DEV Community: Sasanka Rath

I Built an AI That Speaks Fluent LinkedIn (And It's Terrifying)

Sasanka Rath — Sat, 04 Apr 2026 16:04:37 +0000

This is a submission for the DEV April Fools Challenge

What I Built

Every year, millions of perfectly normal human thoughts are needlessly transformed
into impenetrable corporate speak. "I fixed a bug" becomes "I synergized the
codebase by disrupting legacy anti-patterns through agile remediation."

Meet BuzzwordAI™ — the world's first bidirectional enterprise jargon translation
engine, built with the Google Gemini API. It translates plain English into maximum
corporate buzzword nonsense — and corporate buzzwords back into plain English.
It also generates a fake analytics panel after each translation: Buzzword Density,
Clarity Score, LinkedIn Readiness, and a smug AI observation.

There's a Jargon Level slider from 1 to 10:

1 = Slightly formal
3 = LinkedIn post
5 = McKinsey consultant
7 = Fortune 500 CEO email
10 = Sentient buzzword crisis

And hidden in the corner is a 🫖 teapot button. Click it. You're welcome.

We are solving a problem that AI helped create. With AI.

Demo

🔗 Live app — buzzword-ai.sasrath.com

Try these inputs:

Input	Level	What you'll get
`I fixed a bug`	5	A McKinsey-grade synergy statement
`I need a nap`	10	Existential corporate poetry
`Let's leverage synergies to unlock net new pipeline`	— (Corporate→Human mode)	`"We need some sales leads."`

Code

sasrath / buzzwordAI

🔄 Because "I took a nap" deserves a quarterly business review. Gemini AI + HTTP 418 + zero sense. Built for the dev.to April Fools Challenge 2026.

buzzwordAI

View on GitHub

How I Built It

I used this as an excuse to build something absurd with a production-grade stack.
Because overengineering April Fools projects is on-brand.

Stack:

Layer	Technology
Framework	Next.js 15 (App Router), React 19, TypeScript 5
AI	Google Gemini 2.5 Flash-Lite (via server-side API proxy)
Styling	Tailwind CSS 3, self-hosted (13 KB, no CDN)
Rate limiting	Upstash Redis — sliding window 20 req/min per IP
Security	Strict CSP, 8 security headers, HSTS
Deployment	Vercel (serverless, 30 s timeout)

The interesting bits:

1. Gemini is server-side only.

The user's API key is sent in a request header to /api/gemini — Gemini is called
from Node.js with an AbortController 25-second timeout. The key is never logged
or stored server-side. The CSP enforces connect-src 'self' so the browser
literally cannot call the Gemini API directly.

2. Five distinct AI calls per translation.

One for the translation, one for analytics (buzzword density, clarity score, etc.),
and a few for edge cases. Each has its own system prompt with carefully engineered
output schemas so the analytics JSON doesn't end up as a philosophical essay.

3. Redis rate limiting with an in-memory fallback.

@upstash/ratelimit sliding window — 20 req/min per IP, max 3 concurrent. If the
Redis env vars aren't set (e.g. local dev), it falls back silently to in-memory
counters so development still works.

4. HTTP 418 Easter Egg.

The teapot button calls a special Gemini prompt that outputs a completely
straight-faced corporate memo that is secretly about being a teapot. It always
ends with "Short and stout." This is a tribute to RFC 2324 and Larry Masinter —
the author of Hyper Text Coffee Pot Control Protocol (HTCPCP).

5. Aurora UI with zero hydration mismatches.

The background has 4 animated CSS gradient blobs, 28 floating particle dots, and a
cursor-tracking 600px spotlight. The particles are generated deterministically from
index arithmetic (no Math.random()) to avoid React SSR/hydration mismatches.

Prize Category

Submitting for all three — because why not:

🏆 Best Google AI Usage

Gemini is used for five distinct tasks per session: main translation, reverse
translation, AI analytics, the teapot easter egg, and the random-example seeder.
The prompts are carefully engineered to produce structured JSON from a generative
model consistently (temperature 1.0, strict output format instructions).

🫖 Best Ode to Larry Masinter

The HTTP 418 "I'm a Teapot" easter egg is the heart of the app. Hidden teapot button
→ modal quoting RFC 2324 → Gemini writes a corporate memo that is secretly a teapot
confession → output always ends with "Short and stout."

Larry Masinter deserves more credit for giving the internet its most beloved joke
status code.

❤️ Community Favorite

Because everyone has read a corporate email that needed translating. This is therapy.

Access Your Home Server from Anywhere — Tailscale, Oracle VPS, and frp

Sasanka Rath — Sat, 04 Apr 2026 12:12:11 +0000

Part 4 of the home server series. Set up private remote access with Tailscale, a free Oracle VPS as a public gateway, frp tunneling to bypass CGNAT, Nginx reverse proxy, and SSL with Certbot.

In Part 2 we set up Nextcloud, and in Part 3 we added Samba NAS. Everything works great — on your home network.

But the moment you step outside your house, your server disappears. You can't reach it from a coffee shop, your office, or while traveling. Your phone's auto-backup stops working on mobile data.

This part fixes that. After this guide, you'll access your server from anywhere in the world through two paths:

Private path (Tailscale): A direct encrypted tunnel between your devices and your server. Fast, simple, free. For personal use.
Public path (Oracle VPS + frp): A clean URL like files.yourdomain.com that anyone can open in a browser. For sharing with family.

This is the most complex part of the series, but I'll walk through every step.

The CGNAT problem

Before we start, you need to understand why this is necessary.

Most Indian ISPs (Airtel, Jio, ACT, BSNL) use CGNAT — Carrier-Grade NAT. This means your home doesn't have a public IP address. Hundreds of homes share one public IP. Nobody on the internet can reach your server directly.

It's like living in an apartment building where the entire building has one phone number. Someone calling that number reaches the building's reception, not your flat. There's no way to ring your flat directly from outside.

Two solutions:

Tailscale — creates a private tunnel that bypasses CGNAT entirely. Only your devices can use it.
Oracle VPS + frp — your server reaches out to a public VPS, and the VPS forwards traffic back through the tunnel. Anyone on the internet can access your server through the VPS.

Let's set up both.

Part A: Tailscale (Private Access)

Tailscale is the easiest way to access your server remotely. It creates an encrypted WireGuard VPN mesh between all your devices. No port forwarding, no firewall rules, no configuration headaches.

Step 1: Install Tailscale on your server

curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

It will print a URL. Open that URL in a browser and sign in with your Google or Microsoft account. Your server is now on your Tailscale network.

Check your server's Tailscale IP:

tailscale ip -4

You'll get something like 100.x.x.x. Note this down — this is your server's private remote address.

Step 2: Install Tailscale on your devices

Mac/Windows: Download from tailscale.com/download
iPhone: Download from the App Store
Android: Download from the Play Store

Step 3: Test it

From your phone (on mobile data, not WiFi) or a laptop outside your home, try:

http://100.x.x.x:8888

Replace 100.x.x.x with your server's Tailscale IP. You should see Nextcloud.

