Self-hosted infrastructure,
owned end to end.

Chat interface for local LLMs running on Ollama, providing a ChatGPT-like UI backed entirely by locally-running models. No data leaves the server — conversations, documents, and queries stay on hardware I control. Useful for tasks where I don't want to send context to an external AI service.

AI document classifier companion for Paperless-ngx. After OCR, it uses AI to suggest document types, correspondents, and tags — reducing the manual filing work considerably. The confidence score on each suggestion makes it easy to accept accurate classifications and correct the ones that miss.

AI-powered personal answering engine that searches through notes, documents, and bookmarks to answer questions with grounding in personal context. A local alternative to asking ChatGPT things that touch personal data — answers are backed by sources I've actually saved and can verify.

Collection of PDF manipulation tools — merge, split, compress, convert, and more — running entirely locally. No uploading documents to third-party services for basic PDF operations. The kind of tool that replaces a dozen sketchy free PDF websites and keeps sensitive documents off external servers.

Web file manager for browsing and downloading files from the media mount. Useful for quickly grabbing a file from /mnt/media/ without SSH or a Samba share. Also supports uploads, so it doubles as a lightweight way to add files to the server from any browser — handy when the Samba share isn't reachable.

Bookmark manager with AI-powered auto-tagging and full-text search across saved content. Articles and pages saved through the browser extension get indexed and automatically tagged by the AI classifier. Replaces Pocket, Instapaper, and a tangled mess of browser bookmarks with a single searchable archive that I actually own.

Medical records and health document organizer for the whole family. Stores documents, prescriptions, vaccination records, and clinical notes in one searchable place. Useful at a doctor's appointment when asked about past medications or procedures — everything accessible from the phone without digging through paper files.

Lightweight, privacy-first note-taking app for quick thoughts and fleeting ideas. Think of it as a self-hosted microblog — short-form entries with tags and full-text search, deliberately simple with no nested folders or complex hierarchy. Ideal for capturing thoughts that don't belong in a task manager but shouldn't be lost to a chat app.

Document management with OCR and full-text search. Physical documents get scanned and dropped into an inbox folder — Paperless picks them up, runs OCR via Tika and Gotenberg, tags them automatically, and makes them searchable. The long-term goal is zero physical paper filing: everything scanned, indexed, and findable in seconds.

Cloudflare bypass proxy used by Prowlarr for indexers that require JavaScript challenge solving. Runs headless Chromium to solve Cloudflare challenges and return the resulting cookies to the caller. A necessary piece of plumbing for indexers that block direct HTTP scraping.

Indexer manager that centralizes all torrent and Usenet indexer configurations in one place and syncs them to downstream clients automatically. Adding or updating an indexer in Prowlarr propagates everywhere without reconfiguring each client. Integrates with FlareSolverr for indexers that require JavaScript challenge solving.

BitTorrent client running inside the Gluetun VPN container on the isolated vpn_net network. The kill switch ensures that if the WireGuard tunnel drops, qBittorrent immediately loses network access rather than leaking the real IP. The web UI is accessible only from the LAN via Godoxy — no external exposure.

AI companion for Actual Budget that automatically classifies imported transactions into budget categories. Learns from historical transaction patterns and suggests categories for new ones. Cuts down the manual categorization work significantly — most transactions are classified correctly on the first pass.

Zero-based budgeting app with a local-first data model — all budget data is stored locally with optional end-to-end encrypted sync. The philosophy of giving every dollar a job makes spending decisions deliberate. No subscription cost, no bank credentials sent to a third party, and the data is mine to export whenever.

Price tracker for monitoring products from multiple retailers. Set up a product URL, configure a target price, and get an ntfy notification when the price drops. Useful for patient purchasing rather than impulse buying — the kind of tool that pays for the server costs in a single deal.

Network-wide DNS filtering running directly on the NixOS host — not in Docker — so it starts before any container. Blocks ads and trackers across every device on every subnet without per-device configuration. Uses Cloudflare DoT and Quad9 DoT as encrypted upstreams, with a 4 MB optimistic cache to keep latency low even when upstream resolvers are slow.

