The Homelab

github.com/mattalldianhr/homelab · github.com/mattalldianhr/homelab-automation

A single Windows box running a WSL2 distro called homelab-docker. Inside that distro, fifty-some containers split into a few honest categories: productivity (FreshRSS, n8n, Linkwarden, Memos), business tools (Formbricks, DocuSeal, Rallly, Shlink), infrastructure (Portainer, Beszel, Gatus, Home Assistant, Umami), the AI layer (Ollama, AutoMem, Hermes), and a handful of personal one-offs.

Public access is via Cloudflare Tunnels, never an open port. Private access is via Tailscale. Secrets are pulled at service-start from 1Password into root-owned environment files, never committed.

The pattern I keep coming back to: trusted always-on box on the inside, narrow tunnels out. Everything else is just choosing what to run.