# ๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ Family Network Integration Guide **๐ŸŸก Intermediate Guide** This guide covers integrating your family's separate network and ISP with your homelab infrastructure, enabling seamless access to Plex, Immich photo sync, and Synology services while optimizing for different bandwidth capabilities. ## ๐ŸŽฏ Network Architecture Overview ### **Network Topology** ```bash # Your Homelab Network ISP: 20 Gbps up/down Location: Primary residence Subnet: 192.168.1.0/24 Key Services: Atlantis (Plex, Immich), Calypso (Media), Synology # Family Network ISP: 2 Gbps down / 400 Mbps up Location: Family residence Subnet: 192.168.2.0/24 (different to avoid conflicts) Bridge Device: Concord-NUC (on family network) ``` ### **Integration Strategy** ```bash # Concord-NUC as Bridge/Gateway Role: Site-to-site VPN endpoint and local cache Services: WireGuard server, Tailscale exit node, local caching Network: Connected to family network (192.168.2.x) Tailscale IP: concord-nuc.vish.local # Bandwidth Optimization Homelab โ†’ Family: Utilize full 20 Gbps upload Family โ†’ Homelab: Respect 400 Mbps upload limit Local Caching: Cache frequently accessed content on Concord-NUC Quality Adaptation: Automatic quality adjustment based on bandwidth ``` --- ## ๐ŸŒ Site-to-Site VPN Configuration ### **Tailscale Site-to-Site Setup** #### **Configure Concord-NUC as Subnet Router** ```bash # On Concord-NUC (at family location) # Enable IP forwarding echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf sudo sysctl -p # Advertise family subnet to Tailscale sudo tailscale up --advertise-routes=192.168.2.0/24 --accept-dns=false # Verify subnet advertisement tailscale status ``` #### **Accept Subnet Routes on Homelab** ```bash # In Tailscale Admin Console (https://login.tailscale.com/admin) # Navigate to: Machines โ†’ concord-nuc โ†’ Route settings # Enable: 192.168.2.0/24 subnet route # This allows homelab to reach family network devices directly # On homelab servers, accept the routes sudo tailscale up --accept-routes ``` #### **Configure Family Router** ```bash # Add static routes on family router to route homelab traffic through Concord-NUC # Router Admin โ†’ Advanced โ†’ Static Routes # Route homelab Tailscale network through Concord-NUC Destination: 100.64.0.0/10 Gateway: 192.168.2.100 (Concord-NUC local IP) Interface: LAN # Route specific homelab subnets (optional) Destination: 192.168.1.0/24 Gateway: 192.168.2.100 Interface: LAN ``` ### **WireGuard Site-to-Site (Alternative)** #### **Configure WireGuard on Concord-NUC** ```bash # Install WireGuard sudo apt update && sudo apt install wireguard # Generate keys wg genkey | sudo tee /etc/wireguard/private.key sudo chmod 600 /etc/wireguard/private.key sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key # Configure WireGuard interface sudo tee /etc/wireguard/wg-family.conf << 'EOF' [Interface] PrivateKey = CONCORD_PRIVATE_KEY Address = 10.100.0.2/24 ListenPort = 51821 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] # Homelab endpoint (Atlantis) PublicKey = ATLANTIS_PUBLIC_KEY Endpoint = your-homelab-external-ip:51820 AllowedIPs = 192.168.1.0/24, 10.100.0.1/32 PersistentKeepalive = 25 EOF # Enable and start WireGuard sudo systemctl enable wg-quick@wg-family sudo systemctl start wg-quick@wg-family ``` --- ## ๐Ÿ“บ Plex Integration and Optimization ### **Plex Server Configuration** #### **Network and Remote Access** ```bash # On Atlantis (Plex server) # Plex Settings โ†’ Network # Network Interface: All interfaces # Secure connections: Preferred # Remote access: