The Self-Hosted Family

An opinionated guide to running services for the people you care about

Author

Andrew Dunn

Published

March 2, 2026

Preface

This book documents a particular approach to self-hosting services for a family of 5–25 people. It is opinionated. It makes choices and defends them, rather than surveying every option and leaving the decision to you.

The target reader runs services for people who did not ask for a homelab — partners, parents, siblings, in-laws — and who will route around anything that gets in their way. Every architectural decision in this book is downstream of one question: will my family actually use this?

The stack:

CentOS Stream bootc for an immutable, unattended host
Authentik as a family identity provider (OIDC, LDAP, forward auth)
Rootless Podman with quadlet/systemd, one service user per application
pyinfra for agentless configuration management from a laptop
Caddy sidecars for per-pod TLS termination and forward auth
Envoy as the sole rootful component for L4/L7 ingress
ZFS for storage with per-service datasets

The first part of the book explains why each of these was chosen over the alternatives. The second part shows how they fit together. The third covers what happens after day one.

The reference implementation lives in a GitLab instance repo called carmine — one repo per physical host, containing quadlet files, pyinfra deploys, and the bootc image definition. This book is the approach; carmine is an instance of it.