• Posts

** 2026-01-01

** 18 minutes

Over 2025, I’ve come to realise quite how much I rely on the services running on my home server. Sure, I could still get on with most aspects of life, but so much revolves around my services being there and working. Over time, I only intend to grow that dependence, so I want to make sure everything is at its best.

Much like 2024, 2025 has been another long and tiring year for a number of reasons. As a result, there’s not much which has changed dramatically. Instead, most of the changes this year have been about making my life easier, making tools more useful and generally making less work for myself.

And so, continuing with tradition, let’s take a walk through my infrastructure:

#Applications

Most of the web applications I use day-to-day are hosted on my own infrastructure - just the way I like it. I see many people asking "I have a server, what should I host?". To me, that’s just the wrong question. Host the things you want to host - whether to replace a service which isn’t meeting your needs, gain some privacy, or fill a gap in your life you may not have known you have.

This is the list of applications I run. There might be services missing from this list that you can’t live without, or ones on here you think are pointless - and that’s ok. I run these for me and my family, no one else.

• atuin - Terminal history syncing
• AdGuardHome - Local DNS and ad blocking
• Baby Buddy - Tracking the mundane things as a parent
• Bluesky PDS - Bluesky Personal Data Server
• Calibre - Ebook management
• Comentario - Website comments
• FreshRSS - RSS aggregator
• Forgejo - Git hosting
• Grafana - Pretty graphs
• Headscale - VPN control plane for Tailscale
• HomeAssistant - Home automation
• Immich - Photo management
• Jellyfin - Media streaming
• Karakeep - "Read it later" list
• Librespeed - Speed test
• Macau - URL shortener
• Mastodon - Federated social media
• Nextcloud - File storage, calendar and contacts
• ntfy - Notifications
• Pocket ID - OIDC authentication server
• Plausible - Website analytics
• Privatebin - Secure file transfer
• Prometheus - Metrics collection / monitoring
• Qbittorrent - Torrent downloading
• Renovate - Dependency management
• Synapse - Matrix server
• Syncthing - File syncronisation
• Tandoor - Recipes
• Traefik - Reverse proxy
• Uptime Kuma - Availability monitoring
• Vaultwarden - Password manager
• Vikunja - Task list
• Whoami - Test application

Much like last year, this list hasn’t changed a huge amount. I’m currently in between a lot of changes. There are tools I’d like to change and swap out, but I haven’t had the time or energy to go through the transition effort. Most of them "just work" or are fine enough for now.

Underpinning everything is still a mixture of Docker and LXC. This year, I’ve come to the conclusion that the lines I’ve drawn in the past about giving some applications their own LXCs is unnecessarily arbitrary, and putting everything in Docker would make my life so much easier. At work, I’ve been using Kubernetes quite a lot recently, and there may be some things it handles and solves for me nicely, but I don’t know if I’m ready to release that can of worms upon my server quite yet.

#Hardware

Hardware wise, my server hasn’t changed at all since last year. I intended it to last me for many years, and it’s done exactly that. With RAM prices being what they are in the latter part of 2025, I don’t think I’ll be doing a large platform upgrade for a while. The 5600G is more than enough for my use, whilst still sipping power.

<aside>

Even the older DDR4 my server uses is being impacted by the pricing issues

</aside>

The only part which fills me with a little dread is storage. My architecture is a little over complex, designed for easy growth which just didn’t happen. The pair of 4TB Seagate drives which have been in service long before I built my current server in 2020 are starting to report SMART errors. ZFS is still fine with them, but it’s only a matter of time. I didn’t get any new drives on Black Friday, so I’m praying to anyone that will listen that these drives will hold out. In the meantime, I need to make a plan for how I want my storage to look for the next 5 years.

#DNS

<fact>

</fact>

DNS is the core part of most infrastructure architectures, which is probably why I spend quite so long messing with it. Earlier this year, I finally moved my domains off of Cloudflare and over to Gandi. No more US, no more monopoly. After 6 months it’s been great and I have no intention of going back. I wrote about my thoughts on Gandi when I did the migration.

As part of the migration, I had moved the registrar for my domains to Gandi many years prior, away from Namecheap. What I hadn’t noticed during that move (possibly because it wasn’t true at the time) was quite how unbelievably expensive Gandi is as a registrar. Years ago, Gandi were the go-to for domains if you wanted a reliable service without getting "big tech" involved. However, since their ownership change, they’ve jacked up the prices and the feature-set hasn’t grown accordingly. Whilst I’m glad to be off Cloudflare, and Gandi is working fine for me at the moment, I’ve started making plans to leave Gandi and move my domains elsewhere. With some napkin math, I’ll likely be saving nearly 50% on my domain renewals. Once I’ve migrated, I’ll write about it - fear not.

