Turn forgotten hardware into a self-hosted powerhouse — block ads on every device, run your own password manager, stream your own media, and eventually talk to your home using AI from anywhere. Built from a real setup, not a demo.
This guide takes you from "I have an old computer doing nothing" to "I just turned my lights off from another country using AI." It's written for humans, not sysadmins — and it's organized so that every section builds on the last without assuming you already know the next thing.
The best home lab is one that works without you thinking about it — and tells you when something goes wrong before you notice.
Read this before anything else
Quick Start Guide
This is the fast path. You will get a working baseline first. The later sections explain what you just did, why it works, and how to extend it safely without rebuilding from scratch.
The full guide is here whenever you need the detail. But if you want to get something working this weekend, follow these four milestones in order. Each one delivers real value on its own — you don't need all four before your lab is useful.
1
Server up
2
HA running
3
Secure & remote
4
AI connected
1
Get the server running
~2 hours · Weekend morning
Reserve a LAN IP for your serverLog into your router, find your server's MAC address, assign it a fixed IP (e.g. 192.168.1.100). It should never change.
Install Ubuntu Server 24.04 LTSDownload the ISO, flash to a USB drive with Balena Etcher, boot and install. Accept defaults. See §02.
Set BIOS power restore to "Always On"Critical. Without this, a power blip shuts down your server permanently. See §01.
Install Docker & Docker ComposeQuick path — fine for home lab usecurl -fsSL https://get.docker.com | shThis is Docker's official convenience script — fastest way to get running. Full repository install method in §04.
Enable UFW firewallDefault deny, allow port 22 only. Do this before anything else goes online. See §07.
Set up SSH key auth, disable passwordsGenerate a key pair on your laptop, copy it to the server, set PasswordAuthentication no. See §06.
You can now SSH into a secure, Docker-ready server from any machine on your network.
2
Get Home Assistant running
~1 hour · Weekend afternoon
Create your docker-compose.ymlUse the starter template in Appendix B. Includes HA, Portainer, and Watchtower.
Start the stackdocker compose up -d — all containers start in background.
Open HA in your browserVisit http://YOUR_SERVER_IP:8123 and complete the onboarding wizard.
Add your first integration — Settings → Integrations → search your device brand. Most smart home devices auto-discover.
Set up automatic backupsSettings → System → Backups → enable auto-backup. Saves to /config inside the container volume.
Open Portainer and verify all containers greenVisit http://SERVER_IP:9000 — all three should show "running."
Home Assistant is live on your network. Your smart home has a brain.
3
Secure it & access it remotely
~2 hours · Second weekend
Install Fail2Bansudo apt install fail2ban — SSH jail enabled by default. See §07.
Audit Docker port bindingsRun ss -tlnp — confirm nothing bound to 0.0.0.0 unexpectedly. See §07.
Create a free Cloudflare accountcloudflare.com — add your domain (or get a free one via Cloudflare Registrar).
Set up a Cloudflare tunnelZero Trust → Networks → Tunnels → create tunnel. Point it at your HA port. Add cloudflared container to Compose. See §05.
Install the HA Companion appiOS or Android — connect to your new external URL. Test from cellular (not WiFi).
Enable unattended-upgradessudo apt install unattended-upgrades — OS patches itself.
Your lab is hardened and accessible from anywhere. No open ports. No exposed IP.
4
Connect AI — talk to your home
~2 hours · Third weekend
Deploy the AI Tool API containerA small FastMCP server that exposes your infrastructure as callable tools — docker_ps, ha_get_state, ha_call_service. See §10.
Add a subdomain to Cloudflare for ite.g. tools.yourname.com — same tunnel, new Public Hostname pointing to port 3300.
Connect to Claude.ai — Settings → Connectors → Add custom connector → paste your MCP server URL.
Test a live query on your phoneOpen Claude, type "Are all my containers running?" — should get a real answer from your server.
Set up ntfy for push alertsDeploy ntfy container, add rest_command to HA config (see Appendix B), test a notification.
Try an action from your phoneAsk Claude to turn off a light, restart a container, or check your bill schedule. It's real.
You can now query and control your home from anywhere using plain English. You've arrived.
Realistic total time to Milestone 4
Spread across 3 weekends — each milestone delivers value on its own
7
hours total
3
weekends
0
IT degree needed
After Milestone 4
Your core lab is working. From here, expand it when you have a reason, and use the reference sections when you need a quick answer.
Next expansions
08
Secrets management
Lock down your working lab first with .env files, cleaner key rotation, and credentials organized across services or machines.
