// 001

Artificer-Forge Homelab

linux networking self-hosted hardware ● active // 2026

// overview

A fully self-hosted home server rack built from scratch. The goal was a reliable, low-power machine that could run media serving, password management, AI agents, and this website — all on my own hardware, with no dependency on cloud services. Everything from the rack itself to the network config was designed and built by hand.

// hardware

compute GMKtec NucBox G3+ — N150, 16GB DDR4, 512GB NVMe

storage 2x Seagate IronWolf 8TB in RAID-1 via ORICO dock

network TP-Link TL-SG105E managed switch

power APC BE600M1 UPS — USB connected, NUT managed

rack custom 3D printed — designed and assembled in-house

// services

The server runs a handful of self-hosted services, all managed as systemd units and configured to survive reboots and power outages cleanly.

Jellyfin media server — movies, TV, music

Vaultwarden self-hosted password manager with daily encrypted backups

OpenClaw AI agent gateway with Telegram integration

NUT UPS monitoring with auto-shutdown on power loss

Cloudflared Cloudflare Tunnel — powers this website

// networking & security

The server sits on a wired ethernet connection at a static LAN IP. Tailscale handles all private remote access — SSH, Jellyfin for friends, and internal tooling. Public traffic reaches the site through a Cloudflare Tunnel, meaning the home IP is never exposed. UFW locks SSH and Jellyfin to LAN and Tailscale ranges only. Fail2ban watches for SSH brute force attempts.

// lessons learned

+RAID is not a backup — but it is peace of mind during a 15 min power outage mid-sync
+NUT + UPS saved the array on the first real-world test before setup was even complete
+Tailscale makes remote access trivially simple without exposing anything publicly
+Cloudflare Tunnel means zero port forwarding and zero home IP exposure
+UFW named profiles and plain port rules are tracked separately — delete both

← back to projects