For NAS access from your Mac:

smb://100.x.x.x

For SSH:

ssh your-username@100.x.x.x

Everything works exactly like it does at home — because Tailscale makes it feel like you're on the same network.

Step 4: Allow Tailscale through the firewall

sudo ufw allow in on tailscale0

This allows all traffic through the Tailscale interface while keeping your server locked down on the regular network.

💡 HTTP over Tailscale is completely safe. WireGuard encrypts ALL traffic regardless of HTTP vs HTTPS. Your ISP can't see what you're accessing. You don't need SSL for the Tailscale path.

Step 5: Update Nextcloud trusted domains

Add your Tailscale IP to Nextcloud's trusted domains so it doesn't block access:

docker exec -it nextcloud bash
nano /var/www/html/config/config.php

Add your Tailscale IP to the array:

'trusted_domains' =>
array (
  0 => '192.168.1.100',
  1 => 'files.yourdomain.com',
  2 => '100.x.x.x',
),

Save, exit the container, and restart Nextcloud:

exit
docker restart nextcloud

Tailscale is done

That's really it. Tailscale handles NAT traversal, encryption, key exchange, and DNS — all automatically. Your phone's Nextcloud auto-backup now works on mobile data too.

Use Tailscale for: Personal file access, SSH, streaming videos, NAS access. Anything where you're the only user.

Tailscale can't do: Give family members access without installing the app on their devices. That's what the public path is for.

Part B: Oracle VPS + frp (Public Access)

This is the more complex setup, but it gives you a public URL like files.yourdomain.com that anyone can open in a browser — no app required.

The architecture:

Internet → Cloudflare (DNS + SSL) → Oracle VPS → frp tunnel → Your home server

Step 1: Get a free Oracle Cloud VPS

Oracle Cloud has an Always Free tier that gives you a VPS that never expires and never costs anything.

Go to cloud.oracle.com and create an account
Go to Compute → Instances → Create Instance
Choose these settings:
- Shape: VM.Standard.E2.1.Micro (this is the free one)
- OS: Ubuntu 22.04 or 24.04
- Region: Pick the closest to you (Mumbai for India)
Add your SSH public key — if you don't have one, generate it:

# On your Mac or local machine
ssh-keygen -t ed25519 -f ~/.ssh/oracle_key
cat ~/.ssh/oracle_key.pub

Copy the public key and paste it into the Oracle instance creation form.

Click Create and wait for it to provision (takes 1-2 minutes)
Note the public IP address Oracle assigns

Step 2: Configure Oracle Cloud security rules

Oracle blocks almost all ports by default. You need to open them:

In the Oracle Console, go to your instance → Subnet → Security Lists
Add Ingress Rules for:

Port	Protocol	Source	Purpose
80	TCP	0.0.0.0/0	HTTP
443	TCP	0.0.0.0/0	HTTPS
7000	TCP	0.0.0.0/0	frp server

Also open these ports in the VPS's own firewall:

# SSH into your Oracle VPS
ssh -i ~/.ssh/oracle_key ubuntu@your-oracle-vps-ip

# Open ports
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 443 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 7000 -j ACCEPT
sudo netfilter-persistent save

Step 3: Get a domain and set up Cloudflare

You need a domain name to point to your VPS. A .com domain costs about ₹850/year through Cloudflare Registrar.

Register a domain on Cloudflare Registrar or any registrar (Namecheap, Porkbun, etc.)
Add your domain to Cloudflare (free plan) if you didn't register through them
Create an A record:
- Name: files (this creates files.yourdomain.com)
- Content: your Oracle VPS public IP
- Proxy status: DNS only (gray cloud) — important for frp to work
Make sure your domain's nameservers point to Cloudflare

Step 4: Install frp server on Oracle VPS

frp (Fast Reverse Proxy) creates the tunnel between your VPS and home server.

SSH into your Oracle VPS and install frp:

# Download frp
cd /opt
sudo wget https://github.com/fatedier/frp/releases/download/v0.61.0/frp_0.61.0_linux_amd64.tar.gz
sudo tar -xzf frp_0.61.0_linux_amd64.tar.gz
sudo mv frp_0.61.0_linux_amd64 frp

Create the server config:

sudo nano /opt/frp/frps.toml

bindPort = 7000
vhostHTTPPort = 8080
vhostHTTPSPort = 8443

auth.method = "token"
auth.token = "your-secret-token-here"

⚠️ Change your-secret-token-here to a strong random string. This token must match on both the VPS and your home server. Use something like openssl rand -hex 32 to generate one.

Create a systemd service so frp starts on boot:

sudo nano /etc/systemd/system/frps.service

[Unit]
Description=frp server
After=network.target

[Service]
Type=simple
ExecStart=/opt/frp/frps -c /opt/frp/frps.toml
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

Start it:

sudo systemctl daemon-reload
sudo systemctl enable frps
sudo systemctl start frps
sudo systemctl status frps

You should see active (running).

Step 5: Install frp client on your home server

Back on your home server:

cd /opt
sudo wget https://github.com/fatedier/frp/releases/download/v0.61.0/frp_0.61.0_linux_amd64.tar.gz
sudo tar -xzf frp_0.61.0_linux_amd64.tar.gz
sudo mv frp_0.61.0_linux_amd64 frp

Create the client config:

sudo nano /opt/frp/frpc.toml

serverAddr = "your-oracle-vps-ip"
serverPort = 7000

auth.method = "token"
auth.token = "your-secret-token-here"

[[proxies]]
name = "nextcloud"
type = "http"
localPort = 8888
customDomains = ["files.yourdomain.com"]

Replace:

your-oracle-vps-ip with your Oracle VPS public IP
your-secret-token-here with the same token from Step 4
files.yourdomain.com with your actual domain

Create a systemd service:

sudo nano /etc/systemd/system/frpc.service

[Unit]
Description=frp client
After=network.target

[Service]
Type=simple
ExecStart=/opt/frp/frpc -c /opt/frp/frpc.toml
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

Start it:

sudo systemctl daemon-reload
sudo systemctl enable frpc
sudo systemctl start frpc
sudo systemctl status frpc

The tunnel is now live. Your home server is connected to the Oracle VPS.

Step 6: Set up Nginx on Oracle VPS

Nginx receives incoming web traffic on the VPS and forwards it through the frp tunnel to your home server.

SSH into your Oracle VPS:

sudo apt install nginx -y

Create the Nginx config:

sudo nano /etc/nginx/sites-available/nextcloud

server {
    listen 80;
    server_name files.yourdomain.com;

    client_max_body_size 10G;

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_read_timeout 86400;
        proxy_send_timeout 86400;
    }
}

Replace files.yourdomain.com with your actual domain.

Enable the config:

sudo ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

At this point, http://files.yourdomain.com should load your Nextcloud. But it's not secure yet — no HTTPS.