Enable # Manually specify public port: 32400 # Custom server access URLs: # - https://atlantis.vish.local:32400 # - https://plex.vish.local:32400 (if using custom DNS) # Bandwidth settings for family network # Settings โ†’ Network โ†’ Remote streaming Maximum remote streaming bitrate: 20 Mbps (respect family's download limit) Internet upload speed: 20000 Mbps (your homelab upload) ``` #### **Quality and Transcoding Settings** ```bash # Settings โ†’ Transcoder Transcoder quality: Automatic Use hardware acceleration: Enable (if available) Use hardware-accelerated video encoding: Enable Maximum simultaneous video transcode: 4 # Settings โ†’ Network โ†’ Show Advanced Enable Relay: Disable (force direct connections) Treat WAN IP As LAN: Add family network subnet (192.168.2.0/24) List of IP addresses and networks that are allowed without auth: 192.168.2.0/24 ``` ### **Family Device Configuration** #### **Plex App Setup on Family Devices** ```bash # Install Plex app on family devices: # - Smart TVs, Apple TV, Roku, Fire TV # - Mobile devices (iOS/Android) # - Computers (Windows/Mac/Linux) # Sign in with Plex account # Server should auto-discover via Tailscale or direct connection # If not found, manually add server: # Server address: atlantis.vish.local:32400 # Or: concord-nuc.vish.local:32400 (if using local proxy) ``` #### **Local Plex Cache on Concord-NUC** ```bash # Set up Plex Media Server on Concord-NUC for caching # This reduces bandwidth usage for frequently watched content # Install Plex on Concord-NUC wget https://downloads.plex.tv/plex-media-server-new/1.40.0.7998-c29d4c0c8/debian/plexmediaserver_1.40.0.7998-c29d4c0c8_amd64.deb sudo dpkg -i plexmediaserver_*.deb # Configure as secondary server with sync # Plex Settings โ†’ Sync # Enable sync for frequently watched content # Sync location: /var/lib/plexmediaserver/sync ``` --- ## ๐Ÿ“ธ Immich Photo Sync Integration ### **Immich Server Configuration** #### **Multi-Site Photo Management** ```bash # On Calypso (primary Immich server) # Configure for external access via Tailscale # Immich Admin Settings # Server Settings โ†’ External domain: https://calypso.vish.local:2283 # Storage Settings โ†’ Upload location: /volume1/immich/upload # User Settings โ†’ Storage quota: Unlimited (for family) # Create family user accounts # Administration โ†’ Users โ†’ Add User Username: family-member-1 Email: family1@vish.local Password: "REDACTED_PASSWORD" strong password] Storage quota: Unlimited ``` #### **Immich Proxy on Concord-NUC** ```bash # Set up Nginx proxy on Concord-NUC for local access optimization sudo apt install nginx # Configure Nginx proxy sudo tee /etc/nginx/sites-available/immich-proxy << 'EOF' server { listen 2283; server_name concord-nuc.vish.local; # Increase upload limits for photos/videos client_max_body_size 2G; proxy_request_buffering off; location / { proxy_pass https://calypso.vish.local:2283; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Optimize for photo uploads proxy_buffering off; proxy_cache off; proxy_read_timeout 300s; proxy_send_timeout 300s; } } EOF sudo ln -s /etc/nginx/sites-available/immich-proxy /etc/nginx/sites-enabled/ sudo systemctl restart nginx ``` ### **Family Device Photo Sync** #### **iOS Immich App Configuration** ```bash # Install Immich mobile app from App Store # Configure connection: Server URL: https://concord-nuc.vish.local:2283 # Or direct: https://calypso.vish.local:2283 # Login with family account credentials # Enable auto-backup: # Settings โ†’ Auto backup # Backup when charging: Enable # Backup on WiFi only: Enable (to respect mobile