09
Projects — applied patterns
Once the core is stable, pick a practical next build such as ad blocking, Vaultwarden, Jellyfin, smart-plug alerts, or a wall dashboard.
Next build
Second device
Add a Node B later for media, storage, and workloads that should not share resources with Home Assistant.
Reference while building
Appendix B
Code reference
Every command, YAML block, and config snippet from this guide in one place to copy from.
Appendix C
Terms dictionary
32 terms defined plainly. Use this whenever you hit an unfamiliar word.
Coming later
Vol. 2
Email cleaner
AI-powered inbox triage across 4 accounts. Handles bills, receipts, and alerts without turning your inbox into another project.
Vol. 2
Camera streams
Turn RTSP feeds into fast dashboards, tablet views, and AI-answerable camera status using go2rtc and Home Assistant.
Vol. 2
FireStick control
Launch apps, switch screens, and route camera views to TVs with ADB-backed automations your family can actually use.
Vol. 2
Network deep-dive
Go beyond simple SSID isolation with VLANs, inter-VLAN firewall rules, and a cleaner long-term layout for cameras, IoT, and lab services.
TIP
Print just this page and keep it at your desk while you build. Each checkbox is one action — when you've ticked them all, you have a working, secure, AI-connected home lab. The rest of the guide is the "why" behind each tick.
01 — Hardware
Does Your Hardware Qualify?
You don't need new hardware. You need enough hardware. The bar is lower than you think — and a cheap used Mini PC from eBay will outperform an old tower in every way that matters for a home lab.
⚠
Do not expose anything publicly yet. Start local first. Remote access, tunnels, and hardening come later in the guide, after the core stack is stable.
The Minimum Bar
This table shows the absolute floor versus what will actually make your life pleasant. The "Notes" column explains why the recommendation exists — these aren't arbitrary numbers.
Component
Minimum
Recommended
Notes
CPU
Dual-core, 64-bit
Quad-core or better
Must be 64-bit. Docker won't run on 32-bit. Most hardware from 2012 onwards qualifies.
RAM
4 GB
8–16 GB
4 GB limits you to ~3 containers running well. Home Assistant alone wants 1–2 GB.
Storage
64 GB SSD
256 GB+ SSD
An HDD will work but container startup times are painfully slow. An old laptop SSD is perfect.
Network
100 Mbps NIC
Gigabit, wired
WiFi works to start. Go wired as soon as possible — reliability matters for a server.
Power draw
Any
Under 35W (Mini PC)
An old gaming tower 24/7 can cost $40+/month in electricity. A Mini PC costs under $5.
My Intel NUC runs 12+ Docker containers 24/7 and draws about 18W at idle. An old gaming PC doing the same job would cost me roughly $38/month more in electricity — that's $456/year just to keep the lights on. When people ask "should I buy something or use what I have?", the answer is almost always: use what you have to start, then upgrade when you have a reason to. You'll learn what you actually need from real usage, not from speculation.
Reserving a Fixed LAN IP
Your server needs a fixed IP address on your home network. Without one, your router assigns a different IP every time it reboots — breaking SSH shortcuts, Cloudflare tunnel config, and every tool that references it by address. One-time router setting, takes five minutes.
Step 1 — Find your server's MAC address
SSH into your server and run:
Run this on: Host machine (your server). This step sets host-level networking details such as DHCP reservation or IP planning.
ip link show # look for eth0 or enpXsY
The MAC is the link/ether value — six hex pairs like e4:5f:01:2a:bb:c9. Copy it exactly.
Step 2 — Reserve it in your router
Log into your router admin panel. Find DHCP Reservations (also called Static IP Assignment or Address Reservation). Add:
MAC: the value from Step 1
IP: outside your DHCP range, e.g. 192.168.1.100
Label: lab-server
TP-Link / Deco
TP-Link app → DHCP Server → Address Reservation
Eero
Eero app → select device → IP Reservation
Most routers
192.168.1.1 → LAN → DHCP → Reservations
Test it: Run sudo reboot. When it comes back, run hostname -I — it should show exactly the IP you reserved. Every SERVER_IP reference in this guide now uses that address permanently.
What to Actually Buy (If You're Starting Fresh)
Best value
Intel NUC (used, i5/i7)
eBay, $80–150. The sweet spot of power, size, and efficiency. Runs cool, silent, and indefinitely. This is what most serious home labbers use.
Budget pick
Beelink / MINISFORUM Mini PC
$100–180 new. Modern CPU, great thermals, 16GB RAM options. Good if you want something new with a warranty.