Step 7: Set up SSL with Certbot

Let's Encrypt gives you free SSL certificates. Certbot automates the entire process.

On your Oracle VPS:

sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d files.yourdomain.com

Certbot will:

Ask for your email (for renewal notifications)
Ask you to agree to terms
Automatically configure Nginx for HTTPS
Set up auto-renewal (certificates renew every 90 days automatically)

Test the renewal:

sudo certbot renew --dry-run

If it says "Congratulations, all simulated renewals succeeded", you're set.

Step 8: Update Nextcloud for HTTPS

Now that you have SSL, tell Nextcloud to use HTTPS:

Back on your home server:

docker exec -it nextcloud bash
nano /var/www/html/config/config.php

Add these lines inside the config array:

'overwrite.cli.url' => 'https://files.yourdomain.com',
'overwriteprotocol' => 'https',

Save, exit, and restart:

exit
docker restart nextcloud

Test everything

Open https://files.yourdomain.com in any browser, from any network. You should see your Nextcloud login page with a valid SSL certificate (green padlock).

Try it from your phone on mobile data. Try sharing a file link with someone. It all works now.

The complete picture

You now have two access paths:

Path	URL	Via	Best for
Private	`http://100.x.x.x:8888`	Tailscale	Personal use, large files, NAS
Public	`https://files.yourdomain.com`	Cloudflare → VPS → frp	Sharing with family, mobile backup

Both work from anywhere. The private path is faster (direct tunnel). The public path is more convenient (just a URL).

Your phone's Nextcloud app can use either:

Set it to https://files.yourdomain.com for universal access
Set it to the Tailscale IP for faster transfers when Tailscale is connected

Troubleshooting

files.yourdomain.com not loading?

Check frpc on home server: sudo systemctl status frpc
Check frps on Oracle VPS: sudo systemctl status frps
Check Nginx on Oracle VPS: sudo systemctl status nginx
Restart the chain: sudo systemctl restart frpc (home) → sudo systemctl restart frps (VPS) → sudo systemctl restart nginx (VPS)

"502 Bad Gateway" error?

The frp tunnel is down. Check sudo systemctl status frpc on your home server
Make sure the auth tokens match in both frps.toml and frpc.toml

SSL certificate not working?

Run sudo certbot --nginx -d files.yourdomain.com again
Make sure the Cloudflare proxy is set to "DNS only" (gray cloud), not "Proxied" (orange cloud)

Tailscale not connecting?

Check status: sudo tailscale status
Restart: sudo tailscale down && sudo tailscale up
Make sure Tailscale is installed and signed in on both devices with the same account

Nextcloud "Access through untrusted domain" error?

Add the domain to trusted_domains in Nextcloud's config (Step 5 of Part A)

Nextcloud redirect loop after enabling HTTPS?

Remove the overwrite setting: docker exec -it nextcloud php occ config:system:delete overwriteprotocol
Clear browser cookies for your domain
Re-add the setting carefully

What you should have now

✅ Tailscale installed — private encrypted access from anywhere
✅ Oracle Free VPS running as a public gateway
✅ frp tunnel connecting your home server to the VPS
✅ Nginx reverse proxy handling incoming traffic
✅ SSL certificate via Let's Encrypt — valid HTTPS
✅ https://files.yourdomain.com working from any browser, any network
✅ Phone auto-backup working on mobile data
✅ Family can access shared files via a simple link — no app needed

Your home server is now fully accessible from anywhere in the world, and your home IP is completely hidden.

What's next

🔒 Part 5: Security hardening + lessons learned — The final part. We'll set up UFW firewall rules properly, configure Fail2Ban to block brute-force attacks, harden SSH, add basic monitoring, and cover everything I learned the hard way. Don't skip this one — your server is now public-facing.

All config files from this series are available in the companion GitHub repo:
👉 github.com/sasrath/homecloud

Follow for Part 5 — it's the one that keeps everything secure. If you hit any snags with the VPS or frp setup, drop a comment and I'll help you debug it.

Your server is now live on the internet. Let's make sure it stays safe. 🔒

Turn Your Home Server into a NAS — Access Files from Any Device with Samba

Sasanka Rath — Tue, 31 Mar 2026 02:28:34 +0000

In Part 2, we set up Nextcloud with Docker — your own Google Drive with phone auto-backup and desktop sync. That handles cloud-style access perfectly.

But sometimes you just want to drag files into a folder. No browser, no app, no sync client — just open Finder on your Mac (or File Explorer on Windows), and there's your server, looking like any other drive.

That's what Samba does. It turns your home server into a NAS (Network Attached Storage) that any device on your network can access natively.

What you'll have after this guide:

Your server's folders visible in Mac Finder / Windows File Explorer
Drag-and-drop file transfer at full network speed
Auto-mount on startup so the drive is always there
Nextcloud and Samba sharing the same storage — files added via either method are visible in both
Remote NAS access via Tailscale (set up in Part 4)

Let's set it up.

How Samba and Nextcloud work together

This is important to understand before we start. Both Nextcloud and Samba will point to the same storage directory (/srv/nas). This means:

Upload a photo via Nextcloud's web interface → it appears in Samba immediately
Drop a video into the Samba share from your Mac → Nextcloud can see it after a quick scan

They're two doors into the same room. Nextcloud gives you the cloud experience (browser, apps, sharing links). Samba gives you the local network experience (Finder, drag-and-drop, raw speed).

💡 When you add files via Samba, Nextcloud won't detect them automatically. You'll need to run a quick scan command. I'll cover this at the end.

Step 1: Install Samba

SSH into your server and install Samba:

sudo apt install samba -y

Verify it's installed:

smbd --version

You should see something like Version 4.x.x. Samba is now installed but not configured yet.

Step 2: Create a Samba password

Samba uses its own password system, separate from your Linux login. Create a Samba password for your user:

sudo smbpasswd -a your-username

Replace your-username with your actual Linux username. It'll ask you to set a password — this is what you'll enter when connecting from your Mac or PC. It can be different from your Linux password.

Step 3: Configure Samba shares

Open the Samba config file:

sudo nano /etc/samba/smb.conf

Scroll to the bottom and add your shared folders:

[NAS]
   path = /srv/nas
   browseable = yes
   read only = no
   valid users = your-username
   create mask = 0644
   directory mask = 0755
   force user = www-data
   force group = www-data

[Photos]
   path = /srv/nas/photos
   browseable = yes
   read only = no
   valid users = your-username
   create mask = 0644
   directory mask = 0755
   force user = www-data
   force group = www-data

[Videos]
   path = /srv/nas/videos
   browseable = yes
   read only = no
   valid users = your-username
   create mask = 0644
   directory mask = 0755
   force user = www-data
   force group = www-data

Let me explain the key settings:

path — the directory to share
browseable = yes — makes it visible when browsing the network
read only = no — allows writing (uploading files)
valid users — only this user can access the share
force user / force group = www-data — this is critical. Nextcloud runs as www-data, so any file created via Samba must also be owned by www-data. Without this, Nextcloud can't read files you add through Samba.