data) # Background app refresh: Enable # Backup settings: # Include videos: Enable # Backup quality: Original (you have bandwidth) # Backup frequency: Immediate ``` #### **Android Immich App Configuration** ```bash # Install Immich from Google Play Store or F-Droid # Configure similar to iOS: Server URL: https://concord-nuc.vish.local:2283 Auto-backup: Enable WiFi only: Enable Background sync: Enable Quality: Original ``` #### **Desktop Immich CLI Sync** ```bash # Install Immich CLI on family computers npm install -g @immich-app/cli # Configure API key (from Immich web interface) # User Settings โ†’ API Keys โ†’ Create API Key # Set up sync script for family computers cat > ~/sync-photos.sh << 'EOF' #!/bin/bash export IMMICH_INSTANCE_URL="https://concord-nuc.vish.local:2283" export IMMICH_API_KEY=REDACTED_API_KEY # Sync photos from common directories immich upload ~/Pictures/ immich upload ~/Desktop/Photos/ immich upload /Users/Shared/Photos/ # macOS immich upload ~/Documents/Photos/ echo "Photo sync completed: $(date)" EOF chmod +x ~/sync-photos.sh # Schedule regular sync (every 4 hours) crontab -e # Add: 0 */4 * * * /home/user/sync-photos.sh >> /home/user/sync-photos.log 2>&1 ``` --- ## ๐Ÿ’พ Synology Integration ### **Synology Drive for Family** #### **Configure Synology Drive Server** ```bash # On Atlantis (Synology NAS) # Package Center โ†’ Install Synology Drive Server # Synology Drive Admin Console # Enable Synology Drive: โœ… # Enable versioning: โœ… (keep 32 versions) # Enable team folders: โœ… # External access: Enable via Tailscale (atlantis.vish.local:6690) ``` #### **Create Family Shared Folders** ```bash # Control Panel โ†’ Shared Folder โ†’ Create # Family Photos (for Synology Photos) Name: FamilyPhotos Location: /volume1/FamilyPhotos Description: Family photo collection Users: family-member-1, family-member-2 (Read/Write) # Family Documents Name: FamilyDocuments Location: /volume1/FamilyDocuments Description: Shared family documents Users: family-member-1, family-member-2 (Read/Write) # Family Media Name: FamilyMedia Location: /volume1/FamilyMedia Description: Family videos and media Users: family-member-1, family-member-2 (Read/Write) ``` #### **Synology Drive Client Setup** ```bash # Install Synology Drive Client on family devices # Download from: https://www.synology.com/en-us/support/download # Configuration: Server address: https://atlantis.vish.local:6690 Username: family-member-1 Password: "REDACTED_PASSWORD" member password] # Sync settings: Local folder: ~/SynologyDrive Server folder: /FamilyDocuments, /FamilyPhotos Sync mode: Two-way sync Bandwidth limit: 50 Mbps upload (respect family ISP limit) ``` ### **Synology Photos Integration** #### **Configure Synology Photos** ```bash # On Atlantis # Package Center โ†’ Install Synology Photos # Synology Photos Settings # General โ†’ Enable Synology Photos: โœ… # Indexing โ†’ Auto-index shared folders: FamilyPhotos # External access: Enable (via Tailscale) # Face recognition: Enable # Object recognition: Enable ``` #### **Family Device Photo Backup** ```bash # Install Synology Photos mobile app # Configure backup: Server: https://atlantis.vish.local (Synology Photos port) Account: family-member-1 Backup folder: FamilyPhotos/[Device Name] # Backup settings: Auto backup: Enable WiFi only: Enable Original quality: Enable Include videos: Enable Background backup: Enable ``` --- ## ๐Ÿš€ Performance Optimization ### **Bandwidth Management** #### **QoS Configuration on Family Router** ```bash # Configure QoS to prioritize homelab traffic # Router Admin โ†’ Advanced โ†’ QoS # Upload QoS (400 Mbps total) High Priority (200 Mbps): Video calls, VoIP Medium Priority (150 Mbps): Homelab sync, photo uploads Low Priority (50 Mbps): General browsing, updates # Download QoS (2 Gbps total) High Priority (1 Gbps): Streaming, video calls Medium Priority (800 Mbps): Homelab services, file downloads Low Priority (200 Mbps): Background updates ``` #### **Traffic Shaping on Concord-NUC** ```bash # Install traffic control tools sudo apt install iproute2 wondershaper # Create traffic shaping script sudo tee /usr/local/bin/family-qos.sh << 'EOF' #!/bin/bash # Family network traffic shaping # Clear existing rules tc qdisc del dev eth0 root 2>/dev/null # Create root qdisc tc qdisc add dev eth0 root handle 1: htb default 30 # Create classes for different traffic types # Class 1:10 - High priority (streaming, real-time) tc class add dev eth0 parent 1: classid 1:10 htb rate 1000mbit ceil 1500mbit # Class 1:20 - Medium priority (homelab services) tc class add dev eth0 parent 1: classid 1:20 htb rate 400mbit ceil 800mbit # Class 1:30 - Low priority (background) tc class add dev eth0 parent 1: classid 1:30 htb rate 100mbit ceil 200mbit # Add filters for different services # Plex traffic (high priority) tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dport 32400 0xffff flowid 1:10 # Immich uploads (medium priority) tc filter add dev eth0 protocol ip parent 1:0 prio 2 u32 match ip dport 2283 0xffff flowid 1:20 # Synology sync (medium priority) tc filter add dev eth0 protocol ip parent 1:0 prio 2 u32 match ip dport 6690 0xffff flowid 1:20 EOF chmod +x /usr/local/bin/family-qos.sh # Run on startup echo "/usr/local/bin/family-qos.sh" >> /etc/rc.local ``` ### **Caching and CDN** #### **Nginx Caching on Concord-NUC** ```bash # Configure Nginx for caching frequently accessed content sudo tee /etc/nginx/conf.d/cache.conf << 'EOF' # Cache configuration proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=homelab_cache:100m max_size=50g inactive=7d use_temp_path=off; # Cache for Plex thumbnails and metadata location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ { proxy_cache homelab_cache; proxy_cache_valid 200 7d; proxy_cache_valid 404 1m; add_header X-Cache-Status $upstream_cache_status; expires 7d; } # Cache for Immich thumbnails location /api/asset/thumbnail { proxy_cache homelab_cache; proxy_cache_valid 200 30d; proxy_cache_key "$scheme$request_method$host$request_uri"; add_header X-Cache-Status $upstream_cache_status; } EOF # Create cache directory sudo mkdir -p /var/cache/nginx sudo chown www-data:www-data /var/cache/nginx sudo systemctl restart nginx ``` #### **Local DNS Caching** ```bash # Install and configure dnsmasq for local DNS caching sudo apt install dnsmasq # Configure dnsmasq sudo tee /etc/dnsmasq.conf << 'EOF' # Listen on family network interface interface=eth0 bind-interfaces # Cache size and TTL cache-size=10000 local-ttl=300 # Forward to homelab DNS (Pi-hole) via Tailscale server=100.64.0.1 # Atlantis Tailscale IP # Local overrides for performance address=/concord-nuc.vish.local/192.168.2.100 address=/plex.family.local/192.168.2.100 address=/photos.family.local/192.168.2.100 EOF sudo systemctl enable dnsmasq sudo systemctl start dnsmasq ``` --- ## ๐Ÿ“Š Monitoring and Analytics ### **Family Network Monitoring** #### **Grafana Dashboard for Family Network** ```bash # Create family-specific Grafana dashboard # Panels to include: # 1. Bandwidth usage (upload/download) # 2. Plex streaming sessions and quality # 3. Photo sync progress and storage usage # 4. Concord-NUC system resources # 5. Network latency between