Already have it
Old laptop
Works perfectly. Built-in UPS (battery = power backup). Downside: screen and keyboard are wasted real estate. Keep the lid closed.
Free if you have it
Old desktop / tower
Great for storage-heavy setups (lots of drive bays). Loud, hot, expensive to run 24/7. Fine for experimentation, not for permanent use.
⚠
BIOS setting that will ruin your weekend: Most Mini PCs and desktops default to "Stay Off after power loss." This means if your power flickers for even a second, your server shuts down and stays down — and you can't fix it remotely. Go into BIOS before deploying anything and set power restore behavior to "Always On." This single setting has saved me from at least four emergency Sunday afternoons.
⚡ Power draw & UPS sizing
Your hardware's power draw determines what size UPS you need. Before you buy anything, add up the watts for everything you plan to run 24/7 — server, router, switch, and ONT. The whole chain matters, not just the server.
Device
Typical draw
Notes
Intel NUC / mini PC
10–25W
Idle much lower; peaks during boot
Raspberry Pi 4/5
4–8W
Very efficient; USB power
Desktop tower server
80–200W
Size UPS carefully; GPU adds more
Router + switch
8–20W
Mesh base station slightly higher
ONT / fiber modem
5–12W
Often forgotten — critical link
NAS (spinning drives)
20–50W
Drives spin up on access; budget high
Quick sizing formula: Add your total watts × 1.6 = minimum VA rating. A NUC + router + ONT at ~45W total → 72 VA minimum → a 600VA UPS gives you comfortable headroom and 15–20 minutes of runtime. See §12 for full UPS setup and Home Assistant integration.
Checkpoint:
✔ You know whether your existing hardware is viable
✔ You have a target LAN IP plan for the server
✔ You know what to buy only if the hardware fails the bar
01b — Starting From Zero
No spare hardware? Start here
What If I Don't Have Anything Lying Around?
No old PC collecting dust. No retired laptop. No hand-me-down tower. That's completely fine — and honestly, it's a cleaner start. You get to pick the right tool for the job instead of working around whatever you happen to have. Here's the honest breakdown of your options at every budget, with a recommendation at the end.
Option 1 — Raspberry Pi
The Raspberry Pi is a credit-card-sized computer built specifically for hobbyist projects. It runs a version of Linux, supports Docker, and has the largest beginner community of any single-board computer in the world. It is not a toy — people run production home labs on these.
Raspberry Pi 5
The current best Pi for home lab
$80 for the board, ~$120 fully kitted out.
Quad-core ARM processor, 8GB RAM option, real PCIe slot for an NVMe SSD, and significantly faster than the Pi 4 it replaced. Runs Home Assistant, Docker, and a handful of containers without breaking a sweat. The power supply and a decent SD card or NVMe drive are the only other things you need.
Starter kit (~$130): Pi 5 8GB ($80) + official power supply ($12) + 64GB SD card or NVMe SSD ($20–35) + case with active cooling ($15). Everything you need, nothing you don't.
→ raspberrypi.com/products/raspberry-pi-5
Raspberry Pi 4
Still excellent, cheaper used
$35–60 used · great for dedicated single-purpose tasks.
The Pi 4 (4GB or 8GB models) is slightly less powerful than the Pi 5 but still comfortably runs Home Assistant or a handful of Docker containers. Worth considering if you find one used at a good price, or if you want a dedicated second node for a specific task — like running just MQTT or just a print server.
Good use case: Run Home Assistant exclusively on a Pi 4 8GB — it's purpose-built for exactly this. The HA team even ships a dedicated Pi image (HAOS) that skips Docker entirely and makes setup a 10-minute job.
→ raspberrypi.com/products/raspberry-pi-4-model-b
⚠
Pi gotcha #1 — SD cards fail silently. The Pi boots from an SD card by default, and SD cards wear out much faster than SSDs under constant read/write loads. Use a quality SD card (Samsung Endurance Pro series) or better yet, boot from a USB SSD or NVMe drive. I've had two Pi setups corrupt their SD cards during a power blip. An SSD would have survived both.
⚠
Pi gotcha #2 — ARM architecture. The Pi uses an ARM processor, not the x86 processor in most PCs and Mini PCs. Most Docker images support both, but occasionally you'll find a container that only has an x86 build. It's rare and getting rarer — but worth knowing before you commit to a Pi for a specific workload.
