Building a Home Lab on a Budget

Self-hosting has a reputation for being expensive, complex, or both. That reputation is wrong. A capable home lab — one that can run your own cloud storage, media server, VPN, password manager, and a handful of other services — costs less than a mid-range mechanical keyboard and takes an afternoon to set up. This guide shows you exactly how.

What a Home Lab Actually Is

At its simplest, a home lab is a computer on your local network running services that would otherwise be provided by third parties. Nextcloud instead of Google Drive. Jellyfin instead of Plex with a subscription. Vaultwarden instead of 1Password. Wireguard instead of a commercial VPN.

You control the data, the uptime, and the configuration. The tradeoff is that you are responsible for maintenance and backups — two responsibilities that are less burdensome than people assume.

A home lab does not require a rack, enterprise hardware, or a dedicated room. A small, fanless mini PC sitting behind your router is sufficient for most use cases.

Choosing Your Hardware

The most important decision is the host machine. You have three realistic options at the budget end:

Option A: Repurposed Old PC or Laptop

If you have a machine gathering dust, this is the zero-cost path. Any Intel Core i3 or AMD Ryzen 3 from 2016 onward, with at least 8 GB of RAM, will handle a solid set of services. The main tradeoff is power consumption — a full desktop tower uses 60–150W at idle, which adds up over a year.

Best for: Getting started without spending anything.

Option B: Mini PC (Recommended)

Intel N100 and N95-based mini PCs are the sweet spot for home labs in 2026. They draw 6–15W at idle, run completely silent, and cost $80–$150 new. Models from Beelink, Trigkey, and GMKtec are widely tested by the self-hosting community and have reliable Linux driver support.

Look for:

Intel N100 or N95 processor
8 GB RAM (16 GB if you plan to run many containers)
256 GB or larger NVMe SSD included
At least two USB 3.0 ports
2.5G Ethernet (nice to have, not required)

Best for: The majority of home lab use cases. Silent, efficient, capable.

Recommended: Beelink EQ12 (N100, 16GB/500GB) — typically $140–$160. A near-perfect home lab host.

Option C: Raspberry Pi 5

The Pi 5 with 8 GB of RAM is genuinely capable for lightweight services. It is slower than the N100 in CPU-bound tasks but draws only 3–5W and has an active community. The main friction is storage: you need a quality microSD card or, better, a USB 3.0 SSD via an adapter. SD card I/O is a bottleneck for database-backed services.

Best for: Minimal footprint, hobby tinkering, low power environments.

Storage: Plan for a Separate Drive

Your OS drive handles the operating system and container runtime. Your data should live on a separate disk — either an external USB SSD or a secondary internal drive if your mini PC supports one. This separation means that if you need to reinstall the OS, your Nextcloud files and database volumes survive intact.

A 1 TB external SSD (USB 3.1) runs $60–$80 and is more than enough to start. Add a second one when you want redundancy.

Operating System

Install Debian 12 (Bookworm) or Ubuntu Server 24.04 LTS. Both are:

Stable and well-documented
Supported by every container image you will encounter
Easy to maintain with automatic security updates
Free

Avoid consumer desktop distributions for a server role. The GUI wastes RAM and CPU that your containers would rather have. Install the server (headless) edition and access the machine via SSH from your main computer.

If you prefer a management UI, Proxmox VE is a compelling alternative: it runs on bare metal and provides a web UI for creating virtual machines and LXC containers. It is worth considering once you outgrow a single OS, but it adds complexity that is unnecessary when starting out.

Setting Up the Foundation

Step 1: Install the OS

Boot from a USB drive, run through the installer, and set up a non-root user account with sudo access. Enable SSH during installation. From this point forward, you do not need a monitor plugged into the server.

Step 2: Enable Automatic Security Updates

sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades

Select yes. This ensures security patches are applied without requiring you to log in weekly.

Step 3: Install Docker and Docker Compose

Docker is the practical foundation for a home lab. Running services as containers means clean installs, easy updates, and no dependency conflicts between services.

curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER

Log out and back in for the group change to take effect. Verify with docker run hello-world.

Step 4: Configure a Static Local IP

Assign a fixed local IP address to your server — either in your router’s DHCP settings (preferred) or by configuring a static IP in /etc/network/interfaces. This is important: services referencing your server by IP will break if the address changes.

Most routers let you assign a fixed IP by MAC address in the DHCP settings. Find your server’s MAC address with ip link show, then add a reservation in your router UI.

Step 5: Mount Your Data Drive

Format your storage drive and mount it at a consistent path:

sudo mkfs.ext4 /dev/sda1           # replace with your actual device
sudo mkdir -p /mnt/data
sudo mount /dev/sda1 /mnt/data

To mount automatically on boot, add the drive to /etc/fstab. Find the drive’s UUID with blkid, then add:

UUID=your-uuid-here  /mnt/data  ext4  defaults  0  2

All container data volumes should live under /mnt/data/. This keeps your data drive clearly separated from the OS.