Save and exit (Ctrl+X, then Y, then Enter).

Step 4: Set permissions

Make sure the storage directory has the right ownership:

sudo chown -R www-data:www-data /srv/nas
sudo chmod -R 775 /srv/nas

This ensures both Nextcloud (running as www-data) and Samba can read and write to the same files without permission conflicts.

Step 5: Restart Samba

sudo systemctl restart smbd
sudo systemctl enable smbd

The enable command ensures Samba starts automatically after reboots.

Verify it's running:

sudo systemctl status smbd

You should see active (running) in green.

Step 6: Open firewall ports

If you're running UFW (which you should be — we'll set it up properly in Part 5), allow Samba traffic:

sudo ufw allow 137/udp
sudo ufw allow 138/udp
sudo ufw allow 139/tcp
sudo ufw allow 445/tcp

These are the standard ports Samba uses for NetBIOS and file sharing.

Step 7: Connect from Mac

Open Finder
Press Cmd+K (or click Go → Connect to Server)
Type: smb://192.168.1.100 (replace with your server's IP)
Click Connect
Select Registered User
Enter your username and the Samba password you created in Step 2
Select which shares to mount: NAS, Photos, Videos
Click OK

Your server's folders now appear in the Finder sidebar under "Locations." You can drag files in, open them directly, and treat it exactly like a USB drive — except it's over your network.

Auto-mount on Mac startup

So you don't have to reconnect every time:

Connect to the NAS using the steps above
Go to System Settings → General → Login Items
Click + under "Open at Login"
Navigate to Network → your server IP → select the NAS folder
The drive now mounts automatically every time your Mac starts

Step 8: Connect from Windows

Open File Explorer
Click the address bar at the top
Type: \\192.168.1.100 (backslashes, not forward slashes)
Press Enter
Enter your username and Samba password
Check "Remember my credentials" if you want auto-login
Your shares appear as network folders

Map as a network drive (auto-mount):

Right-click on the share folder
Click Map network drive
Choose a drive letter (e.g., Z:)
Check Reconnect at sign-in
Click Finish

Your server now shows up as Drive Z: in File Explorer, permanently.

Step 9: Sync Samba files with Nextcloud

When you add files through Samba (drag-and-drop from Mac/PC), Nextcloud doesn't know about them yet. You need to tell Nextcloud to scan for new files:

docker exec -u www-data nextcloud php occ files:scan --all

This scans the entire storage directory and adds any new files to Nextcloud's index. Takes a few seconds for small changes, longer for thousands of files.

Make it automatic

If you're regularly adding files via Samba, set up a cron job to scan every 15 minutes:

crontab -e

Add this line:

*/15 * * * * docker exec -u www-data nextcloud php occ files:scan --all > /dev/null 2>&1

Now Nextcloud automatically picks up any files you add through Samba within 15 minutes.

Step 10: Bulk transfer — the fastest way to load your server

If you have hundreds of gigabytes of photos and videos to move onto your server, Samba is by far the fastest method. Here's the recommended approach:

Connect via Samba from your Mac or PC (Steps 7 or 8)
Drag and drop your files into the appropriate folders (photos → Photos, videos → Videos)
Wait for transfer to complete — local network transfers are fast, typically 50-100 MB/s over WiFi, faster over Ethernet
Run the Nextcloud scan once the transfer is done:

docker exec -u www-data nextcloud php occ files:scan --all

This is much faster than uploading through Nextcloud's web interface, which has overhead from HTTP and PHP processing.

💡 Transferring a large collection? Use an Ethernet cable for the transfer if possible — you'll see 2-3x faster speeds compared to WiFi. A Cat 6 Ethernet cable costs practically nothing and makes a big difference for bulk transfers.

Troubleshooting

Can't see the server in Finder/File Explorer?

Make sure you're on the same WiFi network as the server
Try connecting directly via IP: smb://192.168.1.100 (Mac) or \\192.168.1.100 (Windows)
Check Samba is running: sudo systemctl status smbd

"Permission denied" when writing files?

Check ownership: ls -la /srv/nas/ — files should be owned by www-data
Fix permissions: sudo chown -R www-data:www-data /srv/nas
Make sure your smb.conf has force user = www-data

Files added via Samba not showing in Nextcloud?

Run the scan: docker exec -u www-data nextcloud php occ files:scan --all
Or wait for the cron job if you set one up

Connection drops after Mac sleep?

This is normal. The Mac disconnects SMB shares when it sleeps. It should auto-reconnect when it wakes up if you set up auto-mount (Step 7). If not, just press Cmd+K and reconnect.

Slow transfer speeds?

Switch to a wired connection. WiFi has overhead and interference. An Ethernet connection will give you significantly faster and more reliable transfers.

What you should have now

After following this guide:

✅ Samba installed and configured with NAS, Photos, and Videos shares
✅ Mac or Windows PC sees your server as a network drive
✅ Drag-and-drop file transfer at full network speed
✅ Auto-mount on startup so the drive is always there
✅ Nextcloud synced with Samba via manual scan or cron job
✅ A complete NAS setup using hardware you already own

Between Nextcloud (Part 2) and Samba (this guide), you now have two ways to access your files:

Method	Best for	Speed
Nextcloud (browser/app)	Remote access, phone backup, sharing links	Good
Samba (Finder/Explorer)	Bulk transfers, local file access, drag-and-drop	Fast

Use both. They complement each other perfectly.

What's next

Right now, everything works on your home network. But what about when you're not home?

🌐 Part 4: Access your server from anywhere — Set up Tailscale for private encrypted access, get an Oracle Free VPS, configure frp tunneling to bypass CGNAT, set up Nginx and SSL, and point your custom domain to your home server. After Part 4, you'll access your NAS from anywhere in the world.

🔒 Part 5: Security hardening + lessons learned — UFW firewall, Fail2Ban, SSH hardening, monitoring, and everything I wish I'd known before starting.

All config files from this series are available in the companion GitHub repo:
👉 github.com/sasrath/homecloud

Hit Follow if you don't want to miss Part 4 — that's the one where everything comes together. Drop a comment if you hit any issues with the Samba setup.

Your server is now a NAS. Next up: accessing it from anywhere in the world. 🌐

KPI Tracker — AI-Powered Client Performance Dashboard with Notion as the Entire Backend

Sasanka Rath — Sat, 28 Mar 2026 13:17:52 +0000

This is a submission for the Notion MCP Challenge.

What I Built

KPI Tracker is an AI-powered client quarterly performance dashboard where Notion is the entire backend — no traditional database, no SQL, no Redis. Just Notion, connected through the official Model Context Protocol (MCP) server.

The problem it solves: consultants, analysts, and account managers who track multiple clients' performance currently spend hours manually copy-pasting data from quarterly reports. KPI Tracker reduces that to under 2 minutes.

