2026 Mar 22 - My new router finally arrived...

I swear this week had fewer days than normal

Published: 3/22/2026 | Updated: 4/4/2026

Tags: update, home lab, server, networking, automation

This week flew by faster than I thought it could, but I did get a lot done!

Networking

My new router came, and it’s awesome. I don’t need to use custom firmware to do all the fancy networking things I want, and I can even set it up to run a wireguard VPN directly in the router. The setup was simple, and once I pointed it at my PiHole container, I could finally resolve my domain name to the server’s local IP.

I am using Traefik to reverse proxy subdomains to various different services running on the server, and for that to work the requests have to be to the actual domain name, not the private IP of the server. That’s already taken care of for requests outside the network, where DNS servers resolve the requests to my public IP, but when the DNS resolves to my public IP for requests inside the network, the system hairpins and breaks down. Thankfully, it’s simple to run a DNS server for my internal network that masks all the DNS requests for my domain name so they resolve to the local IP of the server. It’s kind of funny to think of my server resolving a domain to it’s own IP.

There is one downside to this setup, however; if my server goes down, it takes the internet connection with it, since without the server the router won’t resolve DNS requests. There’s some renovation going on right now, and someone tripped the wrong breaker the morning after I got everything setup. They turned it back on pretty quickly, but the internet didn’t come back. I spent a good half hour trying to troubleshoot the system, only to discover that I didn’t set the DHCP bypass correctly, and the router was now looking for a DNS server at an address that didn’t exist. Honestly the funniest mistake I’ve made in the entire process.

Self Hosted Services

I’ve been setting up a LOT of services on my server. My networking and management stack consists of:

• Docker to containerize all my services
• Traefik to handle TLS and reverse proxy all the other services
• PiHole to resolve my domain name locally (and block ads)
• Beszel to monitor docker and performance metrics

Most services are fully sequestered in the Docker network managed by Traefik, but PiHole gets to bind it’s own ports for DNS. The dashboard is still behind Traefik though.

I am still working on getting a Matrix server set up, which is not trivial if you want ot use all the latest and greatest features like OICD authentication. I think I’m goint to use matrix-docker-ansible-deploy to set it up, but I haven’t gotten to it yet. I also have to figure out what’s wrong with Cryptpad when setting it up with Docker. There’s some issue with the configuration files not initializing correctly.

The services I have set up so far (that aren’t related to management of the server) are:

• Actual Budget which I’m trying out for tracking my finances
• Gitea for hosting my Git repositories (this is now mirroring my GitHub)
• Jellyfin to stream my media library
• Karakeep for bookmarks and e-book automation
• Kavita for my e-book library
• Monica for my contact list and CRM. This is mostly for messing about. I will be replacing it with my SocialDB project soon
• Ollama for running (very small) LLMs locally, mostly for summarizing bookmarks right now
• Syncthing for syncing my files across devices

System Automation

I have two automation scripts set up to help run all this.

Backing up sensitive configuration data

I keep all the sensitive data for the services in .env files so that I have the option to make the repository public (or at least share it). While that solves the issue of commiting secrets to the repository, it also means there’s a lot of important configuration information that is not backed up anywhere (like specific subdmains for specific services). I decided to write a script to regularly back up all the data in the .env files, but all my secure storage solutions that aren’t on my server (like Notesnook, Proton Drive, and Bitwarden) don’t have APIs, so I needed another solution.

Turns out the perfect solution was right under my nose, and I already had it deployed on my server! I use my home server as an always on transfer node for syncthing, which syncs folders across all my devices, so as long as I encrypt the data before saving the files, I can safely back up the data with a copy on ALL my devices.

Backing up my git repositories

Another thing I wanted to back up was my repositories stored on GitHub. Until now I have relied entirely on GitHub for my offsite source control, and many of my older projects have no offline copies left. I’ve experimented with Gitea before, so I decided to set it up to mirror my GitHub.

Gitea comes with a built in mirror feature that updates it’s respository from the original source once a day, but you have to manually add every repository, there’s not “track this account” feature. What Gitea does have is a very in depth API that allows you to automate basically everything. So instead of trying to remember to manually add a repository to Gitea every time I create one, I put together a script that scans my GitHub account once a day, and adds any new repositories I’ve created on GitHub to Gitea AS mirrored repositories, and Gitea handles the syncing from then on.

Now if I ever lose my GitHub account, I lose at most one days worth of work!