Homelab & high-capacity storage
Ongoing (ZimaBoard)Written on April 12, 2026
Context
To centralize my personal data and maintain full control over my storage infrastructure, I deployed a NAS server based on a ZimaBoard 2. The current architecture uses two high-capacity drives dedicated to media streaming via Jellyfin and personal photo library management via Immich. To enhance user experience and secure sharing, the Immich instance is integrated with OAuth2 authentication (Google).
Security and accessibility are central to this setup. Immich is exposed through Nginx Proxy Manager for SSL certificate management (HTTPS), while also managing other services with internal access. I have also deployed AdGuard Home at the local network level to provide global DNS filtering. For data transfers, I use tunnels and proxies (Cloudflare WARP) to mask my public IP address and ensure communication privacy.
The infrastructure is designed for high-availability evolution. My short-term goals include adding a PCIe SATA expansion card to implement a RAID array, protecting data against hardware failures. I also plan to offload backups to sovereign cloud solutions (Infomaniak via Rclone/Kopia).
Finally, the access layer will be strengthened by implementing Authentik as a centralized identity provider. This will enable multi-factor authentication and granular access control, while utilizing Cloudflare Tunnels to eliminate direct port exposure to the internet.