sites # 6. Service availability (Plex, Immich, Synology) # Add Prometheus monitoring to Concord-NUC # Install node_exporter wget https://github.com/prometheus/node_exporter/releases/latest/download/node_exporter-*linux-amd64.tar.gz tar xvfz node_exporter-*linux-amd64.tar.gz sudo mv node_exporter-*/node_exporter /usr/local/bin/ sudo useradd -rs /bin/false node_exporter # Create systemd service sudo tee /etc/systemd/system/node_exporter.service << 'EOF' [Unit] Description=Node Exporter After=network.target [Service] User=node_exporter Group=node_exporter Type=simple ExecStart=/usr/local/bin/node_exporter [Install] WantedBy=multi-user.target EOF sudo systemctl enable node_exporter sudo systemctl start node_exporter ``` #### **Family Usage Analytics** ```bash # Track family usage patterns # Create InfluxDB database for family metrics # On homelab (Atlantis), add family data collection # Plex usage by family members # Photo upload statistics # Bandwidth utilization patterns # Service response times from family network # Example Telegraf configuration for family metrics cat >> /etc/telegraf/telegraf.conf << 'EOF' # Family network monitoring [[inputs.ping]] urls = ["concord-nuc.vish.local", "192.168.2.1"] count = 3 ping_timeout = 10.0 [[inputs.http_response]] urls = [ "https://concord-nuc.vish.local:2283", # Immich proxy "https://concord-nuc.vish.local:32400", # Plex proxy "https://concord-nuc.vish.local:6690" # Synology proxy ] response_timeout = "10s" method = "GET" [[inputs.net]] interfaces = ["tailscale0", "wg-family"] EOF ``` --- ## ๐Ÿ”’ Security Considerations ### **Network Segmentation** #### **Firewall Rules on Concord-NUC** ```bash # Configure UFW for family network security sudo ufw enable # Allow family network access to homelab services sudo ufw allow from 192.168.2.0/24 to any port 32400 # Plex sudo ufw allow from 192.168.2.0/24 to any port 2283 # Immich sudo ufw allow from 192.168.2.0/24 to any port 6690 # Synology # Allow Tailscale traffic sudo ufw allow in on tailscale0 sudo ufw allow out on tailscale0 # Block direct access to homelab management sudo ufw deny from 192.168.2.0/24 to any port 22 # SSH sudo ufw deny from 192.168.2.0/24 to any port 3000 # Grafana sudo ufw deny from 192.168.2.0/24 to any port 9090 # Prometheus # Log denied connections sudo ufw logging on ``` #### **Access Control Lists** ```bash # Configure Tailscale ACLs for family access # Tailscale Admin โ†’ Access Controls { "groups": { "group:family": ["family-member-1@domain.com", "family-member-2@domain.com"], "group:admin": ["admin@domain.com"] }, "acls": [ // Family members - limited access to media services { "action": "accept", "src": ["group:family"], "dst": [ "atlantis.vish.local:32400", // Plex "calypso.vish.local:2283", // Immich "atlantis.vish.local:6690", // Synology Drive "concord-nuc.vish.local:*" // Local proxy services ] }, // Admin - full access { "action": "accept", "src": ["group:admin"], "dst": ["*:*"] } ] } ``` ### **Data Privacy and Backup** #### **Family Data Backup Strategy** ```bash # Automated backup of family data from Concord-NUC to homelab # Create backup script cat > /usr/local/bin/family-backup.sh << 'EOF' #!