Hostname Crimson - Fedora CoreOS Home Server
Running and maintaining a home server on an immutable Linux operating system, leveraging the strengths of containerization.
Fedora CoreOS — uCore
For the operating system, I chose uCore. This is a custom image based off of Fedora CoreOS. CoreOS is an immutable Fedora Linux system, meaning it has image based updates for a read-only set of system packages. The updates are atomic and secure, builds are minimal, flexible, and reproducable. The atomic nature makes this a perfect operating system to build on for containerization, particularly for podman
.
Rootless Podman + Systemd
Podman is the more integrated containter management tool for Fedora and Red Hat operating systems. Rootless containers are a critical feature of Podman, which I use to run the majority of my services. This is not neccesarily as seamless as rootful containers, but enjoys the benefit of added security and integration to the user level.
Quadlet is to Podman, as Compose is to Docker
Quadlet is a tool to manage unit files that run podman containers. This allows you to use systemd service features to control containers. The syntax follows the systemd units, an Ollama container would look like this.
Now you can treat the container like any other service. Like restarting your ollama container,
systemd restart ollama.service
Crimson Services
All of the services running on Crimson are containers, including the web server for this site. This way I can manage them all in the same place, reproduce them in different environments, keep updates/dependencies bundled with service, and have a layer of security between the service and my operating system.
Multi-Layer Caddy Reverse Proxy
I have two layers of Caddy reverse proxies to manage the different services on Crimson. One layer runs as the root user, which allows it to use the privileged HTTP/S ports and interact with the few rootfull services like Cockpit. The rootless caddy then interacts with the bulk of the services, accessing them through a podman bridge and proxying them to subdomains. This setup allows me to keep the interaction between rootfull and rootless services minimal.
Data
- Ollama - Large Language Model Hosting
- Nextcloud - Cloud storage
- Bitwarden - Password Manager
Media
- Jellyfin - Media Video Servicer
- Jellyseerr - Media Requesting
- Sonarr/Radarr/Prowlarr - Media Tracking/Management
Management
- Firefly - Personal Money Manager
- Mealie - Receipe Manager
- Peppermint - Ticket System
Server Features
Storage
Crimson has a little over 9TB of total used storage between 3 HDD and the main SSD. The hard drives use ZFS for snapshots and RAID capability, where 2 16TB drives are configured in RAID 1.
The main configuration files for my server are in my server user home directory, which is backed up nightly with restic to a Home Theater PC.
GPU
A Nvidia 1660S provides Crimson with enough power to transcode videos, run gaming virtual machines, and run Large Language Models. uCore provides an image specifically for Nvidia server workloads, ensuring updated drivers.