My Stack

Label syntax will haunt your dreams. One wrong backtick and your service is invisible. I still reference my own blog post every time I add a new route.

The automatic Let's Encrypt certs alone are worth the initial pain. Once it's running, you forget it exists.

Subnet routing took me an afternoon to wrap my head around. The ACL syntax is its own language. But honestly? Minor complaints.

38ms to dad's house, like it's on the same LAN. This replaced 16 months of port forwarding hell with one command.

The gravity database gets cranky after large list imports. And my daughter complains roughly once a month that 'the internet is broken' because Pi-hole blocked some Roblox telemetry domain.

Blocking 30% of DNS queries before they leave the network is free performance. The dashboard is genuinely fun to watch.

The WARP client on mobile sometimes forgets it exists. Zero Trust policies can be a maze if you go deep. But for basic tunneling, it's shockingly simple.

No open ports on my firewall. No dynamic DNS hacks. My public services just work through the tunnel. Should have done this years ago.

Transcoding hammers the CPU when someone streams from outside the network. Plex Pass is basically mandatory. The 'free' tier is a lie.

It works and the apps are polished. But the company keeps adding features nobody asked for while ignoring bugs. Jellyfin is getting closer every year.

Quality profiles are an art form. Spent a full Saturday dialing in the right combination of preferred words and cutoff scores. The v4 migration was... an experience.

Set it and forget it. New episodes just appear. My daughter thinks I pay for every streaming service. I let her believe that.

The custom format system is powerful but the learning curve is steep. I still don't fully understand why it sometimes grabs a 40GB remux when I asked for 1080p.

Same reason as Sonarr. Automation that actually works. Add a movie, walk away, it shows up in Plex.

Honestly not much. It syncs indexers to Sonarr/Radarr and gets out of the way. The biggest pain was migrating from Jackett and re-adding all my indexers.

Single pane of glass for all indexers. The Servarr team consolidating this was the right call. Jackett was fine but this is cleaner.

Client apps are hit or miss. The web UI is fine but the TV app on Roku is rough. Hardware transcoding setup took longer than Plex. But it's getting better fast.

Free, open source, no corporate nonsense. It's not quite Plex-polished yet but I want it to win. Running both means I'm ready to switch when it is.

PromQL has a learning curve that's more like a learning cliff. Writing good alerting rules requires understanding both the query language and your own infrastructure patterns. And 30 days of retention at 15s scrape intervals eats disk like nobody's business.

Industry standard for a reason. The ecosystem of exporters means I can monitor literally anything. Once you learn PromQL it's incredibly powerful.

Dashboard JSON sprawl is real. I have 15 dashboards and probably use 4 regularly. The temptation to add one more panel is constant. Alert fatigue is a you-problem, not a Grafana-problem, but Grafana makes it easy to create.

Nothing else comes close for visualization. The dashboard is what I pull up when something feels wrong. It's my homelab's nervous system.

The notification setup could be smoother. I spent way too long getting Discord webhooks formatted the way I wanted. And the status page customization is limited compared to something like Cachet.

Self-hosted, beautiful UI, dead simple setup. The status page is what powers the footer LEDs on this very site. Replaced a paid service with something better.

The routing tree config is YAML nesting hell. Silencing alerts during maintenance requires remembering a specific API call. And grouping/deduplication logic takes a few tries to get right.

It pairs naturally with Prometheus. But the config format is painful and I've looked at Grafana Alerting as a potential replacement. Not enough motivation to switch yet.

The UI is fine but GitHub has spoiled me. CI integration is bolted on rather than native. Actions support exists now but it's still catching up. Mirror sync to GitHub occasionally gets confused.

Does what I need for private repos and self-hosted Git. But Forgejo is gaining momentum and might be the better bet going forward. The Gitea governance drama was concerning.

Resource hungry for what it does. The web UI is slick but slow on large application sets. Sync waves and hooks have a learning curve. And the RBAC model is its own doctoral thesis.

GitOps is the way. Push to a repo, watch the cluster converge. No more 'did I apply that manifest?' anxiety. Worth every byte of RAM it consumes.

Pipeline syntax is simpler than GitHub Actions but the plugin ecosystem is tiny by comparison. Some plugins just don't exist and you end up writing shell scripts. Multi-platform builds require more manual setup.

Lightweight and gets the job done for my scale. But if I was starting over, I'd evaluate Forgejo Actions more seriously. The tight Gitea/Forgejo integration would simplify things.

The initial config flood — it opens 50 PRs on day one. Automerge rules need careful tuning or you'll merge a breaking change at 3 AM. Dashboard is minimal.

Every Docker image, npm package, and Helm chart version is tracked automatically. The PRs include changelogs. Saved me from running outdated software with known CVEs multiple times.

DSM updates sometimes break Docker. Synology's container implementation lags behind vanilla Docker. And the fan noise at 3 AM when a scrub runs is a thing. The local unit (Rigel-Silo) died, so now everything depends on the remote unit.

Synology makes NAS easy and the app ecosystem is decent. But I'd look harder at building a custom NAS with TrueNAS if I was starting fresh. More control, less vendor lock-in.