#Reversing reverse proxies

Around 2 years ago, I migrated the server hosting my website from Traefik to classic nginx. Traefik is great, but it’s fairly rigid and limited in what it can do, if you’re like me and want your reverse proxy to do very custom things.

However, moving to nginx has had some downsides. Firstly, the configuration is incredibly verbose, and there are so many tunables. In many cases, that’s fine and I want to tweak them, but tuning a reverse proxy isn’t my idea of fun - I want sensible defaults. Secondly, I had to build a lot of additional processes myself: Some kind of service discovery, container networking, TLS certificate issuing. I’ve solved them all, but not perfectly - it’s more added complexity for me to manage rather than a proxy which can handle it all for me.

My intention was to slowly move all of my servers over to nginx, but given the above issues I’ve decided to move back to Traefik. The complexity wasn’t worth the additional customizations to me. Doing so not only resolved a number of those issues, but gave a few benefits, such as HTTP/3.

<aside>

Also, because Traefik is written in Go rather than C, there’s much less memory unsafety in my HTTP stack, which makes me happy

</aside>

I’ve swapped that server back to Traefik to match my existing servers, but it may not stay that way. For other reasons, I’ve been playing around a lot with Caddy. It’s much closer to nginx in terms of functionality, but doesn’t have the same Docker integration as Traefik (without a plugin). In time, Caddy may be where I end up, or a heavily modified build of it. I still don’t know whether Kubernetes is in my future, but it’s a shame there’s no production-grade Kubernetes integration.

<rant>

</rant>

#Links

RSS is a great way to subscribe to individual authors, but it doesn’t solve the random links which you stumble upon online. Whether it’s social media, work chats, online communities, I come across a lot of interesting links. I want to keep track of them, but I don’t necessarily want to add the author’s entire RSS feed and read their entire back catalogue.

For the longest time, I’ve run Wallabag to keep track of links like this. It’s simple, does exactly what it needs to, and has a mobile app for easy sharing. However, in 2025 it’s starting to show its age. Now, there are 2 new frontrunners in the space: Karakeep and Linkwarden. After trying both, Karakeep is the one which stuck. Linkwarden is a bit clunky for my use case, and doesn’t work especially nicely on mobile offline (before their new mobile app, anyway).

Karakeep is aimed more at hoarding data in general, which is why it supports text and images, but I don’t need it. Compared to Wallabag, it feels a lot more polished, and has the ability to archive images and PDFs, and more modern text extraction. I’m not currently using the more complex AI or rules features, but they might come in handy in future. The fact I can easily copy-paste or use the Android share functionality to quickly save a link to read or digest later is all the functionality I need.

#Short links

Personally, I spend most of my time at a keyboard, so I can type reasonably fast. However, I’m also quite a lazy person, so short links are definitely useful. I’ve also used short links in QR codes, since less text makes the codes more reliable to scan. For the few times I’ve needed a URL shortener, I’ve had YOURS deployed. There are lots of more complex and fancy URL shorteners, but YOURLS fit my needs just fine: It requires authentication to add links and it’s really simple to use - I really don’t need much from a URL shortener. The biggest annoyance for me was that YOURLS also tracked usage, which was more data that I really didn’t care about.

With that in mind, I wanted something even simpler - so I wrote my own. YOURLS is written in PHP, and whilst it’s pretty popular it doesn’t get much love. Instead, I wrote something myself in an afternoon, leaning heavily on Django and the Django admin, which has the functionality I need, without the faff. Naturally, the project is open source and as fast and lightweight as I could make it. My intention is to have as many useful features as part of a redirect as possible (see the README for the full list), without bloating the user experience or data stored. I’ve had it deployed for a few months now, and it’s been great. If you want a simple shortener, or have an interesting feature requirement, this might be the project for you too.

#Immich

Immich seems to have taken the self-hosting world my storm since its release. For those living under a rock, it’s a self-hosted Google Photos replacement, without any of the functionality or polish sacrifices. Sharing albums, public albums, AI object and face detection, mobile backup, geolocation, memories - Immich does it all.

Before Immich, I was using the Nextcloud Android app to automatically upload images from my phone, merely for backup. With Immich, not only do I still get the backups, but I can far more easily search and catalog images to look back on memories. Nextcloud has a photos app I tried for a while, but it was only an improved interface over the album directories, rather than providing notable added features.

