Ramblings of an aging IT geek
← Ramblings of an aging IT geek
homelab

dragging my services back home from the cloud

Why I pulled a handful of small VPS-hosted services back onto a box in my house, and what that actually cost me in time and sanity.

John Mylchreest
John Mylchreest
2021-03-30 · 3 min read

Server rack in a home office

For a couple of years I'd quietly accreted small things on cheap VPS instances. A bookmarking tool here, a feed reader there, a little status page, a Git remote for my dotfiles. Each one was a few euros a month and seemed harmless. Added up, it was a meaningful bill for services nobody but me used, running on machines I had to patch and worry about.

So I brought them home. Not all at once, and not because of any grand philosophy. Mostly because I'd built a homelab box that was sitting at 4% CPU all day and it felt daft to pay rent elsewhere.

What actually moved

The candidates were the things with no need for public uptime and no real bandwidth demands:

  • Miniflux for feeds
  • A Gitea instance for personal repos
  • Vaultwarden, because I'd rather my passwords lived on metal I own
  • A couple of static sites

Everything went into Docker Compose, one stack per service, on a single Debian host. Nothing exotic. The point was boring repeatability, not cleverness.

The bit nobody tells you about

The services were the easy part. Getting to them safely from outside was where the time went.

I didn't want to expose anything directly, so the pattern became a single reverse proxy doing TLS, with everything behind it. Caddy made that genuinely pleasant:

miniflux.example.com {
    reverse_proxy localhost:8080
}

git.example.com {
    reverse_proxy localhost:3000
}

Automatic certificates, sane defaults, and a config file I can actually read six months later. For the handful of things that should never touch the public internet, WireGuard back into the house, and I reach them as if I were on the LAN.

Homelab shelf with mini PCs and cabling

Was it worth it?

Financially, mildly. The VPS bill went away; my electricity bill went up by less than the VPS cost, so I'm marginally ahead. That was never really the point though.

The honest tradeoff is this: the cloud was someone else's problem when the host died at 3am. Now it's mine. If my home connection drops, my feed reader drops with it. I've accepted that, because none of these services are load-bearing for anyone's day. The flip side is that everything now lives somewhere I can put my hands on, the backups are local and fast, and I understand every layer because I built it.

A few things stayed in the cloud, deliberately. Anything that needs to be up when my house isn't (my actual blog, DNS for my domains) belongs on infrastructure that doesn't depend on my router having a good day. Knowing where to draw that line turned out to be the whole exercise.