Migrating the First App
I started migrating my first app to the new structure and updating the documentation. It seems straightforward once everything is set up properly. The service I began with was Homepage, my dashboard for viewing all applications.
Migrating the data from the app was very simple because it was static files that were being moved. It will get more difficult for the applications that are using postgres as a database. I will need to figure out the best steps for these services.
LXC Specs
The specs for this first LXC will be reused for many of my smaller, lightweight services. I’m calling this container Luigi.
System Specs
| Type | Value |
|---|---|
| ID | 150 |
| CPU | 2 CPU |
| RAM | 4 GB |
| DISK | 25 GB |
| IP | 10.1.50.150 |
| OS | Debian 12 |
What Helps a Lot
Since all my docker-compose.yml files are in this repository, it’s easy to modify, deploy, and resync back to GitHub. Each server will have the repository cloned, so I can edit locally and push changes back up.
Because the docker-compose files are embedded into the documentation pages, I only need to update the files and the docs will reflect the changes automatically.
Adding Changelog Files
As part of this migration and syncing process, I’ll add a changelog section to pages to make it easier to track changes to the homelab. I want to build the habit of documenting what changed and why.
What Services Go Where?
I’ll keep a good portion of my lightweight containers on this server. 25 GB is plenty for these services. On my Hades server I use about 150 GB total, but most of that is taken up by Jellyfin, Radarr, Sonarr, etc., which store a lot of metadata.
Why This Feels More Secure
With this setup, I don’t think I’ll need Authelia to log into apps anymore, since access goes through VPN and services won’t be reachable from my local network directly. Only users I explicitly share access with will be able to reach them. Previously with Hades, once you reached that server you could access everything hosted there (as long as you knew the hostname).
This is closer to how many enterprises design networks: a Zero Trust model. The main network is just devices, with no implicit access to services unless connected to my tailnet (VPN). It should make sharing simpler and limit access to only the services friends and family need.