Simon-RedditAccount

Can't you just install this type of app to your phone or pc?

For one instance of app, it's possible to install it onto a single machine.

Things get tricky when you want to access the data from multiple devices. Even trickier, when several people want to access it. After a certain point, it's easier to have a "cloud" solution. And since "cloud" is just somebody's else computer, why not make this a computer YOU own?

Lack of time or interest (or both) in: managing local DNS, using .home.arpa and running own CA.

It's tricky (especially running your own CA in a proper way), and not everyone wants to do it. Also, running it in a proper way it requires knowledge, and some people don't have it...

Actually, distribution of your root CA certificate is not that difficult.

NOTE: this addresses strictly OP's question about LAN-only access. External access or varying devices used to access is a completely different story.

• Google Workspace. Not the cheapest, and also by Google (although they claim they don't mine as much data from business accounts)
• Zoho, $1.25/mo
• iCloud+, $0.99/mo, but a bit limited (don't remember whether they have catch-all etc).

Do you monitor network traffic?

Generally, no. But I seriously restrict container networking, most of my containers are unable to reach internet, unless absolutely necessary. Also, my firewall is not super-restrictive, but it is different from defaults :)

Sometimes I do some monitoring though.

Privacy, Education, Being Cool. Also, there are some services that are not available commercially.

Possible - yes.

Do you want it? Probably, no. Especially, SMTP. Better use something like Zeptomail (cheapest) for delivery.

You can still self-host the receiver.

Mandatory do-not-self-host-at-home notice: custom domain at skiff.com is free, iCloud+ Mail is $0.99 and Zoho is $1.25/mo.

Yes, there are risks:

• First, updates can break things. Already explained here.
• Second, exposing Docker socket to Watchtower means you have to trust it ultimately. Any vulnerability in WT can lead to whole system compromise.

Personally, I use DIUN. It just sends me notifications about available updates. I update things manually later. My system is pretty well isolated from outside world, so no need to hurry.
On a VPS, I would prefer a different approach though.

• good-looking domains instead of IPs
• tons of subdomains instead of ports
• universally recognized TLS certs via Let's Encrypt. DNS challenges are the way to go - you don't even have to expose your HTTP server
• dynamic DNS, again available via API
• inbox@yourdomain.com (better not to self-host, but to use an email provider)

Consider adding couple of screenshots or even a small sped-up GIF to the GitHub, right at the top. Also, GDrive video is loading extremely slow, better host it YouTube/Vimeo.

Congrats!

Knowledgebase + OIDplus + scripts/configs in git repo.

I chose local instance of Wordpress for my knowledgebase a decade ago. Today I'd probably use Bookstack.

Not exactly a NUC - a fanless MSI Cubi N with Celeron N4000.

Bare metal Ubuntu Server running nginx + docker-compose for everything other.

Everything in my LAN is TLS-protected. Primarily because of convenience (no 'unsafe' warnings), unification (all I do everywhere is TLS). Also for learning purposes (I like challenges). Security is on the last place here (but is still important to me).

Probably your main threat is not people, but malware. Especially since they are not tech-savy. Remember how $35M of crypto assets were recently stolen: in the beginning it was a LastPass engineer who did not update his Plex instance.