How it works

Paste a URL or drag-and-drop a PDF — an earnings press release, 10-K, 10-Q, or any financial report
AI extracts all KPIs automatically — Revenue, Gross Margin, Net Margin, EPS, Operating Income, Customer Count, and more
Human-in-the-loop review — you see every extracted KPI with its confidence score before anything saves
One click saves everything to Notion — the app creates a client record, a quarterly report entry, and individual KPI rows via Notion MCP
Live dashboard renders 11+ interactive charts — all reading directly from Notion

Key features

Multi-Model AI — choose from 5 models at runtime: Gemini 2.5 Flash, Gemini 2.5 Pro, Claude Haiku 4.5, Sonnet 4.5, or Sonnet 4.6. No restart needed.
AI Revenue Forecasting — trend-based next-quarter revenue predictions per client, with reasoning
11+ Chart Types — Revenue Trend (Area), Revenue Forecast (Bar), Margin Trends (Line), EPS Trends (Line), Segment Revenue (Stacked Bar), KPI Distribution (Pie), Confidence Distribution (Pie), QoQ Heatmap, Revenue vs Margins (Composed), KPI Gauges (Horizontal Bar), KPI Landscape (Treemap)
Drag-and-Drop Charts — reorder any chart by dragging; order persists in localStorage across sessions
Pin KPI Charts — click any KPI in the data table to view its historical trend, then pin it as a new chart on the dashboard
Ask AI — query your data in natural language ("Which client had the highest revenue growth?")
Custom KPIs — manually add metrics the AI missed
Smart $B Formatting — revenue values ≥ $1,000M auto-display as billions (e.g., $12.7B)
All Clients Aggregation — summary cards intelligently aggregate across all clients (Revenue/OpIncome summed, margins/EPS averaged)
PDF + URL Ingestion — works with public URLs or local files
Secure — API keys never touch the browser; prompt injection detection built-in

Tech stack

Layer	Technology
Framework	Next.js 15.1 (App Router)
Frontend	React 19, Tailwind CSS 3.4
Charts	Recharts 2.13 (11+ chart types)
Drag-and-Drop	@dnd-kit/core + @dnd-kit/sortable
AI (default)	Google Gemini 2.5 Flash
AI (alternative)	Anthropic Claude Haiku / Sonnet
Backend/DB	Notion (via MCP + direct SDK)
MCP	@modelcontextprotocol/sdk 1.27, @notionhq/notion-mcp-server 2.2
PDF Parsing	pdf-parse
Deployment	Vercel

Demo

Static demo (no API keys needed): notion-kpi.sasrath.com

Show us the code

sasrath / notion-kpi-tracker

Turn any quarterly report URL into a live KPI dashboard. Powered by Claude/Gemini AI + Notion MCP. Zero traditional database.

📊 KPI Tracker — Powered by Notion MCP

AI-powered client quarterly performance tracker with multi-model support (Google Gemini + Anthropic Claude), 11+ interactive charts, AI revenue forecasting, and Notion as the sole backend. Zero traditional database.

Built for the dev.to Notion MCP Challenge

✨ Features

🤖 AI Report Ingestion — paste a URL or drag-and-drop a PDF, AI extracts KPIs automatically
📊 Interactive Dashboard — 11+ chart types (Area, Bar, Line, Pie, Heatmap, Treemap, Composed & more)
🔮 AI Revenue Forecasting — trend-based next-quarter revenue predictions per client
🧠 Multi-Model AI — choose from 5 models: Gemini 2.5 Flash/Pro, Claude Haiku 4.5, Sonnet 4.5/4.6
✋ Human-in-the-Loop — review and edit extracted KPIs before anything saves to Notion
🔄 Drag-and-Drop Charts — reorder dashboard charts by dragging; order persists across sessions
📌 Pin KPI Charts — click any KPI in the table to view its trend, then pin it to the…

View on GitHub

The full source is on GitHub: github.com/sasrath/notion-kpi-tracker

Architecture at a glance

User Browser (React SPA)
    │
    ├── Google Gemini API   (web search, extraction, forecasts)
    ├── Anthropic Claude API (extraction, queries, forecasts)
    │
    └── Next.js API Routes
            │
            └── lib/notion-mcp.js (MCP Client singleton)
                    │ (stdio)
                    └── @notionhq/notion-mcp-server (subprocess)
                            │ (HTTP)
                            └── Notion API → 3 Databases

The MCP server runs as a long-lived subprocess managed as a singleton. It starts on the first API call and stays alive for subsequent requests. The callNotionTool() helper handles JSON parsing, error detection, and auto-reconnect.

Key files

app/page.jsx — Main dashboard: 11+ charts, DnD grid, KPI table, saving progress, tab persistence
lib/notion-mcp.js — MCP client singleton with auto-reconnect and 21-tool mapping
lib/llm.js — Multi-model AI layer (Gemini + Claude), safeParseJSON for truncated responses
lib/transforms.js — 19 data transform functions for chart preparation
setup-notion.mjs — Automated Notion database setup script

How I Used Notion MCP

Notion is not a side feature — it is the backend. Every data operation flows through the official Notion MCP server (@notionhq/notion-mcp-server). There is zero traditional database code anywhere in the project.

The three-database schema

The app uses three relational Notion databases:

Clients — one row per company (Name, Industry, Website, Status)

Quarterly Reports — one row per earnings report, linked to a Client (Quarter, Year, Report URL, Raw Summary)

KPIs — one row per metric, linked to both a Report and a Client (KPI Name, Value, Unit, Quarter, Year, Source, Confidence, Notes)

MCP operations in action

What the app does	MCP Tool used
Save a new client, report, or KPI	`API-post-page`
Load all clients / search KPIs	`API-post-search`
Delete (archive) a KPI row	`API-patch-page`
Verify Notion connection on startup	`API-get-self`
Check database schema	`API-retrieve-a-database`

Here's how the MCP connection is established in lib/notion-mcp.js:

import { Client } from "@modelcontextprotocol/sdk/client/index.js";
import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";

const transport = new StdioClientTransport({
  command: "npx",
  args: ["-y", "@notionhq/notion-mcp-server"],
  env: {
    ...process.env,
    OPENAPI_MCP_HEADERS: JSON.stringify({
      Authorization: `Bearer ${process.env.NOTION_API_KEY}`,
      "Notion-Version": "2022-06-28",
    }),
  },
});

const client = new Client({ name: "kpi-tracker", version: "1.0.0" });
await client.connect(transport);

Every read and write — from loading the dashboard to saving AI-extracted KPIs to deleting a row — goes through this MCP connection. The app treats Notion exactly like a traditional database, but through the standardized MCP protocol.

Why MCP over the direct Notion SDK?

