Random
Home Server

My NixOS Setup: A Powerful Home Server Configuration Link to heading

In today’s digital age, maintaining control over personal data while leveraging modern technology has become increasingly important. This post describes my NixOS configuration for a home server named “einstein”, which serves as the cornerstone of my self-hosted infrastructure.

Why Self-Hosting and NixOS? Link to heading

My primary goal is to maintain ownership and control of my data while still enjoying the benefits of modern technology. This setup reflects a balanced approach: self-hosting critical services where practical, while ensuring robust automated backups for cloud services that can’t be easily replaced (like iCloud, Nextcloud, and OneDrive).

The choice of NixOS as the server operating system has proven exceptional. Over the years, it has provided rock-solid stability despite frequent tinkering and system modifications. The declarative nature of NixOS configuration makes it easy to maintain, modify, and replicate my setup across different machines.

Docker in a NixOS World Link to heading

While NixOS offers excellent package management, I run many services through Docker containers. This decision is driven by several practical considerations:

  1. Package Availability: Not all services are packaged for NixOS, and Docker provides immediate access to a vast ecosystem of applications.
  2. Documentation Quality: Docker-based setups often have better, more comprehensive documentation and a larger user base to draw experience from.
  3. Data Management: Docker’s volume system makes it straightforward to backup service data - all persistent data is in well-defined volumes. In contrast, NixOS services might store data in various system locations, making backup configuration more complex.

I manage these containers using Docker Compose files, maintaining the declarative approach that makes NixOS so powerful. This gives me precise control over:

  • Container restart policies
  • Volume management
  • Network configuration
  • Resource limits

For day-to-day management, I use lazydocker, a terminal UI that simplifies container monitoring and management.

Key aspects of my setup include:

  • Network-level filtering for enhanced privacy and security
  • Local deployment of AI tools like Ollama for testing and learning
  • Automated backup systems for both self-hosted and cloud services
  • A modular configuration approach that promotes reusability

System Overview Link to heading

My NixOS setup is organized into modular configuration files, with the main configuration split into various specialized parts for reuse and better maintainability.

Hardware Configuration Link to heading

The system runs on AMD hardware with the following key features:

  • AMD CPU with KVM virtualization support
  • NVMe and SATA storage devices
  • Multiple storage volumes:
    • Root partition using XFS
    • Data volumes (/mnt/data0 using XFS and /mnt/data1 using Btrfs with zstd compression)
    • ZRAM swap for better memory management
  • AMD GPU with ROCm support for AI/ML workloads

Core System Features Link to heading

  1. Package Management

    • Unfree packages enabled
    • Nix Flakes support
    • Automatic garbage collection (weekly, keeping last 30 days)
    • Trusted binary caches configured

  2. Security

    • SSH with ED25519 keys only
    • Root login disabled by default
    • Fail2ban protection
    • Tailscale VPN integration
    • Firewall enabled with specific service allowances

  3. Storage and Backup

    • Btrfs on data partition with zstd compression and auto-defrag
    • Regular Btrfs maintenance (balance, defrag, space reclaim)
    • Borg backup system for critical data

Services Link to heading

The system runs several services:

Media and Entertainment Link to heading

  • Jellyfin media server
  • Calibre for e-books
  • Immich - Self-hosted photo management solution
  • iCloud Photo Backup - Automatic backup for iCloud photos
  • Various other services for media management

Network Services Link to heading

  • AdGuard Home for network-wide ad blocking
  • UniFi Controller - Network management
  • Speedtest - Network speed monitoring
  • Samba file sharing with specific shares for:
    • Home directories
    • Media
    • Pictures
    • iPhone photo backups

Development and AI Link to heading

  • ROCm support for AMD GPU
  • Ollama and OllamaUI - Local AI model running and management
  • IT-Tools - Collection of useful IT tools

Maintenance and Monitoring Link to heading

The system includes several automated maintenance tasks:

  • Weekly file permission updates
  • Bi-monthly Btrfs maintenance
  • Automatic system updates
  • Monitoring with Monit for:
    • Filesystem usage
    • Drive health
    • Service status
  • Scrutiny - Hard drive S.M.A.R.T monitoring

System maintenance Link to heading

The system shares most of its configuration with a repository. This repository is used for system maintenance and updates for all servers and laptops at home, and is kept up to date with the latest configuration changes. The configuration based on flakes and my interactions are simplified via a justfile.

Automatic updates are disabled.