.11.0-17-generic (64-bit) on the X11 platform
• Processor: AMD Ryzen 9 3900X (12 cores, 24 threads)
• Memory: 62.7 GiB of RAM
• Graphics: AMD Radeon Pro WX 5100
• Motherboard: Gigabyte X570 AORUS ULTRA

This setup is built to handle complex tasks and run multiple applications smoothly—an essential part of building a system that truly meets my needs.

Lessons Learned

Building this home lab on a budget taught me that you don’t need a fancy setup to achieve amazing things. It's a humble, cost-effective rig that proves creativity and passion beat expensive hardware any day. Who knew that with a little ingenuity, a few free open-source tools, and a lot of trial and error, you could turn a cheap system into a powerhouse of learning and innovation? Interviews may expect high-end specs, but my lab shows that real skills come from resourcefulness, not just a big budget.

List of services

• Calibre

  Calibre-web is a web app providing a clean interface for browsing, reading and downloading eBooks using an existing Calibre database. It is also possible to integrate google drive and edit metadata and your calibre library through the app itself.

• Code Server

  Code-server is VS Code running on a remote server, accessible through the browser.

• Heimdall

  As the name suggests Heimdall Application Dashboard is a dashboard for all your web applications. It doesn't need to be limited to applications though, you can add links to anything you like.

  Heimdall is an elegant solution to organise all your web applications. It’s dedicated to this purpose so you won’t lose your links in a sea of bookmarks.

  Why not use it as your browser start page? It even has the ability to include a search bar using either Google, Bing or DuckDuckGo.

• Swag

  SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.

• NextCloud

  Where are your photos and documents? With Nextcloud you pick a server of your choice, at home, in a data center or at a provider. And that is where your files will be. Nextcloud runs on that server, protecting your data and giving you access from your desktop or mobile devices. Through Nextcloud you also access, sync and share your existing data on that FTP drive at the office, a Dropbox or a NAS you have at home.

• Plex

  Plex organizes video, music and photos from personal media libraries and streams them to smart TVs, streaming boxes and mobile devices. This container is packaged as a standalone Plex Media Server. Straightforward design and bulk actions mean getting things done faster.

• Grocy

  Grocy is an ERP system for your kitchen! Cut down on food waste, and manage your chores with this brilliant utility.

  Keep track of your purchases, how much food you are wasting, what chores need doing and what batteries need charging with this proudly Open Source tool

• HomeAssistant

  Home Assistant Core - Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server

• Grav

  Grav⁠ is a Fast, Simple, and Flexible, file-based Web-platform.

• qBittorrent

  The Qbittorrent project aims to provide an open-source software alternative to µTorrent. qBittorrent is based on the Qt toolkit and libtorrent-rasterbar library.

• FreeTube

  FreeTube is a feature-rich and user-friendly YouTube client with a focus on privacy.

• PiHole+Unbound

  Network-level blocking allows you to block ads in non-traditional places such as mobile apps and smart TVs, regardless of hardware or OS.

  PiKVM , PhotoPrism, Bitwarden/Vaultwarden, mergerfs authelia/caddyMastodon

• reverse-proxy-confs

• Docker repositories

I haven't addressed a few aspects that are really important and should be implemented before any of the applications mentioned above. Below is a the list of remaining tasks:

• Security – The main OS is still not as I would like it to be. I need to harden the system, ensure proper firewall rules, and review access controls to minimize vulnerabilities.
• Backup/Disaster Recovery – Implement automated, redundant backups with offsite storage to prevent data loss in case of system failure.
• Monitoring/Alerting – Set up proactive monitoring for disk space, security intrusions, logs, errors, bad sectors, and performance anomalies. Ensure real-time alerts are configured for critical failures.
• Scaling/Autoscaling – I need another physical server, and I will probably install it in Iași, Romania. I should define a strategy for load balancing, failover handling, and resource optimization to ensure smooth scaling.

Next Critical Tasks to Tackle

1. Security

• ✅ OS Hardening: Configure security best practices (disable unused services, enforce strong SSH policies, apply SELinux/AppArmor where applicable).
• ✅ Firewall & Network Rules: Set up strict firewall rules using iptables, UFW, or a cloud-based security group.
• ✅ User & Access Controls: Implement Role-Based Access Control (RBAC) and limit root/sudo access.
• ✅ Vulnerability Scanning: Use tools like Lynis, OpenVAS, or Nessus to detect system weaknesses.

2. Backup/Disaster Recovery

• ✅ Automated Backups: Schedule incremental and full backups using rsync, BorgBackup, or Restic.
• ✅ Redundant Storage: Ensure offsite backups using cloud storage (S3, Backblaze) or another physical location.
• ✅ Disaster Recovery Plan: Document a recovery procedure, including expected Recovery Time Objective (RTO).
• ✅ Testing & Validation: Regularly test restoring backups to ensure data integrity.

3. Monitoring/Alerting

• ✅ Resource Monitoring: Set up Prometheus + Grafana for CPU, RAM, disk space, and network usage.
• ✅ Log Aggregation: Centralize logs using ELK Stack (Elasticsearch, Logstash, Kibana) or Graylog.
• ✅ Security Alerting: Configure Fail2ban for SSH brute-force protection and OSSEC/Wazuh for intrusion detection.
• ✅ Hardware Health Checks: Implement SMART monitoring for disk failures, bad sectors, and RAID status.

4. Scaling/Autoscaling

• ✅ Physical Server Deployment: Procure a second machine and set it up in Iași, Romania.
• ✅ Load Balancing: Deploy HAProxy or NGINX Reverse Proxy for high availability.
• ✅ Database Replication: Set up PostgreSQL/MySQL master-slave replication if applicable.
• ✅ Auto-Provisioning: Consider using Terraform + Ansible for infrastructure automation.
• ✅ Network & Power Redundancy: Ensure backup power and secondary ISP for failover.