Home Lab — Overview
This section documents the complete home lab setup at Ahanabipin — a self-hosted NAS, photo server, media server, automated backup, and remote access system built around the UniFi UNAS2 and a Windows mini PC.
What This Setup Does
- Stores all photos and documents from both phones and Google Drive on a local NAS with RAID 1 redundancy
- Automatically backs up new photos from both phones to the NAS every day without any manual effort
- Provides a self-hosted photo library via Immich — face recognition, smart search, map view, albums, and sharing
- Provides a self-hosted streaming platform for family — request a movie, it downloads automatically, watch it like Netflix
- Gives secure remote access to the NAS from anywhere in the world via Tailscale
- Backs up all irreplaceable data offsite to Backblaze B2 every night automatically
Architecture
For an interactive view of the architecture, see the Architecture Diagram.
Hardware
| Device | Role | IP / Location |
|---|---|---|
| UniFi UNAS2 | Primary storage, RAID 1 | 192.168.1.2 (static) |
| Mini PC (Windows) | Always-on server, runs all software | Home network |
| ISP Router | Home network gateway | 192.168.1.1 |
| Bipin's Android | Personal device, FolderSync backup | Tailscale connected |
| Ahana's iPhone | Personal device, PhotoSync backup | Tailscale connected |
Software Stack
Storage & Backup
| Software | Where It Runs | Purpose |
|---|---|---|
| UniFi Drive | UNAS2 | Storage OS, SMB shares, snapshots |
| rclone | Mini PC | Nightly sync to Backblaze B2 |
| robocopy | Mini PC | Mini PC config backup to NAS |
Photo Management
| Software | Where It Runs | Purpose |
|---|---|---|
| Immich | Mini PC (Docker) | Photo server — browse, search, share |
| FolderSync | Bipin's Android | Daily photo + Google Drive backup to NAS |
| PhotoSync | Ahana's iPhone | Auto photo backup when charging |
| Immich folder album creator | Mini PC (Docker) | Auto-creates albums from folder structure |
Media Library
| Software | Where It Runs | Purpose |
|---|---|---|
| Jellyfin | Mini PC (Docker) | Streaming server for family |
| Seerr | Mini PC (Docker) | Movie/show request portal |
| Radarr | Mini PC (Docker) | Automated movie downloads |
| Sonarr | Mini PC (Docker) | Automated TV show downloads |
| Prowlarr | Mini PC (Docker) | Torrent indexer management |
| qBittorrent | Mini PC (Docker) | Download client |
Access & Networking
| Software | Where It Runs | Purpose |
|---|---|---|
| Tailscale | Mini PC + both phones | Personal remote access (mesh VPN) |
| Cloudflare Tunnel | Mini PC | Family access without port forwarding |
Network Access Summary
| Who | How | What They Can Access |
|---|---|---|
| Bipin | Tailscale (100.x.x.x) |
Full NAS + all services |
| Ahana | Tailscale (100.x.x.x) |
Full NAS + all services |
| Family | Cloudflare Tunnel (browser/app) | Jellyfin + Seerr only |
Key URLs
External (accessible from anywhere)
| URL | Service | Audience |
|---|---|---|
https://photos.ahanabipin.in |
Immich | Bipin + Ahana |
https://watch.ahanabipin.in |
Jellyfin | Family streaming |
https://request.ahanabipin.in |
Seerr | Family requests |
https://docs.ahanabipin.in |
This docs site | Everyone |
Local (mini PC only)
| URL | Service |
|---|---|
http://localhost:2283 |
Immich |
http://localhost:8096 |
Jellyfin |
http://localhost:5055 |
Seerr |
http://localhost:7878 |
Radarr |
http://localhost:8989 |
Sonarr |
http://localhost:9696 |
Prowlarr |
http://localhost:8080 |
qBittorrent |
NAS Folder Structure
UNAS2 (192.168.1.2)
├── Photos_Bipin/ ← Bipin's photos
│ ├── Camera/ ← FolderSync daily backup
│ ├── Photos from 2021/ ← Google Takeout
│ ├── Photos from 2025/
│ ├── Photos from 2026/
│ └── Archive/
├── Photos_Ahana/ ← Ahana's photos
│ └── Camera/ ← PhotoSync backup
├── Documents_Bipin/ ← Bipin's Google Drive + docs
├── Documents_Ahana/ ← Ahana's Google Drive + docs
├── Documents_Shared/ ← Shared family documents
├── Media_Library/ ← Movies and TV (Jellyfin)
│ ├── Movies/
│ ├── TV/
│ └── Downloads/
│ ├── Complete/
│ └── Incomplete/
└── Backups/ ← System configs + mini PC backup
├── minipc-config/ ← Docker mediastack config (robocopy)
└── immich-config/ ← Immich database + config (robocopy)
Mini PC Docker Structure
C:\docker\
├── mediastack\ ← Phase 5 media library stack
│ ├── docker-compose.yml
│ └── config\
│ ├── jellyfin\
│ ├── seerr\
│ ├── radarr\
│ ├── sonarr\
│ ├── prowlarr\
│ └── qbittorrent\
└── immich\ ← Phase 8 photo server
├── docker-compose.yml
├── .env
├── library\ ← Immich internal uploads
├── postgres\ ← PostgreSQL database (local SSD only)
└── model-cache\ ← ML model cache
Backup Architecture
Mini PC
├── C:\docker\mediastack\config\ ─robocopy──▶ NAS Backups\minipc-config\
└── C:\docker\immich\ ─robocopy──▶ NAS Backups\immich-config\
(excludes library/)
NAS Shared Drives
├── Photos_Bipin\
├── Photos_Ahana\ ──rclone──▶ Backblaze B2
├── Documents_Bipin\ ahanabipin-nas-backup/
├── Documents_Ahana\
├── Documents_Shared\
└── Backups\ (includes minipc-config + immich-config)
Backblaze B2 — ahanabipin-nas-backup/
├── Photos_Bipin/
├── Photos_Ahana/
├── Documents_Bipin/
├── Documents_Ahana/
├── Documents_Shared/
└── Backups/
├── minipc-config/
└── immich-config/
Backup runs nightly at 2am via Task Scheduler on the mini PC.
