Skip to content

2025

Self-hosted GitLab runner for CI/CD pipelines

Introduction

In this post I will continue explaining how to get more functionality out of GitLab. One way to automate homelab is to use CI/CD pipelines, and GitLab provides good tools for that. To utilize these CI/CD pipelines we need a GitLab Runner - a program that can be run on a server or even your own computer. However for security reasons, it's best to create a new virtual machine specifically for this task. This post will go into detail how to prepare VM with GitLab Runner.

OS used: Debian 12
Software used: GitLab Community Edition 17.11.1

  • in Git
  • 4 min read

Self-hosted GitLab container registry

Introduction

When we expand homelab infrastructure we often get to the point when custom solutions are necessary. A common example is creating custom Docker images to run containers. To develop images on one machine and then deploy them to others container registry is needed. In this post I will show how to run self-hosted container registry using GitLab.

OS used: Debian 12
Software used: GitLab Community Edition 17.11.1

Self hosted Vaultwarden password manager with Podman

Introduction

In the last blog post I described how to install Bitwarden with Docker. There is a lighter alternative to Bitwarden server called Vaultwarden and it's compatible with official Bitwarden client. Other differences between those two can be easily found online, so I won't go into details here. To make things more interesting, this instruction will show how to install Vaultwarden with Podman.

OS used: Debian 12
Software used: Podman 4.3.1, Vaultwarden 1.32.7

Traefik reverse proxy with Podman

Introduction

If you are running many containers with Podman and want to have HTTPS connection to every one it can be tedious to manually obtain SSL certificate for every service. A simpler solution is to run a reverse proxy in front of your containers and configure it to handle the certificates. Traefik is a popular choice for a reverse proxy. In this post I will show how to set up a configuration where Traefik runs in a container and acts as reverse proxy to other containers running on the same machine, and all managed with Podman.

OS used: Debian 12
Software used: Podman 4.3.1, Traefik 3.2.3

Installing Podman for managing containers and running container with dynamic DNS client for Cloudflare

Introduction

Podman is a Docker alternative with distinction that it is a daemonless container engine and containers created with Podman can be run by regular users without root privileges. This enhances security because if a process escapes container, it won't run on the host with root privileges but with user privileges running the container. If it's so secure, why is Docker still popular? The answer is that the daemonless architecture of Podman makes it more complex to manage, especially set up containers to run with every system start. Also there is less documentation available for Podman compared to Docker, so this post will try to summarize how to create functioning Podman host.

OS used: Debian 12
Software used: Podman 4.3.1

Installing a single node K3s Kubernetes distribution

Introduction

K3s is a lighter variant of Kubernetes distribution than RKE2, which was discussed in previous posts. It is well-suited for single node homelab environments or IoT deployments where resource efficiency is important. Based on my testing, K3s consumed less CPU in an idle state than RKE2. In this blog post I will show how to install K3s.

OS used: Debian 12
Software used: K3s 1.30.5

  • in Git
  • 4 min read

Installing GitLab as a self-hosted git repository

Introduction

Having Git repository in your homelab is a good idea for storing code for various projects. For a lightweight option similar to GitHub, consider the Gitea project. GitLab is another option, offering a more feature rich experience, though it is more resource intensive. This post will concentrate on installing GitLab Community Edition.

UPDATE 2026-04-26: Added instruction how to automatically reload nginx configuration after obtaining new SSL certificate.

OS used: Debian 12
Software used: GitLab Community Edition 17.4.2

Obtaining Let's Encrypt certificate using Cloudflare

Introduction

HTTPS is the current standard for secure access to webpages, even in your homelab environment. However, most self-hosted applications by default use HTTP. To enable HTTPS you can use self-signed certificates, but then when accessing application, you will be prompted to trust self-signed certificate. On some devices like Android, this can be very troublesome because you need to trust self-signed certificate every time you open webpage. To solve this problem you need to add RootCA certificate to the system, which is also a troublesome process. Less troublesome solution is to use Let's Encrypt certificates. In this post, I will show you how to obtain such certificate for single host in your homelab.

UPDATE 2025-11-15: Added paragraph "Bonus - Copying certificates" at the end of article describing how to auto copy certificates to other directories.

OS used: Debian 12
Software used: certbot 2.1.0