1. The Architecture: Hybrid Cloud Strategy
My initial approach was to host everything—including this blog—directly on the Raspberry Pi. However, a risk assessment revealed significant vulnerabilities in exposing a home network to the public internet, including a lack of DDoS protection, no Web Application Firewall (WAF), no default tracking for various kinds of statistics,ß and the maintenance burden of hardening the network perimeter.
To solve this, I designed a split architecture:
The Public Edge (Cloudflare)
I pivoted to Cloudflare for public-facing content. This decision decoupled my personal network from public traffic, providing:
- Enterprise Security: Automatic WAF and DDoS mitigation.
- Global Performance: Leveraging a global CDN for edge caching, ensuring consistent uptime regardless of my home internet connection or unexpected maintainance/updates on Arch Linux.
The Private Core (Raspberry Pi 5)
With public traffic offloaded, the Raspberry Pi 5 was dedicated to private, data-intensive workloads where data sovereignty matters.
- OS Strategy: I chose Arch Linux (Rolling Release) to maintain a minimal footprint, installing only necessary packages to maximize the Pi’s limited resources.
- Service Orchestration:
- Jellyfin: Configured as a private music, media and ebooks streaming hub, allowing me to host my own library and bypass commercial SaaS subscriptions.
- SFTP Cloud: A secure, sovereign file storage solution for remote document access as a replacement for Google/iCloud Drive.
- Automated Reliability: I implemented Cron jobs to handle regular automated backups of critical configurations and data backups.
2. Networking & Security: The Tailscale Mesh
A critical requirement for the private core was remote accessibility without compromising security. Opening ports on a residential router introduces a massive attack surface.
To address this, I implemented Tailscale, a zero-config VPN based on the WireGuard protocol.
- Mesh Networking: Tailscale creates a peer-to-peer mesh network, allowing me to access the Pi from anywhere in the world via SSH or SFTP as if it were on a local LAN. This also enabled me to make it functional when using the internet via Starlink.
- Zero Trust: This eliminates the need for port forwarding (e.g., exposing Port 22 or 80), keeping the home firewall completely closed to inbound traffic.
3. The Pivot: From Server to High-Performance Client
During the project, I identified a hardware constraint: the Pi 5 struggles with real-time HEVC (H.265) video transcoding when acting as a server especially for high resolution videos (720p+).
Recognizing that the Pi 5 is better suited as a powerful Direct-Play Client rather than a Transcoding Server, I am repurposing the hardware to solve a specific user experience (UX) problem for a friend: the latency and slowness of commercial streaming sticks (like Roku).
The New Deployment (HTPC Gift): I am converting the server into a dedicated Home Theater PC (HTPC) and Retro-Gaming Console.
- OS Migration: Switching from Arch to Ubuntu to ensure maximum compatibility with streaming DRM and peripheral support.
- Unified Interface: The device is configured to be fully navigable via a game controller, eliminating the need for a mouse and keyboard.
- Feature Set:
- Universal Streaming: Aggregating all major streaming platforms into a lag-free interface.
- Physical Media Hub: Leveraging the USB 3.0 throughput to attach external DVD/Blu-ray drives for physical playback.
- Retro Emulation: Utilizing the Pi 5’s GPU for emulating classic Nintendo titles.
- General-Purpose Computing : Leverages a full Linux desktop environment (Ubuntu) to function as a capable mini workstation for using productivity tools and browsing tasks.
4. Conclusion
This project served as a practical exercise in Systems Design. It demonstrated the importance of Right-Sizing Hardware: realizing that while the Pi 5 had limitations as a heavy-duty server, its architecture made it a superior, responsive alternative to underpowered commercial streaming dongles and is capable of being used to make various creative tools.