The prune operation is SLOW on large repos. Like 'go make coffee and come back' slow. And if you forget to run prune, your backup repo grows forever. Also, the restore workflow isn't as intuitive as backing up.

Encrypted, deduplicated, incremental backups to any backend. I push to both local disk and B2 cloud. Restore has saved me twice. That's all you need to know.

Heavy for a homelab. The overhead of running distributed storage on 2-3 nodes is significant. Replica sync can saturate the network. UI is nice but the system is complex under the hood. Upgrades require reading every changelog line carefully.

Distributed storage in Kubernetes is genuinely hard. Longhorn makes it approachable but it's still overkill for my scale. OpenEBS or even NFS-backed PVs might have been simpler. But the snapshot and backup features are legitimately useful.

Honestly? Almost none. The admin panel is basic. Emergency access setup requires careful thought. And the nagging fear of 'what if I lose access to my password manager' keeps me backing it up obsessively.

Runs on nothing, compatible with all Bitwarden clients, and I control my own data. After the LastPass breach I will never trust a hosted password manager again.

The initial config file is intimidating. TOTP/WebAuthn setup per user requires reading the docs carefully. And if Authelia goes down, everything behind it goes down. That's the nature of a central auth gateway but it still stings.

SSO for my homelab with MFA. Traefik middleware integration is clean once configured. No more typing credentials into 15 different services. The security posture improvement alone justifies the complexity.

Writing custom jail configs for non-standard services is tedious regex work. The filter syntax hasn't aged well. And log rotation can cause fail2ban to lose track of state if you're not careful.

The internet is hostile. Even with Cloudflare Tunnel handling public traffic, internal services still need protection. Watching the ban list is a sobering reminder of how many bots are scanning everything, all the time.

The console dashboard requires a free cloud account which feels ironic for a self-hosted tool. Bouncer configuration per service requires understanding the middleware chain. Community blocklists occasionally false-positive on VPN exit nodes.

The crowd intelligence is the killer feature. My server blocks IPs that attacked someone else's server 5 minutes ago. That's not possible with Fail2ban.

Model management is manual. VRAM is always the bottleneck — running a 13B model means nothing else gets the GPU. Inference speed is great on the 4070 Ti but context windows are still limited by RAM. And every new model release means redownloading gigabytes.

Local inference with zero API costs. Private queries stay private. The model ecosystem is exploding and Ollama makes swapping models trivially easy. This is the future of personal computing.

Updates come fast and occasionally break things. The RAG pipeline setup took a few attempts to get right. Document ingestion is still rough around the edges. But the pace of improvement is wild.

A beautiful chat interface for local models. Multi-model switching, conversation history, document upload. It turned Ollama from a CLI tool into something my whole house can use.

Model management is a mess. Every workflow needs different checkpoints and you end up with 200GB of models. The node-based UI is powerful but the learning curve is steep. Custom node dependencies conflict constantly.

Once you have a workflow dialed in, the output quality matches commercial services. No per-image costs. The community shares workflows freely.

Model compatibility is hit-or-miss. Some GGUF models just don't work. The API compatibility layer with the cloud API format is good but not perfect — some edge cases break.

Useful for specific tasks (embeddings, TTS) where you don't want cloud dependency. For chat, Ollama is better. For embeddings specifically, this fills a niche.

Every update breaks at least one integration. The YAML-to-UI migration is half-done so you end up editing both. Zigbee devices randomly decide they don't want to be automated today.

Nothing else comes close for local-first home automation. The community is massive and the integrations are unmatched.

ACL files are fiddly. Debugging topic routing when a sensor stops publishing requires patience and `mosquitto_sub -v -t '#'`.

The simplest, most reliable piece of infrastructure in the entire stack. Runs on nothing.

Coordinator firmware updates are scary. Device pairing sometimes requires the dance of 'hold button, pray, check logs'. Some devices have quirks that need device-specific converters.

Local Zigbee without vendor lock-in. The device database has thousands of entries. Once paired, devices are rock solid.

Initial document import and tagging is a week-long project. The ML auto-tagging is good but not magic — you'll still manually tag 30% of documents. Full-text search is incredible once set up though.

Finding any document in seconds by searching its contents is life-changing. Worth the setup effort.

Editor is functional but not as slick as Notion. Export options are limited. Search works but isn't instant.

It's fine for internal documentation. If I was starting fresh, I'd look harder at Outline for the better editor and API.

None, honestly. It does one thing and does it well. The OCR feature using Tesseract is surprisingly good.

Never uploading a PDF to a random website again. Merge, split, compress, OCR — all local.

The Android app battery optimization dance. UnifiedPush setup with other apps requires reading docs carefully. No built-in dashboard for viewing notification history.

curl-based push notifications to my phone. Every script, cron job, and alert now ends with `curl -d 'done' ntfy.example.com/alerts`. Replaced 4 different notification services.

Synapse (Python) is slow and RAM-hungry. Federation is cool in theory but adds complexity. The Element web client works but mobile push notifications are unreliable without a push gateway.

The idea of self-hosted encrypted chat is great. The reality is that Synapse needs babysitting. I'd look at Conduit (Rust) if starting fresh.