← Projects Local · self-hosted

Homelab

A personal homelab on one machine — media streaming, digital libraries, a local AI file assistant, and notes, all private and backed up.

Services Runs locally — no public site.

Self-hosted stack

homelab online
Jellyfin Media
Komga Libraries
OpenClaw AI assistant
AFFiNE Notes

stack · demo

What it is

A personal homelab running on a single machine at home. It streams my media, hosts my digital book and comic libraries, runs a local AI file assistant, and keeps a private notes workspace — everything in containers, reachable only over a private network, and backed up automatically.

Nothing depends on the cloud. I wanted a private media and knowledge system I control directly instead of renting it from subscriptions and scattered storage: part media library, part NAS, part document workspace, part AI sandbox. I also wanted to learn how to run several services together through containers, persistent storage, private networking, and backups while keeping it simple enough to maintain.

The library is stocked with DRM-free content I actually own, so it stays portable and isn’t locked to any store. There are plenty of places to find it — a cheap book bundle on Humble Bundle, public-domain ebook projects, GOG for DRM-free games, and more.

Services

Jellyfin

Media streaming

Streams my films, shows, and music from local storage to any device.

Komga

Digital libraries

Hosts my comics, manga, and ebooks as clean, browsable libraries.

OpenClaw

AI file assistant

A local AI that organizes, renames, retrieves, and prepares files through natural language — confined to a sandbox.

AFFiNE

Notes & docs

A local, Notion-style workspace for notes and structured documents.

The library

DRM-free content I actually own, so it stays portable across the stack and isn’t tied to any store. A few places to find it, if you’re curious:

Book bundles Humble Bundle Cheap book and software bundles — a good place to start hunting. Public domain Open ebooks Public-domain and open-source ebooks from projects like Project Gutenberg and Standard Ebooks. DRM-free games GOG PC games that install and run without a store client.

No cloud. One machine.

Media, digital libraries, a local AI assistant, and notes — all self-hosted, private, and backed up.

Built with

  • Docker
  • Jellyfin
  • Komga
  • AFFiNE
  • OpenClaw
  • Ollama
  • Qwen
  • Tailscale
  • RTX 4070 Ti
  • cron
  • Git

Engineering

Everything in containers

Each app runs in its own isolated container, with its data kept in organized folders on disk — so services don’t collide, and one can break or be rebuilt without touching the others.

Each service runs in its own Docker container with persistent volumes mapped to organized host directories (media, libraries, documents, service data, backups). Containers are isolated, individually restartable, and rebuildable from config without disturbing the rest of the stack.

A local AI, walled off

A local AI assistant can upload, organize, rename, and retrieve files for me through plain language — but only inside a sealed workspace, so it can never touch the rest of the machine.

OpenClaw drives a local model with read/write scoped to a delegated AgentData workspace (inbox, managed documents, company records, staging, output). Web-UI uploads import from an inbound mount and are organized by the assistant; requested files are copied to an output folder and served over a private local/Tailscale download route. The assistant has no access outside the sandbox.

Runs on my own GPU

The AI model runs on my own graphics card — nothing is sent to an outside service. The trade-off is speed: a capable model on consumer hardware is slower than a cloud API, but it’s fully private.

Ollama runs Qwen (33B parameters) locally on an RTX 4070 Ti. With limited VRAM the 33B model runs primarily on CPU, so responses are slower than an API call; smaller models (Gemma 2B/4B) were tested but proved less reliable at local file-manipulation reasoning. The win is privacy: no inference leaves the machine.

Private remote access

I can reach the whole setup from anywhere without ever exposing it to the public internet.

Tailscale puts every device on one private WireGuard network. No public ports are opened; the services are reachable only over the tailnet, so the box stays invisible to the open internet.

Backs itself up

The system protects its own data, so a wrong move, a broken container, or a rebuild is recoverable.

Host-side Git versioning tracks the AI sandbox’s file operations, and automated cron jobs back up configuration and critical volumes — so misplaced, renamed, or deleted files can be restored and the machine can be rebuilt.

Have a dream project?

Tell me your idea and I’ll send you a quote.