Home Server Infrastructure
IGI
Zero-Trust Ingress
affanhosted.com
MFF Architecture
HP EliteDesk 800 G4 Mini
Intel Core i5-8500T
6C/6T
Quick Sync enabled for H.264/HEVC transcoding
16GB DDR4 (Dual Channel)
Custom 3D-printed vibration-dampened 'Underslung Sled'
Decoupled IO Tiers
2TB NVMe SSD
Mount Point
/
Role
Bare-metal Ubuntu, CasaOS, Docker AppData
500GB 2.5" HDD
Mount Point
/mnt/scratch
Role
High-wear IO: Temp downloads, extraction, seeds
8TB (2x4TB JBOD)
Mount Point
/mnt/fortknox
Role
Sequential IO: 4K Media, Qawwali Master Archive
3TB 2.5" HDD
Mount Point
/mnt/sidecar
Role
Backup target: Mac Time Machine & raw dumps
1TB SanDisk SSD
Mount Point
/mnt/ironclad
Role
Backup target: Nightly AppData rsync mirror
Zero-Trust Ingress Architecture
ZTE F670L (GPON ONT/Router)
192.168.1.100
Zero Open Ports - No port forwarding (DNAT)
Cloudflare Tunnels (cloudflared)
Tailscale (WireGuard mesh) + Cloudflare One (WARP)
Pi-hole/AdGuard Home in Docker
Containerized Services
Public Access Configuration
affanhosted.com
Cloudflare Registrar
Cloudflare Zero Trust
Authenticated email enrollment
Implementation Considerations
500GB internal HDD used as sacrificial scratch disk to preserve NVMe TBW (Total Bytes Written)
Built on headless Ubuntu base for easy migration to Proxmox/Hyper-V
All external traffic proxied through Cloudflare's edge; home public IP never exposed
Manage Project Status & Configuration
Update project information and status indicators