Potato Home Server

Hardware

• Mainboard and CPU Minisforum BD790i
• Case Fractal Design Torrent Nano
• CPU Fan Noctua NF-A12x25
• Power Supply ATX PS2 750 W
• M2 SSDs 2x 4 TB
• RAM 2x32 GB 6000 MHz
• Hard Drives

Software

Plan:

• Mirror my desktop as much as possible for comfort
• Simpler services run as normal packages and systemd services
• Bigger complext stuff run in containters with podman
• Consider using nix for services

Networking

Most services should only be accessible for clients connected with vpn or already on lan

WireGuard

Maybe use this? wg-easy

Caddy

Add this rule to things that should only be available to wireguard connected clients

#https://caddyserver.com/docs/caddyfile/matchers#remote-ip
(local-only) {
  # private_ranges all private IPv4 and IPv6
  @denied not remote_ip private_ranges
  # abort @denied 
  respond @denied "<h1>No Potato</h1>" 403
}

# Example usage
http://mysite.example.com {    
    handle {
        import local-only

        # Your website handling logic goes here
        reverse_proxy 127.0.0.1:8080
    }
}

Nextcloud Caddy Config Caddy local https