Back to Projects
UnraidDockerTailscaleCloudflareVaultwardenn8nAMPGame Servers

Infrastructure & Homelab

HP DL380 Gen9 server running 15 Docker containers, Tailscale mesh VPN, Vaultwarden, AdGuard Home, n8n automation, game server hosting — enterprise-grade, self-hosted.

The Problem

Cloud services are expensive, privacy-invasive, and create vendor lock-in. For someone building AI systems that process personal data, relying on third-party infrastructure means trusting companies with sensitive information. I needed enterprise-grade infrastructure that I fully control — running 24/7, accessible from anywhere, and costing nothing beyond electricity.

The Solution

An HP DL380 Gen9 enterprise server (nicknamed “Brain”) running Unraid, hosting 15 Docker containers that provide everything from AI inference to password management to game server hosting to DNS-level ad blocking. A Tailscale mesh VPN connects all devices securely, and Cloudflare Tunnels expose select services to the public internet without opening any ports.

Infrastructure Map

The Brain (HP DL380 Gen9)

  • OS: Unraid (enterprise NAS + Docker + VM host)
  • Network: 192.168.0.100, with iLO remote management at 192.168.0.101
  • Role: 24/7 server for all services
  • Management: SSH key auth, iLO Advanced lifetime licence

The Muscle (Custom Workstation)

  • CPU: AMD Ryzen 9 5950X (16C/32T)
  • GPU: NVIDIA RTX 5070 Ti (primary AI inference)
  • RAM: 64GB DDR4
  • Role: GPU compute for AI models, development workstation

The 15 Docker Containers

  1. quartalis-backend — FastAPI AI backend (port 8000)
  2. quartalis-website — Portfolio site via nginx:alpine (port 8084)
  3. ollama — Local LLM inference server
  4. tm-wordpress — Tangible Memories store (port 8082)
  5. tm-mariadb — Database for WordPress
  6. tm-cloudflared — Cloudflare Tunnel daemon
  7. AMP — Game server management panel (6 server instances)
  8. emby — Media server
  9. Flood-UI — Torrent management interface
  10. transmission — BitTorrent client
  11. NginxProxyManager — Reverse proxy with SSL
  12. n8n — Workflow automation (port 5678)
  13. vaultwarden — Password manager (port 8088)
  14. adguardhome — DNS ad/tracker blocking (port 53)
  15. ogi-discord-bot — Custom Discord bot

Security Stack

Vaultwarden

Self-hosted Bitwarden-compatible password manager. ~400 passwords imported, new signups disabled, accessible via Tailscale VPN only.

Tailscale Mesh VPN

WireGuard-based mesh network connecting Brain server, development PC, and mobile devices. No port forwarding required — all devices communicate directly over encrypted tunnels. Native install on Unraid starts automatically via /boot/config/go.

AdGuard Home

Network-wide DNS ad and tracker blocking. All DNS queries on the network route through AdGuard on the Brain server, blocking ads, trackers, and malicious domains at the DNS level.

Game Server Hosting (AMP)

Years of experience managing dedicated game servers using CubeCoders AMP (Application Management Panel). Multiple survival and multiplayer game servers configured, modded, and maintained:

  • Space Engineers — Two Torch-modded instances (custom mod packs, automated restarts, performance tuning)
  • Conan Exiles — Dedicated server with mod management
  • 7 Days to Die — Survival server with custom configuration
  • SCUM — Open-world survival server

AMP provides centralised management of all instances — start/stop, mod updates, scheduled restarts, console access, player management, and resource monitoring from a single web panel.

Automation (n8n)

n8n handles workflow automation with visual node-based programming:

  • Deadline Reminders: Daily 8 AM email checks for upcoming deadlines
  • Blog Automation: Mon/Wed/Fri auto-generation of AI blog posts, site rebuild, and email notification
  • Weekly Roundup: Saturday RSS aggregation from 8 tech feeds, LLM-curated weekly digest
  • Newsletter: Auto-sends to subscribers when new blog posts publish
  • Gmail SMTP: Outbound email via Google app password
  • Expandable: webhook triggers, API integrations, scheduled tasks

Key Technical Decisions

  • Unraid over Proxmox: Better NAS features, Docker-native, simpler for mixed workloads
  • Tailscale over WireGuard direct: Zero-config mesh, automatic key management, NAT traversal
  • Vaultwarden over cloud Bitwarden: Self-hosted, no subscription, full control over data
  • Host networking for backend: Simplifies container-to-container communication on same host

Results

  • 15 Docker containers running 24/7 with automatic restart
  • £0/month for services that would cost £50+ in cloud subscriptions
  • ~400 passwords securely managed in self-hosted vault
  • Network-wide ad/tracker blocking via DNS
  • Secure remote access from any device via Tailscale mesh
  • 6 game server instances managed via AMP
  • Automated content pipeline — blog posts, newsletters, and deadline reminders via n8n
  • 2 public websites served through Cloudflare Tunnels (zero open ports)

Tech Stack

Unraid, Docker, Tailscale, Cloudflare Tunnel, Vaultwarden, AdGuard Home, n8n, nginx, AMP, SSH, iLO, HP DL380 Gen9

Interested in something similar?

I build custom AI systems and infrastructure for businesses.

Get In Touch