I’ve not found a good solution yet for automatically sharing any photos of the kiddo with my SO - they need to be manually added to an album first. But I might be missing a better way.

For the longest time, the Immich README mentioned the project being under very active development and so not to use it as your only image store. As of a few months ago, that’s finally been removed and replaced with a healthy reminder about backups. My photo library may be the most important data I store, so it’s critical to me that it’s reliable. All my photos are backed up daily off-site, and stored on ZFS, so I wasn’t too worried about a software bug wiping things out. So far, everything is working great.

My photo library isn’t huge (~200GB), but it still took a while to import. To keep my files organised into albums, I imported my old photos folder-by-folder using the immich CLI. Because there were so many images being ingested, all of which needed face scanning, AI object detection, metadata collection etc, my server was very unhappy for the time it took. It only took an evening or so to get everything uploaded, and the processing itself ran overnight. Now, I feel no jealousy of those giving up their data to Google Photos.

#Centralised auth

This year, I thought I’d take another go at some centralised authentication for my services.

Personally, I’m not completely sold on the need for all applications to authenticate using SSO. It’s definitely simpler, convenient and may be more secure (but often makes little difference), but that’s traded off with additional complexity, and assumes applications implement it correctly (many seem to not know what a refresh token is). I have many more thoughts on this though - for another time.

One of the first SSO tools which came onto my radar may years ago was Authelia. It looked ideal, and people seemed to love it, but it seemed too half-finished for me. User management requires either setting up an external LDAP server or managing everything through a config file. Those are expected to get better over time, but they’re hard to look over now. I’ve also played around with Authentik. The features provided by Authentik are unmatched in the space, and I trust its security a lot more than others. The Outposts feature would make deploying certain components across multiple machines a lot easier than separate oauth2-proxy instances, and almost all of it can be customized using flows or custom Python. But, whilst I had a lot of fun tinkering and playing around with these features, the application itself was too heavy weight for what I need, even if it’s still pretty fast.

After a month or so of switching between, I finally settled on Pocket ID. Pocket ID takes a different approach, leaning entirely on passkeys for authentication. It’s a much newer and smaller project, but it’s gaining a lot of traction - in part because of its simplicity. Sure, it does a lot less than Authentik, but that’s arguably a feature - it certainly is to me. Passkeys are great, but they’re not the silver-bullet people think they are. People assume passkeys are inhearantly multi-factor, and that’s just not true (necessarily). Similarly, Android support can be hit or miss, mostly due to the complexities around requesting on-device or cross-platform keys. Passkeys are still absolutely a usability improvement over either username/password authentication or even TOTP.

<rant>

</rant>

In the last few months, a Terraform provider for Pocket ID has shown up, which I’m yet to play around with. Each release of Pocket ID brings great new features or customization. So far, I’m not using it for huge amounts, but it’s working out great for me so far. If you’re already running Authentik, Authelia or similar, I’d highly recommend at least giving it a look.

#FreshRSS

One of the oldest applications I’ve had deployed is Tiny-Tiny RSS (TT-RSS), but this year that changed. I’m now a very happy FreshRSS user.

Tiny-Tiny RSS was one of the first applications I deployed. Whilst most of my content consumption is through links on social media, I still get a lot through RSS. When I can, I prefer to subscribe to feeds directly, rather than relying on algorithms to surface content to me that I may find interesting, especially if I’m likely to read almost everything from a given source.

Tiny-Tiny RSS as an application however was starting to show its age. The project wasn’t receiving many updates, the community was fading, and there were better tools out there. Many years ago, I had similar feelings, and played around with both FreshRSS and Miniflux, but neither quite fit the bill for me to the level TT-RSS did - but that might be due to familiarity. Fast forward a few years, and I decided to go all in. I again tried miniflux, and whilst it’s a lot more lightweight and performant than FreshRSS (with a lot less Javascript), its UI of showing all authors in a single feed didn’t match how I read content. Instead, I went with FreshRSS, and the ThreePanesView extension.

Deploying FreshRSS is also a lot simpler than TT-RSS. The TT-RSS authors have gone a little purist, separating the application into 3 component containers (backend, scraper and proxy), whereas FreshRSS is available as a single container (plus database, of course). The migration process was fairly simple: Export my OPML file from TT-RSS, import it into FreshRSS, and mark a bunch of feeds and posts as read (manually). As part of the deployment, I also took the time to modernise - my deployment now uses OIDC for auth (via Pocket ID) and is only accessible from my VPN.