What to Actually Run

With Docker installed and a data drive mounted, you can spin up services in minutes. Here is a practical starting set:

Portainer — Container Management UI

If you prefer a web UI to the command line for managing containers:

docker volume create portainer_data
docker run -d \
  --name portainer \
  --restart always \
  -p 9000:9000 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v portainer_data:/data \
  portainer/portainer-ce:latest

Access at http://your-server-ip:9000.

Nextcloud — Personal Cloud Storage

Nextcloud replaces Google Drive and Google Photos. The nextcloud-aio (All-In-One) image is the easiest path:

docker run -d \
  --name nextcloud-aio-mastercontainer \
  --restart always \
  -p 8080:8080 \
  -e APACHE_PORT=11000 \
  -v nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
  -v /var/run/docker.sock:/var/run/docker.sock:ro \
  nextcloud/all-in-one:latest

Access the AIO interface at http://your-server-ip:8080 and follow the setup wizard. Point the data directory at /mnt/data/nextcloud.

Vaultwarden — Self-Hosted Password Manager

A lightweight, fully compatible implementation of the Bitwarden API. The official Bitwarden apps, browser extensions, and mobile clients all work against it:

docker run -d \
  --name vaultwarden \
  --restart always \
  -p 8081:80 \
  -v /mnt/data/vaultwarden:/data \
  vaultwarden/server:latest

Jellyfin — Media Server

If you have a collection of ripped films, TV, or music, Jellyfin serves it to any device on your network:

docker run -d \
  --name jellyfin \
  --restart always \
  -p 8096:8096 \
  -v /mnt/data/jellyfin/config:/config \
  -v /mnt/data/jellyfin/cache:/cache \
  -v /mnt/data/media:/media \
  jellyfin/jellyfin:latest

Mount your media collection under /mnt/data/media/.

Reaching Your Services Remotely

Running services locally is useful. Reaching them securely from anywhere is better. You have two options:

Wireguard VPN (Recommended)

Wireguard lets you connect your phone, laptop, or any device back to your home network over an encrypted tunnel. Your services stay private — never exposed to the internet — and you access them as if you were sitting at home.

Set up wg-easy for a web UI that makes Wireguard configuration straightforward. Requires one open port on your router (UDP 51820).

Cloudflare Tunnel (Zero Port-Forwarding Option)

If you cannot or do not want to open ports on your router, Cloudflare Tunnel creates an outbound-only encrypted connection between your server and Cloudflare’s edge. You access your services via a subdomain (e.g., nextcloud.yourdomain.com) without exposing any ports. The free Cloudflare plan covers this.

The tradeoff: your traffic routes through Cloudflare’s network. For a VPN replacement, this is a dealbreaker. For Nextcloud and similar services, it is convenient and secure.

Backups: The Part Everyone Skips

A home lab without backups is a liability. The minimum viable backup strategy:

Daily container volume snapshots — use rsync to copy /mnt/data/ to an external drive or a remote location.
Offsite copy — sync critical data (Nextcloud files, Vaultwarden database) to an encrypted cloud bucket. Backblaze B2 charges about $0.006/GB per month and has a native rclone integration.
Test your restores — a backup you have never tested is a backup you cannot trust. Restore from your snapshot to a fresh directory once a quarter.

A simple daily cron job using rsync covers the first requirement with no additional software:

0 3 * * * rsync -av --delete /mnt/data/ /mnt/backup/

What You Get for Under $300

Item	Estimated Cost
Beelink EQ12 mini PC (N100, 16GB/500GB)	$150
1 TB external USB SSD	$70
USB drive for OS install	$10 (or use one you own)
Domain name (optional, 1 year)	$12
Total	~$242

For that outlay you get: private cloud storage, a self-hosted password manager, a media server, a personal VPN, and a platform to run any of the 300+ services in the Awesome Selfhosted list.

The running cost is roughly $3–$5/month in electricity, depending on your rate. Compare that to the combined subscription cost of the services you are replacing.

Where to Go from Here

Once the foundation is running, the natural next steps are:

Monitoring: Uptime Kuma gives you a dashboard showing which services are up, with alerting via email or Telegram.
Reverse proxy: Caddy or Nginx Proxy Manager lets you assign clean local domain names to your services (nextcloud.local) instead of remembering port numbers.
More services: Immich for photo backup, Home Assistant for smart home automation, Gitea for a private Git server, Miniflux for RSS.

The home lab rabbit hole is deep. The good news is that each layer is optional — you can stop at “Docker and three containers” and have something genuinely useful, or you can keep building indefinitely.

Start small, document what you set up, and make backups non-negotiable from day one. The rest is incremental.