Using MCP means the app communicates through a standardized protocol layer. This gives us:

Tool discovery — the MCP server exposes 21 tools that map to Notion's REST API; the app discovers them at startup
Protocol standardization — the same MCP client pattern works with any MCP-compatible service
Decoupled auth — credentials flow through the MCP transport layer, not hardcoded in API calls

The result

The entire data lifecycle — AI extraction → human review → save to Notion → read for dashboard → AI forecasting — runs through Notion MCP. No separate database server to manage, no migrations to run, no connection pools to configure. Just Notion.

🔐 Full Demo Access

The public demo at notion-kpi.sasrath.com shows sample data to protect API limits.

For the full live experience with real Notion + Gemini:
👉 notion-kpi.sasrath.com/judges

Pre-loaded with real earnings data from Apple,
Microsoft and Intel Q4 2025.

About Me

I'm a consultant focused on practical AI integrations, data tooling, and building small, maintainable web apps that solve real problems. I publish code, demos, and write-ups so others can learn and contribute — feedback, issues, and pull requests are very welcome.My Github (source: https://github.com/sasrath).

Setting Up Nextcloud with Docker on an Old Laptop — Your Own Google Drive in 30 Minutes

Sasanka Rath — Tue, 24 Mar 2026 15:24:15 +0000

Part 2 of the home server series. A complete, step-by-step guide to installing Docker, running Nextcloud, setting up phone auto-backup, and getting desktop sync working."

In Part 1, I explained why I replaced Google One with a home server and showed the architecture. Now we build it.

This post covers the heart of the setup — Nextcloud running in Docker. By the end of this guide, you'll have a fully working personal cloud that you can access from your browser, sync files from your desktop, and auto-backup photos from your phone.

What you'll need:

An old laptop or PC (I'm using an HP Pavilion x360, but anything with 4GB+ RAM works)
Ubuntu Server 24.04 LTS installed (the official install guide takes about 15 minutes)
A wired or wireless internet connection
About 30 minutes

Let's go.

Step 1: Give your server a static IP

Before installing anything, your server needs a fixed IP address on your home network. Without this, your router might assign it a different IP every time it reboots, and nothing will be reachable.

Find your current network details:

ip a
ip route | grep default

Note down your interface name (something like eth0 for Ethernet or wlo1 for WiFi), your current IP, and your gateway IP (usually 192.168.1.1).

Now edit the netplan config:

sudo nano /etc/netplan/00-installer-config.yaml

For a wired connection (recommended — if your laptop doesn't have an Ethernet port, a USB-C to Ethernet adapter works great):

network:
  version: 2
  ethernets:
    eth0:
      dhcp4: no
      addresses:
        - 192.168.1.100/24
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses:
          - 1.1.1.1
          - 8.8.8.8

For a WiFi connection:

network:
  version: 2
  wifis:
    wlo1:
      dhcp4: no
      addresses:
        - 192.168.1.100/24
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses:
          - 1.1.1.1
          - 8.8.8.8
      access-points:
        "Your_WiFi_Name":
          password: "your-wifi-password"

Apply the config:

sudo netplan apply

Verify it worked:

ip a | grep 192.168.1.100

You should see your static IP. From now on, your server is always at 192.168.1.100 (or whatever IP you chose).

💡 Pick an IP outside your router's DHCP range. Most routers assign IPs in a range like 192.168.1.2 to 192.168.1.99. Setting your server to 192.168.1.100 avoids conflicts. Check your router's admin page if you're unsure.

Step 2: Install Docker

Docker lets you run Nextcloud in an isolated container — easy to install, easy to update, easy to back up.

# Update packages
sudo apt update && sudo apt upgrade -y

# Install Docker
sudo apt install docker.io docker-compose -y

# Start Docker and enable it on boot
sudo systemctl enable docker
sudo systemctl start docker

# Add your user to the docker group (so you don't need sudo every time)
sudo usermod -aG docker $USER

Log out and log back in for the group change to take effect. Then verify Docker is running:

docker --version
docker compose version

Both should return version numbers. If they do, Docker is ready.

Step 3: Prepare storage directories

Create the folders where Nextcloud will store your files. I use /srv/nas as the root — it's a standard Linux convention for service data.

💡 Running low on built-in storage? You can mount an external USB hard drive and point these directories to it. A 1TB external drive costs around ₹4,000 and instantly doubles your capacity.

# Create folder structure
sudo mkdir -p /srv/nas/photos
sudo mkdir -p /srv/nas/videos
sudo mkdir -p /srv/nas/documents
sudo mkdir -p /srv/nas/nextcloud

# Set ownership so Nextcloud (which runs as www-data) can write to it
sudo chown -R www-data:www-data /srv/nas

This gives you a clean folder structure:

/srv/nas/
├── photos/       ← All your photos
├── videos/       ← Personal videos
├── documents/    ← PDFs, spreadsheets, etc.
└── nextcloud/    ← Nextcloud internal data

Later, when we set up Samba (Part 3), these same folders will be accessible as network drives on your Mac or PC.

Step 4: Create the Docker Compose file

Create a directory for your server configuration and add the compose file:

mkdir -p ~/server
cd ~/server
nano docker-compose.yml

Paste this:

version: '3'

services:
  nextcloud:
    image: nextcloud:latest
    container_name: nextcloud
    restart: always
    ports:
      - "8888:80"
    volumes:
      - ./config:/var/www/html
      - /srv/nas:/var/www/html/data
    environment:
      - NEXTCLOUD_TRUSTED_DOMAINS=192.168.1.100

Let me explain what each line does:

image: nextcloud:latest — pulls the latest official Nextcloud image
container_name: nextcloud — gives the container a clean name
restart: always — auto-restarts the container if it crashes or after a reboot
ports: "8888:80" — maps port 8888 on your server to port 80 inside the container
volumes — mounts your config directory and storage directory into the container
NEXTCLOUD_TRUSTED_DOMAINS — tells Nextcloud which addresses are allowed to access it. We'll add more later (your domain, Tailscale IP, etc.)

💡 Why port 8888? Port 80 is reserved for potential future services. A non-standard port also adds a minor layer of obscurity. You can pick any unused port you like.

Step 5: Launch Nextcloud

cd ~/server
docker compose up -d

The -d flag runs it in the background. First time will take a minute or two to download the Nextcloud image.

Check it's running:

docker ps

You should see:

CONTAINER ID   IMAGE              STATUS          PORTS                  NAMES
abc123def456   nextcloud:latest   Up 2 minutes    0.0.0.0:8888->80/tcp   nextcloud

Now open a browser on any device on your home network and go to:

http://192.168.1.100:8888

You'll see the Nextcloud setup screen.

Step 6: Configure Nextcloud

On the setup screen:

Create an admin account — pick a username and a strong password. This is your main login.
Storage & database — select SQLite for simplicity. It's perfectly fine for personal use with 1-3 users. (If you expect more users, you can set up MariaDB/PostgreSQL later.)
Install recommended apps — check this box. It installs Calendar, Contacts, Talk, and other useful apps.

Click Finish setup. Give it a minute to install everything.