Whilst the FreshRSS interface is much faster than TT-RSS, I still find it a little clunky to use (although that might be because I’m used to the clunkyness of TT-RSS). Instead, I try and use external clients where I can. Most of my reading is done on Android, where Capy Reader is absolutely perfect for me. If I do want to read on Linux, I’ll either give in and use the web UI or use Newsflash.

<aside>

Funnily enough, just a few months after I switched to FreshRSS, the TT-RSS author archived and dismantled the project. That would have been enough to make me switch anyway.

</aside>

#Binio Minio

The decline of Minio over 2025 has been a rather sad one. In the past, Minio has been an excellent way to get S3-compatible object storage locally. All of my applications are deployed to environments where there’s persistent storage, so I personally don’t have much need for object storage - my usage was instead almost entirely for Terraform remote state.

Back in April, Minio removed a number of useful features from their web UI in the free version, effectively making the interface just a view into buckets. For me, this wasn’t a huge deal since I configured everything using Terraform, but to many it made Minio basically useless. Then, to add insult to injury, in October they stopped distributing builds, including containers, of the free version entirely, requiring you to build it from source yourself. And finally, in early December, they completely discontinued the free version and put the project into maintenance mode, where "Critical security fixes may be evaluated on a case-by-case basis" - not what you want to hear from a service storing your sensitive data.

For me, ripping out Minio was fairly easy. Since my only use was Terraform state, I ended up swapping to local state being synced by Syncthing. I’m hoping eventually I can switch that out for Forgejo’s native terraform state storage once it exists. For now, if you’re looking for a Minio replacement, Garage is where I’d recommend going.

#File syncing

For reasons I don’t understand, file syncing on android is an unsolved problem. Services like Google Drive can make files available, but not using a conventional filesystem. Historically, I’ve been using Foldersync and Nextcloud for syncing on android, paired with the native Nextcloud client on desktop. It works fine, but it always felt odd using a closed-source client on android.

For a while, I’ve seen many people raving about Syncthing. I played around with it many years ago, but trying to shoehorn it into a client-server model broke my brain. Fast forward to earlier this year, and my curiosity was sparked again. Said curiosity was sparked at a conference, so the peer-to-peer nature of Syncthing was particularly interesting.

It’s been a couple of months now, and it’s working great on Android. Files are syncing reliably, directly between devices, almost immediately after I make changes. The biggest downside to me has been battery life. Despite only running Syncthing for a few minutes every hour, Syncthing has impacted my battery, to similar levels as Tailscale.

<aside>

My Galaxy S23 isn’t the newest device in the world, so the battery could also just be degrading

</aside>

In early November, the repository for the Android Syncthing client disappeared completely without warning or explanation. It re-appeared a few days later with a different owner, and the repository appears to be identical, but it’s still a sketchy time. It’s a little concerning for a project with such access to my files.

For now, I think Syncthing is here to stay, at least for the folders I need on Android. The fact the app is 3rd-party and a little untrusted doesn’t fill me with much confidence, but Foldersync wasn’t as reliable as I wanted. At some point, I’ll probably try going back with fresh eyes and sorting out Foldersync and see if I can work it how I need, and accept its closed-source nature in exchange for not needing an additional service.

<cta>

If you know of some 2-way self-hosted sync options for Android, please let me know!

</cta>

#Apps and Services lightning round

Unfortunately, I can’t run everything on my own servers. Some because it makes no sense, some are tools I run directly on my devices, and some are just better. But, this is the section to cover them.

For email, I’m a mostly happy Fastmail user. I’ve been with Fastmail on and off for nearly a decade at this point. They’re reasonably secure, private, and "just work". This year, I gave Proton Mail a go, with mixed results, but I ultimately stuck with Fastmail.

As far as email clients go, I’m once again using Thunderbird. It’s not perfect, but it’s been getting a lot of love over the last few years. If I sink the time into configuring it how I need it, rather than just as a read-only interface, it works great. This year I’ve started trying to use the native calendar rather than Google Calendar in an embed. It’s really janky, but it’s hard to tell if that’s Thunderbird, Google or the integration’s fault.

In late 2025, most of Spotify was scraped. I doubt it’ll affect their market share though. Spotify also doesn’t have the best privacy track record either, since they track basically everything you do in Spotify. Unfortunately, it’s sort of the best thing out there besides going back to storing a library myself.

