Homelab Overview
You are managing your homelab using Proxmox with VMs for Ubuntu, Kali, and pfSense. Your main goals include hosting your own services, automating workflows, and connecting everything securely with Twingate.
Infrastructure Components
Proxmox VE (Hypervisor)
- Purpose: Virtualization platform for all services
- Hardware: Dedicated server or powerful workstation
- VMs Hosted:
- Ubuntu Server (primary services)
- Kali Linux (penetration testing)
- pfSense (firewall and routing)
Ubuntu VM (Services Host)
- Role: Main application server
- Services:
- Obsidian sync (CouchDB)
- n8n automation platform
- Docker containers
- Database servers
pfSense VM (Network Security)
- Role: Firewall and network gateway
- Features:
- VLAN management
- VPN server
- DNS resolver
- Traffic monitoring
Twingate (Secure Remote Access)
- Purpose: Zero-trust network access
- Benefits: Secure remote access without exposing ports
Obsidian Setup
Self-Hosted Sync Solution
- Obsidian is being self-hosted using CouchDB
- Running on the Ubuntu VM
- Connected using Obsidian LiveSync plugin
- Secure remote access managed via Twingate
Why Self-Host Obsidian Sync?
- Data Sovereignty: Full control over your notes
- Privacy: No third-party access to sensitive information
- Cost: Free alternative to Obsidian Sync subscription
- Learning: Hands-on experience with database management
Step-by-Step Setup Plan
Phase 1: Server Preparation
1. Update and Secure Ubuntu VM
# System updates
sudo apt update && sudo apt upgrade -y
# Install essential tools
sudo apt install -y curl wget git vim ufw
# Configure firewall
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable2. Install Docker and Docker Compose
# Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
# Install Docker Compose
sudo apt install docker-compose -y
# Add user to docker group
sudo usermod -aG docker $USER
newgrp docker
# Verify installation
docker --version
docker-compose --version3. Create Service Directories
# Create organized directory structure
mkdir -p ~/services/{obsidian-sync,n8n,backups}
cd ~/servicesPhase 2: Deploy CouchDB for Obsidian Sync
1. Create Docker Compose Configuration
cd ~/services/obsidian-sync
nano docker-compose.ymlversion: '3.8'
services:
couchdb:
image: couchdb:latest
container_name: couchdb-for-obsidian
environment:
- COUCHDB_USER=admin
- COUCHDB_PASSWORD=your_secure_password_here
volumes:
- ./data:/opt/couchdb/data
- ./config:/opt/couchdb/etc/local.d
ports:
- 5984:5984
restart: unless-stopped
networks:
- homelab
networks:
homelab:
driver: bridge2. Launch CouchDB
# Start CouchDB
docker-compose up -d
# Verify it's running
docker ps | grep couchdb
# Check logs
docker logs -f couchdb-for-obsidian3. Configure CouchDB
- Open CouchDB dashboard:
http://<ubuntu-vm-ip>:5984/_utils - Login with credentials from docker-compose.yml
- Create database named obsidian
- Enable CORS if accessing from different origins
4. Connect Obsidian Desktop
- Install Self-Hosted LiveSync plugin in Obsidian
- Configure plugin settings:
- Remote Database URL:
http://<ubuntu-vm-ip>:5984/obsidian - Username:
admin - Password: Your CouchDB password
- Remote Database URL:
- Initialize sync and test
Phase 3: Install and Configure n8n
1. Create n8n Directory and Configuration
cd ~/services/n8n
nano docker-compose.ymlversion: '3'
services:
n8n:
image: n8nio/n8n:latest
container_name: n8n-automation
restart: unless-stopped
environment:
- GENERIC_TIMEZONE=Europe/Paris
- N8N_BASIC_AUTH_ACTIVE=true
- N8N_BASIC_AUTH_USER=admin
- N8N_BASIC_AUTH_PASSWORD=secure_password
- N8N_HOST=n8n.lab
- N8N_PORT=5678
- N8N_PROTOCOL=https
- WEBHOOK_URL=https://n8n.lab/
ports:
- 5678:5678
volumes:
- ./data:/home/node/.n8n
- ./local-files:/files
networks:
- homelab
networks:
homelab:
external: true2. Launch n8n
# Start n8n
docker-compose up -d
# Check status
docker logs -f n8n-automation3. Access n8n Interface
- Navigate to:
http://<ubuntu-vm-ip>:5678 - Login with credentials from docker-compose.yml
- Complete initial setup wizard
