Smart home · Network · Local AI · Build logs
A reference archive of how an over-engineered, fully local-first smart home actually goes together — Home Assistant on bare metal, Ollama running camera analysis on a Mac Mini, Reolink PoE cameras, the whole UniFi network rebuild. No cloud lock-in, no monthly subscriptions, nothing leaves the house. Take what's useful, ignore the rest.
The flagship setups — most novel, most useful to copy, most worth deep documentation. Detailed writeups in progress; the cards below are the architectures and what they do.
The most relatable view — pick the room you want to fix and see what runs there. Each zone gets its own writeup over time covering devices, automations, and what failed before what worked.
Discrete projects with clear before/after states — easier to copy than zone walks because each one has a defined scope and a working end state. Mix of finished, in-progress, and deferred.
.home domains over Tailscale from anywhere with one config.If you're starting from zero, this is the order I wish someone had given me. Get the foundation right and everything above it works; get it wrong and you'll be debugging the wrong layer for years.
The single biggest mistake I see is skipping the network layer. ISP-supplied routers (Verizon CR1000A, Xfinity gateways, ATT BGW210s) are designed to be replaced — they cannot do real VLAN isolation, they have terrible Wi-Fi, and their firmware updates wipe your settings. The right stack: bypass the ISP gateway entirely if your service supports it, run a real router (UniFi, OPNsense, or pfSense), and put your IoT devices on a separate VLAN so a compromised lightbulb can't see your laptop.
Home Assistant is the brain. Bare metal beats VMs beats containers — closer to the metal means fewer surprises. A Pi is fine to start; outgrow it once you're past about 50 devices. An old laptop or NUC is the practical sweet spot. A Mac Mini works if you also want to run Docker for media + AI alongside. Eventually you'll want a Linux box in a rack; that's the endgame, not the starting line.
Pick your wireless protocols deliberately. Zigbee for cheap, batteried sensors and bulbs. Z-Wave for switches and locks where range matters more than bandwidth. Matter for new devices that should “just work” with HomeKit and Google Home too. Thread for low-power IPv6 mesh. Wi-Fi only for devices that genuinely need bandwidth (cameras). Avoid clouds-only protocols — if it requires the manufacturer's app, it'll be bricked in 5 years.
Some manufacturers respect local control; most don't. Lutron Caséta for switches and dimmers — bulletproof, decade-old, perfect HA integration. Philips Hue for color lighting. Aqara M1S hubs for cheap Zigbee sensors and Matter bridging. Reolink for cameras (PoE only — never Wi-Fi cameras). SwitchBot for retrofitting dumb things. Avoid: Wyze, anything that demands cloud-only auth, anything from a vendor whose app is its only interface.
This is the newest layer and the one that changed my house most. Ollama on Apple Silicon (or any modern GPU) runs vision models like llava:7b fast enough that every camera trigger can be described in plain English before it hits your phone. Frigate handles object detection. Whisper handles voice. Piper does TTS. None of it touches OpenAI, none of it costs a subscription. The hardware investment pays back in months.
This is the layer most people skip and most regret. Nightly Home Assistant backups to a real off-site target (not just the local SD card). Docker volume backups via Restic + rclone. Uptime Kuma watching every service with Telegram alerts. Beszel for resource monitoring. Vaultwarden so you actually save the credentials when you set things up. The first time you have a failed SD card, this layer is what makes you cry vs. shrug.
Don't open ports. Don't use cloud relays from your hub vendor. Tailscale (or Headscale, or WireGuard) gives you encrypted access to your network from any device, anywhere, with zero exposed ports. Pair it with a reverse proxy (NPM, Caddy, Traefik) and split DNS so ha.home resolves the same on your phone as it does on your laptop. The day you set this up correctly is the day “is the home network on the public internet?” becomes a non-question.