Once done, you'll land on the Nextcloud dashboard — your personal cloud is live.

Step 7: Update trusted domains

Nextcloud only allows access from domains/IPs listed in its trusted domains config. Right now it only knows about 192.168.1.100. We need to add more for later parts of this series.

# Enter the Nextcloud container
docker exec -it nextcloud bash

# Edit the config file
apt update && apt install nano -y
nano /var/www/html/config/config.php

Find the trusted_domains section and update it:

'trusted_domains' =>
array (
  0 => '192.168.1.100',
  1 => 'files.yourdomain.com',
  2 => '100.x.x.x',
),

Replace files.yourdomain.com with your actual domain (we'll set this up in Part 4), and 100.x.x.x with your Tailscale IP once you have it. For now, just add placeholder entries — you can always update later.

Save and exit (Ctrl+X, then Y, then Enter). Then exit the container:

exit

Restart Nextcloud to apply:

docker restart nextcloud

Step 8: Set up phone auto-backup

This is the killer feature — every photo you take automatically syncs to your server.

iPhone:

Download Nextcloud from the App Store
Open the app → enter server address: http://192.168.1.100:8888
Log in with your admin credentials
Go to Settings → Auto Upload
Enable it and select which folders to back up (Camera Roll at minimum)

Android:

Download Nextcloud from Play Store
Same steps — enter server address, log in
Go to Settings → Auto Upload
Enable for Camera folder

From now on, every photo and video automatically uploads to /srv/nas/ on your server. No more paying Google for photo storage.

⚠️ This only works when you're on your home WiFi for now. In Part 4, when we set up Tailscale and the public domain, auto-backup will work from anywhere.

Step 9: Set up desktop sync

Mac:

Download the Nextcloud desktop app from nextcloud.com/install
Install and open it
Server address: http://192.168.1.100:8888
Log in with your credentials
Choose a local sync folder on your Mac (e.g., ~/Nextcloud)
Files now sync automatically — like Dropbox or OneDrive

Windows / Linux:

Same process — download the desktop client, point it to your server, and select a sync folder.

You can also access Nextcloud from any browser at http://192.168.1.100:8888 — upload files, create folders, share links, just like Google Drive.

Step 10: Useful Nextcloud commands

A few commands you'll use regularly:

# Check if Nextcloud is running
docker ps

# View Nextcloud logs (useful for debugging)
docker logs nextcloud --tail 50

# Restart Nextcloud
docker restart nextcloud

# Stop everything
cd ~/server && docker compose down

# Start everything
cd ~/server && docker compose up -d

# Force Nextcloud to re-scan files
# (useful after adding files via Samba — covered in Part 3)
docker exec -u www-data nextcloud php occ files:scan --all

# Check disk space
df -h

Troubleshooting

Nextcloud not loading in browser?

Check the container is running: docker ps
If not running: cd ~/server && docker compose up -d
Check logs: docker logs nextcloud --tail 50

"Access through untrusted domain" error?

You're accessing from an IP/domain not in trusted_domains
Add it to the config as shown in Step 7

Upload fails for large files?

Nextcloud's default upload limit might be too low
Fix it:

docker exec -it nextcloud bash
echo "upload_max_filesize=16G" > /usr/local/etc/php/conf.d/uploads.ini
echo "post_max_size=16G" >> /usr/local/etc/php/conf.d/uploads.ini
exit
docker restart nextcloud

"Redirect loop" error?

Clear your browser cookies for 192.168.1.100
Make sure you're using http:// not https:// (we don't have SSL yet — that's Part 4)

What you should have now

After following this guide:

✅ Docker installed and running
✅ Nextcloud accessible at http://192.168.1.100:8888
✅ Storage organized in /srv/nas/ with separate folders for photos, videos, documents
✅ Phone auto-backup working on your home WiFi
✅ Desktop sync client connected
✅ Your own personal Google Drive — running on hardware you own

Hardware recommendations

You don't need to buy anything new to follow this guide — the whole point is using what you already have. But if you want to improve reliability or expand your setup, here's what I'd suggest:

Seagate 1TB External Hard Drive — for expanding storage when your built-in drive fills up. Plug it in via USB and mount it.
Amazon Basics USB-C to Ethernet Adapter — if your laptop doesn't have an Ethernet port. Wired connection is significantly more reliable than WiFi for a 24/7 server.
Zebronics 4-Port USB Hub — useful if your laptop is short on USB ports after plugging in an external drive and Ethernet adapter.
Cat 6 Ethernet Cable (5m) — run this from your router to the server. Cat 6 handles gigabit speeds without any issues.

Disclosure: These are affiliate links. If you purchase through them, I earn a small commission at no extra cost to you. I only recommend products I'd actually use.

What's next

📂 Part 3: Turn your server into a NAS with Samba — We'll make these same folders accessible directly in Mac Finder and Windows Explorer as network drives. This is the fastest way to transfer large files — drag and drop, just like a USB drive.

🌐 Part 4: Access your server from anywhere — Tailscale for private access, Oracle Free VPS + frp for public sharing, and SSL for your custom domain.

🔒 Part 5: Security hardening + lessons learned — UFW, Fail2Ban, SSH hardening, and everything I wish I'd known before starting.

All the config files from this series are available in the companion GitHub repo:
👉 github.com/sasrath/homecloud

Hit Follow if you don't want to miss Part 3. And if you run into any issues with the setup, drop a comment — I'll help you debug it.

Your Google Drive replacement is now running. Next up: making it work like a real NAS. 💾

I Replaced Google Drive with a Home Server That Costs Almost Nothing

Sasanka Rath — Sat, 21 Mar 2026 06:27:20 +0000

I was paying ₹650/month for Google One's 2TB plan. That's ₹6,500 a year — for storage I don't own, on servers I don't control, where my photos could be used to train AI models.

Then I looked at the old HP Pavilion x360 collecting dust on my shelf. 1TB hard drive. 8GB RAM. A perfectly good Intel i5 processor doing absolutely nothing.

What if I could turn it into my own cloud?

Turns out, you can. And the only fixed cost is a domain name — about ₹70/month. Everything else is free, open-source software. Electricity varies by device and local rates, but a laptop sips power compared to a desktop.

This is Part 1 of a 5-part series where I'll walk you through the entire setup. In this post, I'll cover the why and the what. The how starts in Part 2.

What my server does

My home server replaces Google Drive, Google Photos, and then some:

Personal cloud storage — I browse, upload, and organize files from any browser using Nextcloud, a self-hosted Google Drive alternative
Automatic phone photo backup — every photo I take syncs to my server instantly via the Nextcloud mobile app
NAS file sharing — my Mac sees the server as an external drive in Finder, just like a USB hard drive (via Samba)
Remote access from anywhere — whether I'm home or traveling, I reach everything via a custom domain or an encrypted private VPN
Secure sharing with family — I share photo albums and videos via secure links. Recipients don't need an account, they just open a link in their browser

No monthly storage fees. No upload limits. No one scanning my files. Just my data, on my hardware, under my control.

