In the Proxmox web UI:
- Download the Ubuntu 24.04 container template (local storage → CT Templates → Templates)
- Create CT with these settings:
- Unprivileged container: Yes
- Nesting: Enable (required for Docker)
- Cores: 10–12
- Memory: 12288–14336 MB
- Swap: 512 MB
- Disk: Size to match your SSD/NVMe (e.g., 500 GB)
- Network: DHCP or static IP on your LAN bridge (e.g.,
vmbr0)
- Enable TUN/TAP (needed for Tailscale)
After creating the container, edit its config on the Proxmox host. Replace <CTID> with your container ID:
nano /etc/pve/lxc/<CTID>.confAdd these lines for Plex and Immich hardware transcoding:
lxc.cgroup2.devices.allow: c 226:* rwm
lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir
These should already be set from the creation wizard, but confirm:
features: keyctl=1,nesting=1
Start the container and SSH in (or use the Proxmox console):
ssh root@<LXC_IP>apt update && apt upgrade -y
apt install -y htop curl git vim nfs-common
timedatectl set-timezone Europe/StockholmCreate a non-root user:
adduser gabriel
usermod -aG sudo gabriel
su - gabrielFollow the official guide: https://docs.docker.com/engine/install/ubuntu/
Then:
sudo systemctl enable docker
sudo systemctl start docker
sudo usermod -aG docker $USERLog out and back in for the group change to take effect.
To allow Docker containers to use Intel Quick Sync, add your user to the render and video groups:
sudo usermod -aG render,video $USERVerify the device is visible inside the LXC:
ls -la /dev/dri/You should see card0 and renderD128.
sudo mkdir -p /srv/docker
sudo chown $USER:$USER /srv/docker
cd /srv/docker
git clone https://github.com/spacecakes/home-micro-services .Before starting any stacks, restore persistent data from the NAS. This avoids starting services with empty data directories:
cd /srv/docker
sudo ./scripts/restore.shThe script mounts the NAS NFS share temporarily, rsyncs all data, and cleans up the mount when done.
Each stack that needs secrets has a .env.example. Copy and fill them in:
cd /srv/docker
cp stack-infra/.env.example stack-infra/.env
cp stack-plex/.env.example stack-plex/.env
cp stack-immich/.env.example stack-immich/.env
# ... etc for any stack with an .env.exampleEdit each .env and fill in the required values (see CLAUDE.md for key variables per stack).
Create the shared Traefik network first:
docker network create traefik-proxyThen start stacks in order:
# 1. Core infrastructure (Traefik, Homepage, etc.)
cd /srv/docker/stack-infra && docker compose up -d
# 2. Authentication (Authelia + Redis)
cd /srv/docker/stack-auth && docker compose up -d
# 3. Everything else (order doesn't matter)
cd /srv/docker/stack-ops && docker compose up -d
cd /srv/docker/stack-arr && docker compose up -d
cd /srv/docker/stack-plex && docker compose up -d
cd /srv/docker/stack-home && docker compose up -d
cd /srv/docker/stack-immich && docker compose up -dBuild custom images on first setup:
cd /srv/docker/stack-ops && docker compose up -d --build apcupsd ops-toolboxUbuntu 24.04 LXC containers typically don't run systemd-resolved, so port 53 should already be free. Verify:
ss -tlnp | grep :53If something is listening, follow: https://adguard-dns.io/kb/adguard-home/faq/#bindinuse
TUN/TAP was enabled during LXC creation. Install Tailscale directly in the LXC:
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale upstack-nasis versioned here but runs on the Synology NAS (10.0.1.2), not in this LXC.- NFS mounts are handled by Docker's NFS volume driver — no fstab entries needed. Just ensure
nfs-commonis installed (step 3). - Automatic updates (optional):
sudo apt install unattended-upgrades