A Stronger HomeLab

A Stronger HomeLab

August 3, 2025

Intro

BackUps

Lately I was reading this reddit backup post

Because its not about if, but when a single point of failure will be gone.

  1. NextCloud
  2. ProtonDrive

Unfortunately, there is no official https://github.com/donniedice/protondrive-linux

You also have some static/blob storage:

sudo sudo du -h --max-depth=10 /var/lib/docker | sort -rh | head

How about code backups?

Media

Privacy Apps

Some time ago I put together this list of cool security apps: https://jalcocert.github.io/Linux/docs/nix/fav-apps/#secprivacy

  1. Secure email client via Thunderbird or https://proton.me/blog/proton-mail-desktop-app
wget https://proton.me/download/mail/linux/1.9.0/ProtonMail-desktop-beta.deb
sudo dpkg -i ProtonMail-desktop-beta.deb
sudo apt-get install -f

You can use my protonmail referal: https://pr.tn/ref/RHJ7YZE8BN8G

VPN

To connect to your homelab, having a VPN at home is a nice way.

You can combine it with HTTPs/SSL setup if you have a domain + have this Traefik Setup.

To get started, tailscale is a great way to proceed.

You also have:

  1. ProtonVPN
#https://protonvpn.com/support/official-linux-vpn-debian/
wget https://repo.protonvpn.com/debian/dists/stable/main/binary-all/protonvpn-stable-release_1.0.8_all.deb
sudo dpkg -i ./protonvpn-stable-release_1.0.8_all.deb && sudo apt update
#echo "0b14e71586b22e498eb20926c48c7b434b751149b1f2af9902ef1cfe6b03e180 protonvpn-stable-release_1.0.8_all.deb" | sha256sum --check -
sudo apt install proton-vpn-gnome-desktop
  1. Mullvad

Via Mullvad x Gluetun

Or locally:

#https://mullvad.net/en/download/vpn/linux
# Download the Mullvad signing key
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc

# Add the Mullvad repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable stable main" | sudo tee /etc/apt/sources.list.d/mullvad.list

# Install the package
sudo apt update
sudo apt install mullvad-vpn
  1. Wireguard

Which you can setup via wg easy as seen with the x300

HTTPs and SSL Everywhere

  1. With NGINX Proxy Manager via UI

  2. With Traefik Programatically!

Passwords

I simply love Bitwarden (which can also be selfhosted).

You also have:

2FA

Initially, I was using authy as my 2fa app.

I also tried Google auth and microsoft version of it.

They all work fine.

Then I heard about: 2FAS and Aegis, which are OSS.

But just recently, we have https://proton.me/authenticator

curl -LO https://proton.me/download/authenticator/linux/ProtonAuthenticator_1.0.0_amd64.deb
sudo dpkg -i ProtonAuthenticator_1.0.0_amd64.deb
sudo apt-get install -f
#rm ProtonAuthenticator_1.0.0_amd64.deb
  • It works cross-device (for real, including linux desktop + android).
  • Its OSS and allows direct import/export.
  • Allows (optional) to automatic sync via a proton account.

Im using mostly 2FAS (which syncs codes via gdrive)

But im giving a try to ProtonAuthenticator (Synced via protonmail + keeping backup codes handy, just in case)

For business purpose, you can still keep your microsoft auth / Google 2fa

Chats

I like the telegram desktop app, but lately whenever i open it leaves my system frozen for a while.

#flatpak install flathub org.telegram.desktop

Telegram bots are fun to tinker with!

In case that some of the well know chats stop working, you can try these:

flatpak install flathub im.riot.Riot #element
#flatpak install flathub org.signal.Signal

If you like Matrix or Signal, you might find interesting:

Bluetooth mesh chat, IRC vibes

Private AI

AI Apps with Containers and Cloudflare Tunnels

LLMs

Try with Ollama

Alternatively, you can try these LLMs:

Image Generation

  • Foocus
  • Stable Difussion Web UI
  • Easy Difussion

Conclusions

Its a long way to the top if you wanna rocknroll.

Same for homelab security.

Dont forget to clean from time to time the apt packages that you are not using.

To do that via UI, you can try Stacer