Core & Portal

Remote Access — Cloudflare Tunnel

All active services are accessible remotely via Cloudflare Zero Trust (Tunnel) — no open ports, no exposed IP. The tunnel is deployed directly as a native systemd service (cloudflared) in NixOS.

Service	Local IP / Port	Local Alias	Public Route
Portal	192.168.1.100:80	nixos.local:80	home.javiersc.com
SSH	192.168.1.100:22	nixos.local:22	ssh-home.javiersc.com
Home Assistant	192.168.1.100:8123	nixos.local:8123	home-assistant-home.javiersc.com
Jellyfin	192.168.1.100:8096	nixos.local:8096	jellyfin-home.javiersc.com
Transmission	192.168.1.100:9091	nixos.local:9091	transmission-home.javiersc.com
Sonarr	192.168.1.100:8989	nixos.local:8989	sonarr-home.javiersc.com
Radarr	192.168.1.100:7878	nixos.local:7878	radarr-home.javiersc.com
Prowlarr	192.168.1.100:9696	nixos.local:9696	prowlarr-home.javiersc.com
Jackett	192.168.1.100:9117	nixos.local:9117	jackett-home.javiersc.com
Backrest	192.168.1.100:9898	nixos.local:9898	backrest-home.javiersc.com
Documentation	192.168.1.100:4321	nixos.local:4321	docs-home.javiersc.com

Key Integration Logic

• Jackett: Acts as a proxy between our indexers (Torznab/RSS) and the Arr stack (Sonarr/Radarr). It is essential for searching content in private/public trackers that are not natively supported by Prowlarr or the Arr apps themselves.
• Local/Remote Access Toggle: To solve the issue of accessing services natively on LAN vs. via Cloudflare URLs externally, we developed a custom toggle injected via Nginx. It dynamically rewrites all dashboard links to point to either the internal IP (192.168.1.100) or the public domain.

Note: Multicast DNS (mDNS) is enabled via Avahi, making the .local domains available on the LAN without extra DNS configuration.

Homepage Dashboard (Portal)

The entry point for the homelab is built using Homepage, natively declared in services/portal.nix.

UI & Structure:

• Layout: Organized into four main categories: Automation (Home Assistant), Media & Entertainment (Jellyfin, Transmission), Management (Sonarr, Radarr, Prowlarr), and Infrastructure (Documentation, Cloudflare).
• Aesthetics: Dark theme, blurred cards (cardBlur: "sm"), and an Unsplash background image.
• Widgets: Includes system monitoring (CPU/Memory) and date/time.

Nginx Proxy & Local/Remote Access Toggle

The Homelab handles dynamic routing depending on where you access it from. We use Nginx (services/proxy.nix) to serve the dashboard and proxy all services through port 80. This allows a single entry point for the Cloudflare Tunnel.

To solve the issue of accessing services natively on LAN vs. via Cloudflare URLs externally, we developed a Local/Remote Access Toggle:

• A custom JavaScript file (services/toggle.js) is injected into the Homepage UI via Nginx (location = /api/config/custom.js).
• It renders a toggle button next to the system clock on the dashboard.
• Remote Mode (Default): Links point to public Cloudflare domain routes (e.g., https://jellyfin-home.javiersc.com).
• Local Mode: Toggling the button saves the state in localStorage and dynamically rewrites all service links on the DOM to point to their direct local IP and port (e.g., http://192.168.1.100:8096).

Media Services Management

Transmission Scheduling (Bandwidth Control)

To optimize network performance and ISP ratios, Transmission follows an automated schedule:

• Day Mode (08:00 - 00:00): Download capped at 50MB/s, Upload disabled (0 kb/s). This ensures maximum bandwidth for home use.
• Night Mode (00:00 - 08:00): Download 50MB/s, Upload 50MB/s. Maximum seeding performance during off-peak hours.
• Manual Overdrive: The “Turtle” button in the UI is reserved for emergency manual pausing.

Services (Pending NixOS Migration)

The following services were part of the previous architecture and are currently pending integration into the new NixOS native deployment:

• Appwrite (Backend)
• Immich (Photos)
• Penpot (Design)
• Postiz (Social)