Media_Library is excluded — media is re-downloadable.
Photo Flow
Bipin's Android
└── FolderSync (daily midnight)
└── DCIM/ ──────────────────▶ NAS Photos_Bipin/Camera/
Google Drive ───────────▶ NAS Documents_Bipin/
Ahana's iPhone
└── PhotoSync (when charging, WiFi)
└── All Photos ─────────────▶ NAS Photos_Ahana/Camera/
NAS (Photos_Bipin + Photos_Ahana)
└── Immich External Library scan (nightly 3am)
└── Photos indexed, searchable, browseable
└── Folder Album Creator (nightly 2am)
└── Albums auto-created from folder names
Media Request Flow
Family member opens request.ahanabipin.in (Seerr)
└── Requests a movie or TV show
└── Radarr / Sonarr picks up the request
└── Prowlarr searches indexers
└── qBittorrent downloads to Z:\Downloads\
└── File moves to Z:\Movies\ or Z:\TV\
└── Jellyfin scans library
└── Family member gets notified
└── Watches on watch.ahanabipin.in
Phases
| Phase | Description | Status |
|---|---|---|
| Phase 0 | Documentation setup | ✅ Complete |
| Phase 1 | UNAS2 hardware and OS setup | ✅ Complete |
| Phase 2 | Data migration from Google and iCloud | ✅ Complete |
| Phase 3 | Auto photo backup from both phones | ✅ Complete |
| Phase 4 | Tailscale remote access | ✅ Phones done · Mini PC pending |
| Phase 5 | Media library — Docker stack | ⬜ When back home |
| Phase 6 | Family onboarding | ⬜ After Phase 5 |
| Phase 7 | NAS + mini PC backup to Backblaze B2 | ✅ Account ready · rclone pending |
| Phase 8 | Immich photo server | ⬜ After Phase 5 stable |
Key Decisions and Rationale
Why UNAS2 for storage and mini PC for software? The UNAS2 runs UniFi Drive — a locked OS with no Docker support. Separating storage (UNAS2) from compute (mini PC) is the cleanest architecture. The mini PC handles all application logic; the UNAS2 handles reliable, redundant storage.
Why Tailscale for personal remote access? The ISP router is locked and does not allow port forwarding. Tailscale's NAT traversal punches through this without any router configuration. When a UniFi gateway is added in future, this will complement rather than replace Tailscale.
Why Cloudflare Tunnel for family access? Family members should not need to install a VPN to watch movies. Cloudflare Tunnel gives them a simple URL that works from any device and any network with no setup on their end.
Why Jellyfin instead of Plex? Jellyfin is fully free with no feature restrictions. Plex requires a paid Plex Pass for simultaneous streams and hardware transcoding — both needed for 2–3 simultaneous family streams.
Why Seerr instead of Overseerr or Jellyseerr? Overseerr was Plex-only. Jellyseerr was a Jellyfin fork. Both teams merged into Seerr — the unified successor to both. Overseerr and Jellyseerr are now officially deprecated.
Why Immich instead of Jellyfin for photos? Jellyfin is a media server that handles photos as a secondary feature. Immich is built exclusively for photos — face recognition, semantic search, map view, albums, and a polished mobile app give a genuine Google Photos replacement experience.
Why keep FolderSync/PhotoSync after adding Immich? Immich's mobile app cannot upload directly to external library paths on the NAS. Keeping FolderSync/PhotoSync maintains the existing backup flow — photos land in the correct NAS folder structure, and Immich indexes them as external libraries nightly.
Why local users instead of Identity Endpoint? Identity Endpoint is designed for use with UniFi Fabrics and a UniFi gateway. Local users are the correct choice for a standalone UNAS2 with an ISP router. This will be revisited when a UniFi gateway is added.
Why Option 1 for mini PC config backup (NAS first, then B2)? Copying mini PC config to the NAS first means it flows through the existing rclone pipeline to B2 automatically — one backup script, one pipeline. It also means config is available locally on the NAS for quick recovery even without internet access.
Planned Future Additions
| Addition | Purpose | When |
|---|---|---|
| UniFi gateway + switches | Replace ISP router, unlock full network control | Future hardware upgrade |
| AdGuard Home | Network-wide ad and tracker blocking | After UniFi gateway |
| Identity Endpoint | Unified authentication across UniFi devices | After UniFi gateway |
| Vaultwarden | Self-hosted password manager | After Phase 8 stable |
| Uptime Kuma | Service monitoring and alerting | When ready |
| Homepage dashboard | Unified dashboard for all services | When 8+ services running |
For family-facing guides, see the Family Guides section.