For my internal network at home, I have a Pi-hole instance running as my DNS server. I’ve added records to point subdomains at their appropriate servers.
Tailscale gives each server its own “Tailnet” IP address that is only accessible from devices within the Tailnet. By adding public A records for my services using their Tailnet IPs, I can now access my homelab services using their subdomains whether I’m on my local network or connected to my Tailnet.
One downside is that I need to update DNS records in two places when I add or remove a subdomain. That doesn’t happen too often, though, so it’s not a big deal.
Thanks, Tailscale!
HTTPS all the things!
I use Let’s Encrypt and Certbot for generating SSL certificates for my projects. My usual method is to use Certbot and its nginx plugin. That generates a file that is served via the web so that Let’s Encrypt can verify I control the domain.
Since my homelab services are only accessible from within my network or via Tailscale, I wasn’t sure I could use Certbot.
My first thought was to create a simple service on my public-facing Linode VPS to generate a certificate and then copy files to my home server. I could probably automate that process, but I was worried that the certificates could get out of sync and that my services would be temporarily unreachable.
Then I came across the DNS based certificate process. Certbot has a plugin to use the Linode API to generate a TXT record for domain verification. It was easy to set up and now I have a wildcard certificate for my internal domain that can be reliably renewed.
Within a couple of days of closing on our house, I hired a local company to install ethernet throughout. I went a little overboard: four ports in all of the main rooms; four outside; and a few others scattered around inside—27 in all.
I went with TP-Link’s Omada line for network hardware and software. There’s a router, controller, switch, and three Wi-Fi access points. I’m not a professional network administrator and I was able to configure it mostly how I want it without much trouble, thanks to some helpful YouTube videos.
I set up a pretty big internal subnet, 192.168.10.1/23, which allows addresses for up to 510 clients. Again, I went overboard. At the time of this writing, there are 23 clients connected (wired and wireless). DHCP starts at x.x.10.64 and I’m manually assigning IPs below that.
The most interesting parts of the network are three devices: “bardeen”, “pavel” and “lee” (I name my devices after Nobel-winning physicists1).
Bardeen is a Raspberry Pi 3 in the attic. It’s got a 1090 MHz antenna and receives ADS-B signals from aircraft as far as 200 miles away. It feeds that data to FlightAware and Flightradar24.
Pavel is a Raspberry Pi 4. It lives in the network closet and runs Pi-Hole.
And last but not least: Lee. This is a “renewed” Lenovo M-series one-liter PC. It’s powered by an Intel Core i5-8500T, has 16 GB of RAM and cost under $200.
I’m running Grafana, Prometheus, Home Assistant, Jellyfin, Pinchflat, Paperless-ngx, and a local copy of my blog for development and testing. Nearly everything is running via Docker, which I’m learning more about, all atop Debian Bookworm.
I’ve also setup Tailscale so I can access the network from outside my house.
Some ideas for the future include:
- Getting one or two PoE cameras and running an NVR
- Doing more monitoring with Prometheus and Grafana
- More advanced network config, like creating multiple VLANs to isolate IoT devices
I started this convention nearly 20 years ago. Almost anything that can be named gets a name; external drives, smart scales, eReaders, etc. The first device, Rontgen, was probably my black MacBook. ↩
New phones and the next version of iOS are coming next week. I’m not planning to upgrade my hardware, but I will likely install iOS 18 soon after its release. The new OS has additional customization options for the lock and home screens, so here’s how mine are set up before I start tinkering.
Lock screen
I use the weather background for my lock screen. I like that it’s dynamic, and it looks especially cool when there’s lightning.
I keep the date and current weather conditions above the clock. I hardly ever remember what day it is, so it’s nice having that info at a glance.
In the widgets section are Fantastical, Drafts quick entry and fitness. I don’t use these very often—I pick up my phone and habitually swipe to unlock before I even register they’re there.
Home screen
I’m a one-home screen guy. I can pull down to search or swipe over to the App Library for access to anything else.
On top is a medium (2x4) smart stack. It contains Fantastical, Photos and Omnifocus.
Below that is a small (2x2) smart stack with weather and fitness widgets.
I have four apps that are always available: Phone, camera, messages and photos. These are ones that I want quickly accessible.
Below that is a medium (2x4) siri suggestions widget. It’s freaky how this almost always contains the app I’m looking for when I pick up my phone.
In the dock, I keep Safari, Omnifocus, Drafts and Obsidian.
Today view
Today view is still a thing. I keep the battery widget, some ways to quickly start audio and the Oblique Strategies widgets here.
Other notes
I don’t show battery percentage in status bar. I don’t need to know the battery is 53% charged, “about half” is close enough.
It’s time for a new base layer for laptop stickers. I filled up the blue—mostly (I don’t like to overlap much).
Laptop stickers accumulated between January and September 2024.
This time, I bought a pre-cut vinyl sticker in “cinnamon.” Buying pre-cut means I don’t have wrinkled or torn edges from my own bad cutting job, and it was way easier to apply.
I picked the wrong model when I ordered, so mine doesn’t go to the edges, but it still looks great. The matte color looks like leather.
