Homelab Architect

When you start self-hosting over 50+ services on your own hardware, one of the biggest challenges is figuring out how to showcase your work without putting your entire infrastructure at risk.

A beautifully designed homelab landing page is incredibly satisfying to look at. Naturally, you might want to share screenshots or even the live URL with friends or potential employers.

However, exposing the direct login pages to sensitive internal panels—like Portainer (which has literal root access to my containers), Nextcloud (my private file storage), or Netdata (system metrics)—is a massive security risk. Even behind strong passwords, presenting an active login form to the open internet invites brute-force attacks and zero-day exploitation.

The Solution: Real Frontends, Disabled Backends

Instead of exposing my live services, the public-facing dashboard links to exact replicas of those login pages. I achieved this by writing Python scripts (using BeautifulSoup) that scrape the raw HTML, CSS, and SVG logos directly from my internal apps. It then automatically rewrites the asset paths, strips out all backend form-submit logic, and injects a preventDefault() JavaScript block.

For aggressive SPA frameworks like Stirling-PDF or Netdata, I go a step further, aggressively cleaning out the framework scripts that attempt to fire JSON requests to missing APIs, substituting them with identical static HTML overlays.

The result? If you click "Netdata" on my dashboard, you see the exact Netdata loading screen. But it’s fundamentally sandboxed. This allows me to confidently show off my stack in public, while restricting actual authentications strictly to my internal Tailscale mesh VPN.

Every great homelab needs a reliable foundation. My core infrastructure is split between a robust Dell PowerEdge server and a highly efficient Raspberry Pi 5.

The Dell PowerEdge runs Proxmox VE, hosting heavy-duty VMs and LXC containers, including a dedicated environment for my Caddy reverse proxy to handle traffic routing safely. Backing all of this is TrueNAS SCALE, managing a 12TB storage array mapped across the network for media and encrypted backups.

Meanwhile, the Raspberry Pi 5 runs Docker with Portainer to manage dozens of essential, always-on utility containers that sip power. This includes my entire Home Assistant smart home stack (with MQTT and ESPHome), network management via Pi-hole and Nginx Proxy Manager, plus gaming servers like Minecraft and Mumble.

Automating UI Deployments

To navigate this growing ecosystem, I recently revamped my homepage dashboard into a sleek, dark-themed experience with amber-yellow accents. To keep it updated effortlessly, I built Python automation scripts utilizing the requests library.

These scripts fetch the latest SVGs from official repositories (like Gitea and GitHub), update UI cards dynamically, and orchestrate direct uploads to my proxy server via paramiko SSH commands. Deploying visual updates to my entire homelab is now an automated, single-click process.

Moving away from SaaS dependency was the primary driving force behind building my Proxmox-based homelab. Managing my data efficiently in-house guarantees data sovereignty and true ownership.

A major part of my daily workflow relies on Nextcloud for secure file storage along with Collabora Online natively integrated for editing documents. Alongside this, I rely on Vaultwarden for encrypted password management synced smoothly across my proxy connection. Having my digital life backed by a TrueNAS ZFS pool gives incredible peace of mind.

Code and Repositories

As a developer, I also emphasize keeping my source code under my own control. I host an internal Gitea instance running smoothly in Docker. From utility scripts like IPMI Fan Control to Python applications and tools like EU-Icon-Extractor and EU-Utility, it's incredibly satisfying to push commits entirely within my own private cloud infrastructure—though many projects automatically mirror to my public GitHub.

The entire frontend design language for these platforms relies on clean, dark aesthetics and smooth CSS micro-animations. With my Dell Poweredge handling virtualization and Tailscale locking down access, I’ve established a high-performance, ultra-secure gateway to my digital home.