Source Code for the Home Server setup. This includes the git server hosting this repository as well. #terraform #docker
Go to file
Nemo 3fc9b585f1 minor comments 2018-01-06 13:09:21 +05:30
cloudflare Switches wildcard DNS entries to long-TTL CNAMEs 2017-12-26 21:08:38 +05:30
docker minor comments 2018-01-06 13:09:21 +05:30
mysql Adds radicale 2017-12-31 16:38:57 +05:30
radicale Adds radicale 2017-12-31 16:38:57 +05:30
.editorconfig Work on proxying content via sydney 2017-11-26 16:53:34 +05:30
.gitignore Work on proxying content via sydney 2017-11-26 16:53:34 +05:30 Adds header image 2018-01-01 09:00:46 +05:30 Adds radicale 2017-12-31 16:38:57 +05:30 Start using custom build of mysql provider 2017-12-28 21:52:11 +05:30 Creates the mysql database cleanly 2017-12-28 22:12:21 +05:30


Nebula header image

Where stars are born.

Manages the local infrastructure of my home server. I'm also doing blog posts around the same:

  1. Part 1, Hardware
  2. Part 2, Terraform/Docker
  3. Part 3, Learnings
  4. Part 4, Migrating from Google (and more)

The canonical URL for this repo is A mirror is maintained on GitHub.


  1. docker: to actually run the services.
  2. cloudflare: to manage the DNS.
  3. mysql: to create mysql users and databases.

Self-learning project for terraform/docker.


  1. Setup DigitalOcean
  2. Add DO infrastructure via ansible
  3. ~Add traefik for proper proxying~
  4. Maybe add docker swarm (or k8s?) across both the servers. Might setup the k8s API on the Raspberry Pi.

Service List

Currently running the following (all links are to the links for the docker images that I'm using:


  • MariaDB for a simple database backend
  • MongoRocks as a mongoDB server. Uses RocksDB as the backend



  • Traefik as a reverse-proxy server, and TLS termination
  • CAdvisor, for basic monitoring


6 out of the above images are from the excellent, and they're doing great work 👍

Security Headers Note

The following security headers are applied using traefik on all traefik frontend docker backends:

  • HSTS
  • Redirect HTTP->HTTPS
  • contentTypeNosniff: true
  • browserXSSFilter: true
  • XFO: Allow-From
  • referrerPolicy: no-referrer
  • X-Powered-By: Allomancy
  • X-Server: BlackBox
  • X-Clacks-Overhead "GNU Terry Pratchett" (On some domains)

Currently waiting on traefik 1.5.0-rc2 to fix security specific headers issue (marked as TODO above). (Now resolved with new traefik release)


Issues I've faced/reported as a result of this project:

  1. Airsonic HTTPS proxying is broken. Reported: Turned out to be a known issue:
  2. Traefik docker backend security headers were broken with dashes. Reported at, and fixed by
  3. Headphones dies repeatedly with no error logs. Yet-to-report.
  4. Terraform doesn't parse mariadb version numbers. Report: Got this fixed myself by filing a PR: Another PR pending in the provider to bump the go-version dependency.
  5. elibsrv didn't support ebook-convert, only mobigen. PR is at I've to get this merged upstream for the next release.
  6. ubooquity docker container doesn't let you set admin password: (Couldn't reproduce, closed)
  7. Traefik customresponseheaders can't contain colons on the docker backend: Fixed with
  8. Traefik Security headers don't overwrite upstream headers:


Their is a lot of additional infrastructure that is not-yet part of this repo. This includes:

  1. The Digital Ocean droplet running DNSCrypt and simpleproxy to proxy over a openvpn connection to this box.
  2. openbox, kodi configuration to run on boot along with the Steam Controller for the HTPC setup
  3. Docker main configuration with half-baked CA setup
  4. btrfs-backed subvolumes and snapshotting for most things in /mnt/xwing/ (in-progress)
  5. User-creation on the main server. (I'm using a common user for media applications and specific users for other applications)


All code in this repository is shared under the MIT License.