Everything you need to build a reliable self-hosted infrastructure — from first server to multi-node homelab.
- Privacy: Your data stays on your hardware
- Cost: Many services cost $0 after initial hardware
- Control: No vendor lock-in, no price hikes, no shutdowns
- Learning: Best way to understand infrastructure
| Service | Purpose | RAM |
|---|---|---|
| Traefik/Caddy | Reverse proxy + SSL | 64MB |
| Pi-hole/AdGuard | DNS + ad blocking | 128MB |
| Authelia | SSO + 2FA | 128MB |
| Uptime Kuma | Monitoring | 128MB |
| Service | Purpose | RAM |
|---|---|---|
| Vaultwarden | Password manager | 64MB |
| Nextcloud | File sync | 512MB |
| Immich | Photo backup | 1-4GB |
| Jellyfin | Media server | 512MB-2GB |
| Paperless-ngx | Document management | 256MB |
services:
app:
image: vendor/app:1.2.3 # ALWAYS pin version
restart: unless-stopped
security_opt:
- no-new-privileges:true
deploy:
resources:
limits:
memory: 512M- Change SSH port, disable root, key-only auth
- Enable UFW with deny-by-default
- All services behind reverse proxy
- SSL/TLS on everything
- SSO + 2FA via Authelia/Authentik
- Container security: non-root, memory limits, no-new-privileges
- Secrets in .env files, never in compose
- 3 copies of data
- 2 different media types
- 1 offsite copy
RAID is NOT backup. It protects against disk failure, not ransomware/deletion/corruption.
| Budget | RAM | Good For |
|---|---|---|
| $0 | 4-8GB | Pi-hole, small tools (Raspberry Pi) |
| $50-150 | 8-16GB | Docker host, 5-10 services (Used SFF PC) |
| $150-400 | 16-32GB | NAS + services (Mini PC) |
| $400-800 | 32-64GB | Full homelab (Used enterprise) |
Get the complete 30KB self-hosting methodology with Docker templates, Traefik configs, backup scripts, monitoring setup, and security scoring:
clawhub install afrexai-self-hosting-masteryMore agent skills: AfrexAI on ClawHub
Full context packs for your business: AfrexAI Store