Home Assistant on a Pi is genuinely the easiest path to a working smart home. Download HAOS (Home Assistant Operating System), flash it to an SD card with the Raspberry Pi Imager app, plug it into your router with an ethernet cable, and visit homeassistant.local:8123 from any browser on your network. That's it. No Linux commands, no Docker, no SSH (Secure Shell). You're running a production smart home hub in under 15 minutes.
Option 2 — Used Intel NUC (Next Unit of Computing — The Recommended Path)
If you're committing to a real home lab — meaning Docker containers, AI tool integration, security tooling, a second node someday — a used Intel NUC is the best $100–150 you'll spend. Here's why it wins for this specific use case.
Factor
Raspberry Pi 5 (8GB)
Intel NUC i5 (used)
Winner
Price
~$130 kitted out
~$100–150 on eBay
Tie
CPU performance
Good for 4–6 containers
Handles 12–15 containers
NUC
Docker compatibility
ARM — occasional gaps
x86 — universal
NUC
Storage options
SD card + USB SSD
Internal M.2 NVMe / SATA
NUC
Power draw
~5–8W
~18–25W
Pi
Community / guides
Enormous Pi community
Huge homelab community
Tie
Beginner friendliness
Very easy (HAOS option)
Slightly steeper curve
Pi
Long-term ceiling
Outgrow it at ~8 containers
Room to grow for years
NUC
Option 3 — New Mini PC (Beelink / MINISFORUM)
If you want something new, under warranty, and ready to run without any uncertainty about previous ownership, modern Mini PCs from Chinese brands have gotten remarkably good in the last two years. They're not the cheapest option but they're not far off, and you're getting current-generation hardware.
Recommended model
Beelink EQ12 / SER6
$120–180 new with 16GB RAM and 500GB SSD included.
The Beelink EQ12 uses an Intel N100 processor — a modern efficiency chip that draws only 6–15W while handling 10+ containers comfortably. It comes with RAM and storage included (unlike a Pi), has dual HDMI out, 2.5Gb ethernet on some models, and ships in a chassis that looks like it belongs in a living room, not a server room.
Why this matters: You unbox it, plug it in, install Ubuntu Server, and you're done. No SD card hunting, no separate power supply, no wondering if the cooling is adequate. Amazon delivers it fully assembled and ready to run.
If you want AMD over Intel, MINISFORUM makes solid units. The UM350 and UM560 use Ryzen 5 chips and are noticeably faster than the N100 Beelink at higher workloads — better if you plan to run PhotoPrism indexing, video transcoding, or a lot of containers simultaneously. Costs a bit more but the extra headroom is real.
When to choose this: You know from the start you want to run media transcoding, photo indexing, or plan to spin up 15+ containers. The extra $50–80 buys you significantly more breathing room.
→ minisforum.com
The Honest Recommendation
If your goal is Home Assistant first, everything else second: Get a Raspberry Pi 5 8GB with the official power supply and a quality SD card. Flash HAOS. You'll be up and running in under 20 minutes with no Linux knowledge required. Add an SSD when you're ready to get serious.
If your goal is a full home lab (this guide): Buy a used Intel NUC i5 on eBay with 16GB RAM and a 256GB SSD already installed. Budget $120–150. It's the most capable machine per dollar for the workload this guide describes, and you'll never outgrow it for a home lab context.
If you want new hardware with zero hassle: Beelink EQ12 16GB from Amazon (~$180). Arrives complete, runs everything in this guide with room to spare, looks good on a shelf, and the N100 chip draws barely more power than a Pi.
A note on "just use the cloud instead": AWS, DigitalOcean, and similar services will happily host all of this for you — but a modest cloud setup for a home lab runs $20–60/month. Over two years that's $480–1,440. A used NUC costs $120 once. The hardware pays for itself in 2–6 months, after which your home lab is essentially free to run forever. That's the math that converted me from cloud-first to self-hosted.
Total cost over 2 years (hardware + electricity)
Checkpoint:
✔ You understand the tradeoffs between Pi, used NUC, and new mini PC paths
✔ You have a practical recommendation instead of open-ended hardware shopping
✔ You can pick a path that matches budget, power draw, and upgrade headroom
◆ End of the sample chapters ◆
The other 12 sections are in the PDF.
You've read the hardware sections. The full guide covers OS install, Docker, Home Assistant, SSH, network hardening, Cloudflare tunnels, AI/MCP control, and 7 appendices — about 122 pages.
Get the PDF
Read offline. Print it. Support the work.
The polished, printable version of Vol 1 — formatted for letter size, ad-free, yours to keep. Built for sitting next to your hardware while you're elbow-deep in cables.