Skip to main content
The homelab runs a self-hosted Netflix: a media library served from LXCs on a dedicated VLAN, managed by Ansible, provisioned by tofu-proxmox. The VLAN is defined in tofu-unifi alongside every other service tier, and follows the same per-service segmentation pattern.

Container choice

LXC, not Docker — consistent with the LXC vs Docker decision tree. Native packages where they exist; Ansible manages config.

Storage layout

The whole stack shares one ZFS dataset bind-mounted at /data into every container — the single-filesystem hardlink layout. Downloads and the library are subtrees of the same filesystem, so imports are atomic hardlinks, seeding costs zero extra disk, and one quota bounds the whole footprint.

Personal backup on the same footprint

The same self-hosted footprint replaces two cloud subscriptions with services that keep the data at home:
  • Immich — a self-hosted photo and video library, the iCloud Photos alternative. Phones and Macs back up automatically to it. It’s the one workload here that runs Docker-in-LXC (an official multi-container stack), with the photo library living on a ZFS dataset bind-mounted into the container.
  • Time Machine — the Macs back up to an SMB share on the homelab NAS, presented as a native Time Machine target (Samba’s vfs_fruit advertises it as an Apple Time Capsule). The same NAS serves read-only media shares for Infuse on Apple TV.
These are backup targets, and they are themselves protected: their datasets ride the ZFS snapshot + replication layers like everything else — a backup that isn’t backed up is a single point of failure.

Media storage hardlinks

The single-filesystem layout under the stack.

LXC vs Docker

Why the decision tree lands on LXC for this stack.

UniFi networking

Where the media VLAN itself is defined.

Homelab

What the full cluster looks like.