In the year of our lord, 2026, I figured I’d go over how I have set up this website, along with the other services I host for myself and for my business. Hopefully this proves useful to perspective self-hosters out there!
The Network
One word: Tailscale.
Tailscale is a wireguard based mesh network where your devices connect to eachother on a “tailnet”. Each device can access eachother directly via a name and a tailnet domain you are assigned. For instance, if your device is called megatron, you might connect to it through another machine on the network using megatron.stinky-panda.ts.net. It’s that easy! This is the glue of the network, which allows me to expose services from my home without exposing my home IP.
Lloyd
Lloyd is the main machine here. It runs TrueNAS Scale as its hypervisor, and runs a combination of applications from their “apps” section and docker containers I deploy manually. It, along with everything else on my network, is named after characters from the 1999 PS1 game The Legend of Dragoon. Lloyd is not ever directly exposed from my network, but is instead connected to Tailscale where it connects to the next piece of the puzzle.
Haschel
Following with my theme, my proxy server hosted on OVHCloud is called Haschel. Haschel is responsible for proxying using NGINX. Now, typically you would use this to point to local services. This is why Tailscale is so useful, however. Say I need to point to a web server on port 6969 on Lloyd. All I would do is point to port 6969 and hostname lloyd.stinky-panda.ts.net. Tailscale routes the request to Lloyd, and the only IP address ever exposed in the process belongs to Haschel hosted on OVHCloud. One quirk of Haschel is it is running NixOS, which is a Nix based operating system that can be declaratively configured. This means that everything that runs on Haschel can be defined in this git repo, and my continuous integration takes care of connecting to the actual server and re-building with the new configuration. Due to the flexibility of Nix, I can swap VPS providers at any time and be up and running in under an hour.
Putting it all together
I realize that not everyone is familiar with multi-cloud setups or mesh networking, so I made a diagram which I hope will make it clear:
Feel free to reach out if you have any questions about how I got everything working. I can be reached by email at me@atri.dad.