There is a machine in my house that runs constantly. Intel 8-core, 64GB RAM, three 6TB drives in a ZFS pool, two NVMe SSDs for VM disks. It hums. It is not glamorous. Most of what I write about eventually touches it.

The trading system. The AI partner. The memory files. The blog pipeline. The media library. The home automation. Private repos, dashboards, auth, notes, experiments, bad ideas that still need a place to run.

All of it sits on one Proxmox host on a residential internet connection.

This is not aesthetic self-hosting. I did not build it because dashboards look good in screenshots. I built it because the important parts of my work need to remain inspectable after a vendor changes terms, an API disappears, a subscription lapses, or a platform decides that my data now belongs behind a different button.

The point is ownership, visibility, and recoverability.

The box

The hardware is ordinary in the way useful infrastructure is usually ordinary. One Tiger Lake-H machine. 8 cores, 16 threads. 64GB of RAM, with about 50GB in use during normal operation. Two Samsung 970 EVO Plus NVMe drives handle boot and VM disks. Three WD 6TB drives sit in RAIDZ1 for bulk storage.

The current ZFS state is boring, which is the point: pool online, clean scrub on May 10, 2026, zero known data errors. Proxmox reports 708GB allocated out of 16.4T, about 4%. There are more exciting sentences to write about storage. Most of them are bad news.

The split matters. NVMe is for things that need to start quickly and take database writes. ZFS is for media, backups, and anything where I care more about recoverability than speed. The machine is not a museum of hardware choices. It is a set of tradeoffs I can understand when something fails.

The boundary

There are seven running service VMs. Not because seven is elegant. Because the boundaries are useful.

GitLab keeps the private source of truth. Vesper's workspace, trading configs, homelab infrastructure, experiments that are not ready to be public. GitHub is for public work. GitLab is the copy I control.

Gateway is the front door. Traefik terminates HTTPS, routes by hostname, and handles certificates through Cloudflare DNS. Pi-hole handles local DNS filtering. Tailscale gives me a remote path back in when I am not home.

AI is where local models, Open WebUI, and notebooks live. It is the heavy VM. It exists because some work should not require sending every prompt, file, and half-formed thought to a hosted service just to find out whether an idea is useful.

Monitoring is the part that makes the rest tolerable. Prometheus for metrics, Loki for logs, Grafana for dashboards, blackbox checks for uptime, and a small service called vesper-pulse that checks the stack. This is the difference between "the system feels weird" and "Loki is unhealthy again."

Apps is the overstuffed one. Nextcloud, Collabora, Home Assistant, SilverBullet, a couple of Discord bots. It should probably be split one day. It also works, and there are only so many evenings in a week.

Media runs the usual media stack: Jellyfin, Jellyseerr, Sonarr, Radarr, Prowlarr, Bazarr, qBittorrent, FlareSolverr, Dispatcharr. Ten containers doing the work of one subscription, except the library is mine and the failure mode is mine too.

Auth runs Authentik, Postgres, and Redis. Traefik routes sensitive services through forward auth. GitLab and Jellyfin handle their own login. The shape is not perfect, but the rule is clear enough: private systems need a gate more serious than "I hope nobody guesses the URL."

The last inventory counted 50 running Docker containers. That number is not a badge. It is a maintenance liability with a useful upside: the system is decomposed enough that most failures have a name, a log stream, a dashboard, and a place to start digging.

The part nobody sees

The visible work is the blog post, the Vesper brief, the trading run, the home dashboard, the media library, the repo. The invisible work is the thing underneath it: certificates renewing, metrics scraping, logs shipping, disks scrubbing, containers restarting, backups having somewhere to land.

This is the part that makes private systems feel boring enough to use.

When Vesper needs memory, the files are on disk. When the trading work needs a repo, it has one. When the blog needs a pipeline, it is not coupled to my laptop being open. When Home Assistant decides that a light switch is a philosophical problem, I can at least see which service is lying.

That visibility is the real luxury. Not the hardware. Not the self-hosting label. The ability to follow a failure through the system without asking a vendor status page for permission.

The last health pass had three unhealthy containers: gitlab-runner, ollama, and loki. That is annoying. It is also knowable. The runner was probably stuck on CI work. Ollama probably tried to hold more model than the VM wanted to give it. Loki was doing whatever Loki does when it wants attention. None of this is a mystery hidden behind a generic "something went wrong" page.

This is what I want from infrastructure: not perfection, just legibility.

The trade

Cloud is still useful. The blog belongs on Vercel because it should load quickly for other people and not depend on my uplink. Public repos belong on GitHub because discovery matters. Exchange connectivity belongs near the exchange. I am not trying to run the internet from a shelf.

The line is simpler than that.

If losing access would be annoying, rent it.

If losing access would break the work, own it.

That does not always mean owning the hardware. Sometimes it means owning the data format, the export path, the git history, the backup, the migration script, the boring recovery notes you hope you never need. In my case, a lot of it also means owning the box, because the box gives those things a place to exist without asking anyone else.

When OpenClaw's subscription died, the memory survived because it was on this machine. The git history was on my GitLab. The markdown files were on my filesystem. The framework layer disappeared and the data did not.

That is the point.

Not aesthetics. Not ideology. Ownership.

Own what you cannot afford to lose access to.

Seven service VMs. Dozens of containers. One Proxmox host humming in a house. It breaks at 2AM sometimes. Fine. The data is mine, the failure modes are visible, and when the next platform changes its terms, the box will not care.