Phase 4: Automate Backups with n8n
Backup Strategy
- Daily Backups: Obsidian vault and CouchDB data
- Weekly Backups: Full system configuration
- Monthly Archives: Long-term storage
Create Backup Workflow in n8n
Workflow Components:
Schedule Trigger (Cron Node)
- Schedule: Every Sunday at 2:00 AM
- Expression:
0 2 * * 0
Create Backup (Execute Command Node)
#!/bin/bash BACKUP_DIR="/backups/obsidian" DATE=$(date +%Y-%m-%d_%H-%M-%S) # Create backup directory mkdir -p $BACKUP_DIR # Backup Obsidian vault tar czf $BACKUP_DIR/obsidian-vault_$DATE.tar.gz /path/to/obsidian-vault # Backup CouchDB data tar czf $BACKUP_DIR/couchdb-data_$DATE.tar.gz ~/services/obsidian-sync/data # Keep only last 4 weeks of backups find $BACKUP_DIR -name "*.tar.gz" -mtime +28 -delete echo "Backup completed: $DATE"Verify Backup (Execute Command Node)
# Check if backup file exists and has reasonable size LATEST_BACKUP=$(ls -t /backups/obsidian/*.tar.gz | head -1) SIZE=$(stat -f%z "$LATEST_BACKUP" 2>/dev/null || stat -c%s "$LATEST_BACKUP") if [ $SIZE -gt 1024 ]; then echo "Backup successful: $LATEST_BACKUP ($SIZE bytes)" exit 0 else echo "Backup failed or too small!" exit 1 fiSend Notification (HTTP Request Node or Telegram)
- On success: “✅ Backup completed successfully”
- On failure: “❌ Backup failed! Please check logs”
Phase 5: Remote Access and Security
Install Twingate
- Create Twingate Account
- Sign up at twingate.com
- Create new network
- Deploy Twingate Connector
# Download and install Twingate connector
curl -s https://binaries.twingate.com/connector/setup.sh | sudo bash
# Configure connector
sudo twingate-connector setup- Configure Resources
- Add Ubuntu VM services
- Add Proxmox web interface
- Add n8n automation platform
Alternative: Cloudflare Tunnel
For HTTPS access without port forwarding:
# Install cloudflared
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared-linux-amd64.deb
# Authenticate
cloudflared tunnel login
# Create tunnel
cloudflared tunnel create homelab
# Configure tunnel
nano ~/.cloudflared/config.ymltunnel: <tunnel-id>
credentials-file: /root/.cloudflared/<tunnel-id>.json
ingress:
- hostname: n8n.yourdomain.com
service: http://localhost:5678
- hostname: couchdb.yourdomain.com
service: http://localhost:5984
- service: http_status:404Weekend Action Plan
Saturday Schedule
Morning (2-3 hours)
Afternoon (2-3 hours)
Evening (1-2 hours)
Sunday Schedule
Morning (2-3 hours)
Afternoon (2-3 hours)
Evening (1-2 hours)
End Goal: Complete Self-Hosted Environment
By Monday, you’ll have:
✅ Infrastructure
- Proxmox hypervisor with organized VMs
- Secure network with pfSense firewall
- Docker-based service architecture
✅ Core Services
- Self-hosted Obsidian sync (CouchDB)
- n8n automation platform
- Automated backup system
✅ Security
- Secure remote access (Twingate)
- Encrypted connections (HTTPS/SSL)
- Regular automated backups
✅ Automation
- Weekly backup automation
- Notification system for monitoring
- Workflow foundation for future projects
Next Steps and Future Enhancements
Short Term (1-2 weeks)
- Add reverse proxy (Nginx Proxy Manager)
- Configure custom domain names
- Set up monitoring (Uptime Kuma)
Medium Term (1-2 months)
- Add more automation workflows
- Implement log aggregation (Loki + Grafana)
- Create disaster recovery plan
Long Term (3-6 months)
- Expand homelab with additional services
- Implement GitOps for infrastructure as code
- Create comprehensive documentation
Conclusion
This roadmap provides a clear path from initial setup to a fully functional, self-hosted homelab environment. By following this phased approach, you’ll build a solid foundation for automation, security, and continuous learning.
The key to success is steady, incremental progress. Start with the basics, ensure each component works correctly, and gradually add complexity. Document everything in Obsidian, and don’t hesitate to experiment and learn from failures.
Your homelab journey is a marathon, not a sprint. Enjoy the process!