Self-hosted homelab
A multi-server homelab built from rescued hardware — evolving from a single Samba share into a hardened, WAN-exposed personal cloud operating behind CGNAT via Cloudflare Tunnel.
The rescue
Two machines headed for disposal — a sluggish, unpatched Windows 7 box and an old Windows XP machine — were cleaned, re-pasted, and restored to working condition. They started as a testbed for anything I didn't want to run on my main computer.
First contact with Linux
Pressed into service as a daily driver, the Pentium E5400 (2 GB RAM, 500 GB HDD) ran Peppermint Linux. This was where the fundamentals clicked: the terminal, package repositories, and how distributions and flavors actually differ.
From PC to NAS
The box was provisioned as a NAS running Ubuntu 24.04 LTS. Samba — configured from scratch over several late nights — delivered network file storage at speeds well beyond the internet connection, alongside a local Plex server. The first real, tangible understanding of how a private LAN behaves.
Hitting the walls
Two obstacles surfaced. A dynamic local IP meant an arp-scan or nmap sweep to find the server each time — which led to OpenWrt for static DHCP leases by MAC, and, in parallel, deep into network security: packet captures, WPA2/WPA3, and hash cracking. The larger wall was , which made conventional port forwarding impossible.
Maxing out the hardware
By mid-2025 the pentium host was pushed to its ceiling: 4 GB of DDR3, the most the board would accept. A modest bump on paper, but enough headroom to run Samba, Plex, and the tunneling stack side by side on hardware that was never meant to be a server.
Breaking through CGNAT
resolved the constraint. Reusing the domain bought for this portfolio, a subdomain was pointed at the server's SSH port, making the host reachable from the WAN despite . It was then hardened: SSH moved off its default port, key-only authentication, passwords disabled.
The Debian dinosaur
With the workflow established, the old XP machine was rebuilt on Debian Trixie — single core, 512 MB of RAM, a 20-year-old disk with roughly 1,000 hours of use. Hardened and tunneled, it became a personal cloud reachable only via SSH forwarding: proof that durable hardware and a lean, secure OS still hold up.
A self-hosted personal cloud
Jellyfin, exposed on its own subdomain and paired with yt-dlp for a lossless FLAC music library, replaced a Spotify subscription. A 2011 MacBook Pro joined the fleet on Arch Linux — its SSD and 10 GB of RAM serving a PostgreSQL and Redis stack in Docker Compose for a collaborative database project.