Sets up the complete self-hosted infrastructure on Voyager (HP t630 thin client):
DNS Stack (dns/):
- Pi-hole for network-wide ad blocking
- Unbound as recursive DNS resolver
- dnscrypt-proxy for DNS-over-HTTPS via Cloudflare/Quad9
Services:
- Vaultwarden - self-hosted password manager (Bitwarden compatible)
- Forgejo - self-hosted git mirror (primary on PMS1, mirror here)
- Karakeep - self-hosted bookmark manager
- Resilio Sync - P2P sync for PMS1 database backups
Tunneling:
- Newt - Pangolin tunnel client for exposing services via
tunnel.pelagiamarine.com without open ports
All services exposed externally via Pangolin reverse proxy on PMS1.
Local DNS resolves through Pi-hole → Unbound → dnscrypt-proxy chain.