As far as text editors go, I’m still a reluctant VSCode user. The muscle memory is pretty strong right now, and as editors go there’s not much it can’t do. In the last few months, I gave Zed another go, and it’s come a really long way, but not quite enough. With a little more time sinking in to it, I could probably get it to a better place, but the extension ecosystem isn’t quite as large as VSCode. If I stick with VSCode, I’ll likely try switching to VSCodium, mostly to avoid the telemetry, AI shovelling and other tricks Microsoft love to pull.

For my podcast listening, however limited it may be, I’m currently still with Pocketcasts. However earlier this year, I took a long hard look at Antennapod, and it looks basically perfect for me now. It’s fully open source, has all the useful features of Pocketcases (without the bloat), and can even nicely sync between devices. The missing key for me was good syncing support, and it seems the gpodder plugin for Nextcloud handles syncing subscriptions, "up next" and even play position. There’s no web interface, but Kasts supports gpodder so I can still listen at my desk. I received a recommendation last year for Audiobookshelf to fit this gap, but it didn’t quite fit for me, especially in a world where Antennapod exists. I’m yet to switch to Antennapod yet, mostly as I still need to get my head fully around its queues (downloading adds to queue, not the other way around like I’m used to), and I want to properly test its Android Auto support before committing.

As web browsers go, I don’t think I could leave Firefox. 2025 has not been a good year for Mozilla, with attempt after attempt to turn the browser into something no one wants. There are plenty of forks around which strip out said weirdness, but they don’t have the same platform support of vanilla Firefox. The true alternatives are all Chromium based, and I’d rather not contribute against Firefox’s mere 2.3% market share. Sure, I could pretend that V8 is the main implementation of Javascript, much like CPython is for Python, but it’s very different. I want an open internet, not one lead by Google.

For taking notes, Obsidian is the place I go. I’m still not using it for anything beyond a glorified Markdown editor, but it’s a pretty damn good one at that. Since I need access on mobile, I love that everything works identically. Obsidian is working out absolutely fine for me, but I wonder if there’s something better suited for basic day notes and blog post writing. If there’s a better editor out there for Linux and mobile, I’m very interested in hearing about it.

For monitoring my services, I like to have some external monitoring not managed by me. For that, I’m still using UptimeRobot. I’ve had an account as long as I can remember. Their free tier is unmatched (I checked). I tried terraforming it a while ago, but the rate limit gets in the way. Professionally, I’ve been using Checkly with great success, which has proper Terraform support, but only recently introduced a pricing tier which might work for me.

#Future

2025 has been a crazy year, and whilst I’m coming out of it a better person than I went in, there’s still a lot I wasn’t able to do.

2026 is going to be a make or break year for me. Either I find a routine which works for me, being able to work on the projects I want, whilst still spending time with my family and switching my brain off. Or, things start to stagnate, feel more like work than a hobby, and slowly I start ditching things to stay afloat.

Naturally, I want to aim for the former. I love my hobbies: Tinkering with apps, writing, chatting with like-minded folks. I’ve got a lot of projects on my list for 2026, and they’re all exciting (to me). I just need to find the sustainable time to do it.

Last year, I chose not to leak the projects, in fear of jinxing them. This year, I feel like I have a lot of ideas, so I’m going to tease a few of the ones at the top of my list:

• Replacing Proxmox with something less appliance-y
• Replacing numerous docker containers with something more declarative
• I should really document my setup somewhere outside my own head
• Let’s build my own network router

The backlog of tasks is naturally much longer than that. But these are the most interesting to me at the moment, and should make my life easier. Ask all you like, I’m not saying any more than this. If they sound interesting to you too, you’ll have to wait to me to actually complete them (and actually start them). Until then, you know where to find me...

Share this page

Similar content

View all →

State of the Server 2025

** 2025-01-01

** 18 minutes

My server(s) play a fairly important part in my life. Not only is it where a number of critical services I use are hosted, but it’s also where my most important files are stored. For a long time, I’ve done what I can to preserve my data privacy. Running my…

State of the Server 2024

** 2024-01-01

** 22 minutes

Self-hosting is a big hobby for me (and a big source of content for my website). Not only is it a great source of entertainment and fun, but I find it incredibly interesting, vaguely relevant to my job, and a good way to regain a little privacy. Over the last…

State of the Apps 2021

** 2021-01-01

** 8 minutes

It’s that time of the year again: time to look back at how I work, the tools I use, and how the next year might look. I’ve been working from home basically full time since the UK went into lockdown 17th March. It’s been quite an adjustment barely leaving the…