Why not just use Google Drive?

Let me be specific about the problem:

Cost compounds. Google One 2TB costs ₹6,500/year today. Over 5 years, that's ₹32,500 — and Google has a history of raising prices. My server's hardware was already paid for. The domain costs ₹850/year. That's it.

Storage is capped. Hit 2TB on Google and you're paying ₹16,250/year for 5TB. With my server, I plug in a ₹5,000 external hard drive and I have 5TB. Once. No recurring cost.

You don't own the data. Google can change terms of service, lock your account, or discontinue a product (remember Google+, Inbox, Stadia?). My files live on a hard drive in my house.

Privacy. Google Photos uses your images for AI model training. Your documents pass through their servers. With a home server, your data never leaves your network unless you explicitly share it.

The architecture — how it all connects

This is the part that took the most thinking. Here's the challenge: most Indian ISPs (Airtel, Jio, ACT) use CGNAT, which means your home doesn't have a public IP address. Nobody on the internet can reach your server directly.

I solved this with a two-path architecture:

                        PUBLIC PATH (for sharing with others)

                    🌐  Internet
                        ↓
                    ☁️  Cloudflare — DNS + SSL + DDoS protection
                        ↓
                    🖧  Oracle Free VPS — public gateway (hides your home IP)
                        ↓  frp tunnel (encrypted)
                    🖥  Home Server — Ubuntu 24.04 | 8GB RAM | 1TB HDD
                        ↓
                    📦  Nextcloud  ·  Samba NAS  ·  Docker


                        PRIVATE PATH (for personal use)

                    📱  Your phone / laptop
                        ↓  WireGuard encrypted tunnel
                    🖥  Home Server directly — no VPS, full speed, fully private

Two paths, two purposes

Public path — for when I share a photo album with family. Traffic goes: Internet → Cloudflare → Oracle VPS → encrypted frp tunnel → my home server. This gives me a clean URL (files.yourdomain.com) that anyone can open in a browser. My real home IP is completely hidden behind the VPS.

Private path — for my personal use. Tailscale creates a direct WireGuard VPN tunnel between my devices and my server. No middleman. No bandwidth limits. Military-grade encryption. I use this for streaming large videos, syncing files, and SSH access. It's free for up to 100 devices.

Why two paths? The public path exists only for sharing. Tailscale is faster and more secure, but it requires the app to be installed on every device. Family members who just want to see wedding photos shouldn't need to install a VPN.

The hardware — it's probably on your shelf

You don't need fancy hardware. Any old laptop or mini PC works. A laptop is actually ideal because:

Built-in UPS — the battery keeps the server running during power cuts
Low power — a laptop uses a fraction of what a desktop draws
Small and quiet — no fan noise, tuck it behind your router

Here's what I'm running:

Component	What I used	Minimum you need
Device	HP Pavilion x360	Any x86 laptop or mini PC
CPU	Intel i5	Any dual-core processor
RAM	8GB	4GB minimum
Storage	1TB HDD	256GB+ (expand anytime with USB drives)
Network	WiFi (200Mbps Airtel)	Ethernet preferred for reliability
OS	Ubuntu Server 24.04 LTS	Any Debian-based Linux distro

A Raspberry Pi 4/5 also works for lighter usage, though I'd recommend a proper laptop or mini PC if you plan to serve media files.

The software stack — everything is free

This blew my mind when I first set it up. Every single piece of software is open source and free:

Software	What it does
Ubuntu Server 24.04	The operating system — lightweight, no GUI
Docker	Runs Nextcloud in an isolated container for easy management
Nextcloud	The Google Drive replacement — web UI, mobile apps, desktop sync
Samba	Makes your server appear as a network drive on Mac/Windows
Tailscale	Creates an encrypted private tunnel to your server from anywhere
frp	Punches through CGNAT so the internet can reach your home server
Nginx	Web server on the VPS that handles incoming traffic
Certbot	Free SSL certificates so your custom domain uses HTTPS
UFW + Fail2Ban	Firewall and brute-force protection

Not a single subscription. Not a single license fee. The open-source community has built everything you need.

The cost comparison

Here's why this project was worth a weekend of setup:

Google One 2TB


Monthly cost	₹650
Yearly cost	₹6,500
5-year cost	₹32,500+ (assuming no price hikes)
Storage limit	2TB, then pay more
Data ownership	Google's servers, Google's terms

Home server


Domain name	~₹850/year
Electricity	Varies (laptops are very low-power)
Oracle VPS	Free forever (Always Free tier)
Cloudflare	Free
Tailscale	Free
All software	Free and open source
Storage limit	Whatever hard drive you plug in
Data ownership	Yours. Physically in your house.

The hardware? Already paid for — it was gathering dust. Even if you bought a used laptop for ₹10,000, it pays for itself in under 2 years compared to Google One.

Is it reliable?

I've been running this setup for a while now. Here's what I've observed:

Uptime is excellent. The server boots automatically after power cuts (BIOS setting), and all services — Docker, Nextcloud, Tailscale, frp — start on their own. After a power outage, everything is back online in 2-3 minutes without me touching anything.

WiFi has been the weak link. I've had occasional drops on the WiFi connection. If your server is near the router, use an Ethernet cable. It's noticeably more reliable.

Speed is great on the local network. Transferring files via Samba on my home network is as fast as a USB drive. Remote access via Tailscale is limited by your internet upload speed, but perfectly usable for photos and documents.

Maintenance is minimal. I check on it maybe once a week — glance at disk space, make sure services are running. Docker makes updates trivial: pull the latest image and restart.

What's coming in this series

This was the why and the what. Starting next, we get into the how — complete, copy-paste-ready tutorials:

📦 Part 2: Setting up Nextcloud with Docker — Install Docker, write the compose file, configure Nextcloud, set up phone auto-backup, and get desktop sync working. Your Google Drive replacement, running in 30 minutes.

📂 Part 3: Turn your server into a NAS with Samba — Configure Samba shares, connect from Mac and Windows, set up auto-mount on startup, and integrate with Nextcloud so both see the same files.

🌐 Part 4: Access your server from anywhere — Set up Tailscale for private access, get an Oracle free VPS, configure frp tunneling, set up Nginx and SSL, and point your custom domain to your home server.

🔒 Part 5: Security hardening + lessons learned — Configure UFW firewall, set up Fail2Ban, harden SSH, add monitoring, and everything I wish I'd known before starting.

Each post is standalone — you can jump to whichever part you need. But if you're building from scratch, follow them in order.

If you don't want to miss the next part, hit Follow. I'll also be sharing shorter tips and updates on Twitter/X (@ASkully58162) as I keep building.

Have questions about the setup? Drop them in the comments — I'll answer everything and it might shape what I cover in the next parts.

Got an old laptop collecting dust? It's about to become the most useful device you own. 🖥️