Minimal monitoring dashboard that tracks CPU, RAM, disk, and network per container and per host. Lighter than a full Prometheus/Grafana stack while covering the "is this thing healthy?" use case well. The agent runs on each monitored host and reports back over a secure WebSocket channel with historical charts and configurable alerts.

Web admin interface for the NixOS server, useful for quick tasks like checking running services or resource usage without SSH. Not heavily used day-to-day since NixOS config handles most setup, but handy for ad-hoc diagnostics, storage management, and the occasional terminal session from a browser on a device where SSH isn't set up.

Collaborative IDS running alongside Godoxy. It parses proxy logs, detects attack patterns, and shares threat intelligence with the wider CrowdSec community — in return getting a continuously updated blocklist of IPs flagged across thousands of other deployments. The web UI shows what's being blocked in real time.

Stack manager UI that makes it easy to start, stop, restart, and update Docker Compose stacks without SSH. All stacks live at /opt/docker/apps/ and are version-controlled in git — Dockge just provides a friendly interface over them. Essential for stack management on a TV or mobile browser when a quick restart is needed away from the desk.

Zero-config log viewer that reads directly from the Docker socket via a socket proxy. No log aggregation or storage — just a fast way to tail any container's logs from a browser without opening a terminal. Invaluable for quickly debugging a misbehaving container without SSH.

The entry point for every service I host. Godoxy auto-discovers containers via Docker labels and issues wildcard TLS certificates through Cloudflare's DNS challenge — no manual cert work ever. The built-in GeoIP ACL restricts access to Canada and my LAN, and CrowdSec handles IP-level threat intelligence in real time. Hot-reloads on config changes without a restart.

Self-hosted Tailscale control plane running on the VPS, keeping mesh VPN coordination off Tailscale's cloud entirely. All Tailscale clients register against this server instead of the commercial endpoint. The VPS only needs port 443 open; the control plane proxied behind VPS Godoxy means it gets OIDC protection and rate-limiting for free.

Push notification relay that lets any service send an HTTP request and have it appear on my phone instantly. Every homelab alert — Godoxy access denials, backup completions, failed health checks — routes through ntfy topics. The default auth policy is deny-all so only authenticated publishers can send; topics are cheap to create so each service gets its own.

Lightweight OIDC provider that acts as the single sign-on entry point for every service that supports OAuth. When Godoxy enforces OIDC middleware on a route, this is where credentials are verified. The static API key integration lets automated tools authenticate without a browser flow, and passkey support means no passwords to remember.

SMART monitoring for all physical drives, storing historical health data in InfluxDB so trends are visible over time. Sets up alerts when drive health degrades before failure becomes imminent. The collector runs on a schedule and the dashboard shows temperature trends and attribute history per drive — catching issues weeks before they'd otherwise surface.

Bitwarden-compatible server that stores all passwords, TOTP seeds, and secure notes locally. The official Bitwarden browser extensions and mobile apps connect to it directly — the only change from cloud Bitwarden is the server URL. Encrypted sync means offline access works even when the server is unreachable.

Audiobook and podcast server with cross-device progress sync. Picks up exactly where I left off on any device without any cloud sync service. Also handles podcast RSS subscriptions so every episode is downloaded locally and available offline — no ad tracking, no platform lock-in, and no disappearing back-catalogues.

Web radio station for streaming music to external listeners on a scheduled or auto-DJ basis. Configured to play from a curated library playlist when no live session is running. More of a fun project than core infrastructure, but it's been running continuously since setup and occasionally gets used for small group listening sessions.

Self-hosted replacement for Google Photos — automatic backup from iPhone, face recognition grouping, and album sharing. The machine-learning container handles face and scene classification locally with no data leaving the server. All original-quality photos and videos stay on hardware I control, with a timeline view that works as well as any cloud app.

Music streaming server that works with any Subsonic/OpenSubsonic-compatible client. The entire local music library is indexed and accessible from any device with gapless playback and scrobbling to Last.fm. Keeps music organized and available without depending on Spotify or Apple Music — entire library accessible offline via the mobile client.