/bin/bash # Family data backup to homelab BACKUP_DATE=$(date +%Y%m%d) BACKUP_LOG="/var/log/family-backup.log" log() { echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$BACKUP_LOG" } # Backup family photos to Atlantis log "Starting family photo backup" rsync -avz --progress /var/lib/immich/upload/ \ atlantis.vish.local:/volume1/backups/family/photos/ \ >> "$BACKUP_LOG" 2>&1 # Backup Synology Drive sync data log "Starting Synology Drive backup" rsync -avz --progress /home/*/SynologyDrive/ \ atlantis.vish.local:/volume1/backups/family/documents/ \ >> "$BACKUP_LOG" 2>&1 # Backup Plex cache/metadata log "Starting Plex cache backup" rsync -avz --progress /var/lib/plexmediaserver/ \ atlantis.vish.local:/volume1/backups/family/plex-cache/ \ >> "$BACKUP_LOG" 2>&1 log "Family backup completed" EOF chmod +x /usr/local/bin/family-backup.sh # Schedule daily backups at 2 AM echo "0 2 * * * /usr/local/bin/family-backup.sh" | crontab - ``` --- ## ๐Ÿ“ฑ Family Mobile Device Setup ### **Simplified Mobile Configuration** #### **Family iOS/Android Setup** ```bash # Install essential apps on family devices: # Core Apps: - Plex (media streaming) - Immich (photo backup) - Synology Drive (file sync) - Synology Photos (photo management) # Optional Apps: - Tailscale (for advanced users) - Home Assistant (if using smart home) - Grafana (for tech-savvy family members) # Configure apps to use Concord-NUC as proxy: Plex Server: concord-nuc.vish.local:32400 Immich Server: concord-nuc.vish.local:2283 Synology: concord-nuc.vish.local:6690 ``` #### **Family Network WiFi Optimization** ```bash # Configure family router for optimal streaming # WiFi Settings: Channel Width: 160 MHz (5 GHz) QAM: 1024-QAM (if supported) Band Steering: Enable Airtime Fairness: Enable Beamforming: Enable # Device Priority: High Priority: Streaming devices (Apple TV, Roku, etc.) Medium Priority: Mobile devices Low Priority: IoT devices, smart home ``` --- ## ๐Ÿ“‹ Family Integration Checklist ### **Initial Setup** ```bash โ˜ Configure Concord-NUC as Tailscale subnet router โ˜ Set up site-to-site VPN between networks โ˜ Configure family router static routes โ˜ Install and configure Plex proxy on Concord-NUC โ˜ Set up Immich proxy and photo sync โ˜ Configure Synology Drive for family access โ˜ Implement QoS and traffic shaping โ˜ Set up local DNS caching โ˜ Configure monitoring and analytics โ˜ Test all services from family network ``` ### **Family Device Setup** ```bash โ˜ Install Plex app on all family streaming devices โ˜ Configure Immich mobile apps for photo backup โ˜ Set up Synology Drive clients on family computers โ˜ Install Synology Photos apps for photo management โ˜ Configure WiFi optimization on family router โ˜ Test streaming quality and performance โ˜ Set up parental controls if needed โ˜ Create user accounts for all family members โ˜ Document access credentials securely โ˜ Train family members on app usage ``` ### **Security and Maintenance** ```bash โ˜ Configure firewall rules on Concord-NUC โ˜ Set up Tailscale ACLs for family access โ˜ Implement automated backup procedures โ˜ Configure monitoring alerts โ˜ Set up bandwidth monitoring โ˜ Create maintenance schedule โ˜ Document troubleshooting procedures โ˜ Test disaster recovery procedures โ˜ Regular security audits โ˜ Update documentation as needed ``` --- ## ๐Ÿ”— Related Documentation - [Tailscale Setup Guide](tailscale-setup-guide.md) - VPN infrastructure setup - [Mobile Device Setup](mobile-device-setup.md) - Family mobile device configuration - [Ubiquiti Enterprise Setup](ubiquiti-enterprise-setup.md) - Advanced networking options - [Individual Service Docs](../services/individual/README.md) - Plex, Immich, Synology configuration - [Security Model](security.md) - Security considerations for family access --- **๐Ÿ’ก Pro Tip**: Start with Plex streaming to test the connection, then gradually add photo sync and file sharing. Monitor bandwidth usage closely during the first few weeks to optimize QoS settings for your family's usage patterns!