Soulseek P2P client for acquiring music from the community. The Soulseek network is particularly good for rare albums, live recordings, and releases not available on streaming services. Runs headless with a web UI, integrated into the music workflow alongside music-grabber and Navidrome for a fully self-hosted music pipeline.

Travel and adventure journal with map visualization. Each trip gets a log with photos, routes, and notes plotted on an interactive map. More personal than Instagram, less ephemeral than a notes app, and all the data stays local — no social platform deciding what to surface or delete.

Task and chore tracker with support for recurring schedules. Perfect for household tasks that need doing on a regular cadence — if the task isn't logged as done, donetick keeps flagging it as overdue. More flexible than a simple to-do list for maintenance tasks that repeat weekly, monthly, or on custom intervals.

RSS aggregator for following websites and blogs without social media algorithms. Compatible with the Fever API so mobile clients like Reeder or NetNewsWire sync seamlessly. All feed data stays local — no third-party service reading my reading habits or selling them to advertisers.

Recipe manager with meal planning and automatic shopping list generation. Recipes can be imported by URL from almost any cooking website — the parser strips out the fluff and stores just ingredients, steps, and notes. Meal plans for the week automatically generate a combined shopping list, sorted by category.

Personal CRM for keeping track of relationships — notes from conversations, birthdays, gift ideas, and reminders to stay in touch. Useful for staying connected with people without relying on memory alone. The kind of tool that makes the difference between "I should call them" and actually calling.

News reader with intelligence filters that learn which stories are worth reading based on engagement patterns. The self-hosted version supports the official iOS and Android apps with full feature parity. A second reading workflow alongside FreshRSS for publishers that work better with NewsBlur's story-centric model.

Mood and energy journaling app with trend analysis over time. A quick daily check-in takes under a minute and builds up a picture of patterns over weeks and months. Useful for noticing correlations between sleep, exercise, stress, and mood that aren't obvious in the moment but become clear in the charts.

Book tracking app for managing a reading list, tracking progress, and writing notes and reviews. A self-hosted replacement for Goodreads without the social tracking, data harvesting, and Amazon ownership. Reading history and notes stay local and aren't used to sell anything.

Family fitness tracker for logging workouts, setting goals, and tracking progress over time. Designed for household use — multiple profiles, shared goals, and activity logging for different types of exercise. A self-hosted alternative to Strava or MyFitnessPal for workouts that don't need to be public.

Personal statistics dashboard that pulls activity data from Strava's API and surfaces custom analytics beyond what Strava's own interface shows. Yearly mileage totals, segment trends, gear mileage, and activity type breakdowns — all in one view without the social feed noise.

Privacy-respecting metasearch engine that queries multiple search backends and aggregates results without tracking or profiling. All searches stay local — no search history leaks to Google or Bing. The default search engine for all browsers at home, configured to weight results from sources I actually trust.

Simple, privacy-focused web analytics for tracking visits to this infra site and other self-hosted web properties. No cookies, no personal data collection, GDPR-compliant by design. Shows page views, referrers, and device stats without the complexity of Google Analytics or the ethical baggage that comes with it.

Headless browser automation that claims the weekly free games on the Epic Games store without any manual interaction. Runs on a schedule and sends an ntfy notification confirming successful claims. A minor quality-of-life automation — the games accumulate in the library whether played or not, and it costs nothing to claim them.

Collaborative virtual whiteboard for hand-drawn style diagrams. The self-hosted version means room data stays local and diagrams don't end up in Excalidraw's cloud. Primarily used for quick architecture sketches and brainstorming that doesn't need the formality of a structured diagramming tool.

P2P file transfer directly from the browser using WebRTC — the file never touches the server, it streams directly between browsers. The server just brokers the WebRTC connection. Useful for quick one-off transfers between devices without configuring a share or uploading to a cloud service.

Open-source spreadsheet engine accessible through a browser. A local alternative to Google Sheets for quick spreadsheet work without sending data to Google's servers. Still early-stage software but functional for the basic use cases that don't need the full weight of a desktop application.

Backup automation using Restic to back up critical container data to remote storage. Handles scheduling, retention policies, and monitoring through a web UI. The "set it and forget it" layer that ensures important data has an off-site copy — the thing you only appreciate when you actually need it.