> ## Documentation Index
> Fetch the complete documentation index at: https://docs.jacobpevans.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Self-hosted Netflix & personal backup

> A self-hosted media library plus the personal-backup services that ride the same footprint — Immich for photos, Time Machine for Macs — on dedicated VLANs of the homelab cluster.

The homelab runs a self-hosted Netflix: a media library served from LXCs on a dedicated VLAN, managed by Ansible, provisioned by `tofu-proxmox`. The VLAN is defined in `tofu-unifi` alongside every other service tier, and follows the same per-service segmentation pattern.

## Container choice

LXC, not Docker — consistent with the [LXC vs Docker](/infrastructure/lxc-vs-docker) decision tree. Native packages where they exist; Ansible manages config.

## Storage layout

The whole stack shares **one ZFS dataset** bind-mounted at `/data` into every container — the [single-filesystem hardlink layout](/infrastructure/media-storage-hardlinks). Downloads and the library are subtrees of the same filesystem, so imports are atomic hardlinks, seeding costs zero extra disk, and one quota bounds the whole footprint.

## Personal backup on the same footprint

The same self-hosted footprint replaces two cloud subscriptions with services that keep the data at home:

* **Immich** — a self-hosted photo and video library, the iCloud Photos alternative. Phones and Macs back up automatically to it. It's the one workload here that runs Docker-in-LXC (an official multi-container stack), with the photo library living on a ZFS dataset bind-mounted into the container.
* **Time Machine** — the Macs back up to an SMB share on the homelab NAS, presented as a native Time Machine target (Samba's `vfs_fruit` advertises it as an Apple Time Capsule). The same NAS serves read-only media shares for Infuse on Apple TV.

These are backup *targets*, and they are themselves protected: their datasets ride the [ZFS snapshot + replication layers](/infrastructure/zfs-backup-replication) like everything else — a backup that isn't backed up is a single point of failure.

## Related

<CardGroup cols={2}>
  <Card title="Media storage hardlinks" icon="link" href="/infrastructure/media-storage-hardlinks">
    The single-filesystem layout under the stack.
  </Card>

  <Card title="LXC vs Docker" icon="boxes-stacked" href="/infrastructure/lxc-vs-docker">
    Why the decision tree lands on LXC for this stack.
  </Card>

  <Card title="UniFi networking" icon="network-wired" href="/infrastructure/repos/tofu-unifi">
    Where the media VLAN itself is defined.
  </Card>

  <Card title="Homelab" icon="house" href="/about/homelab">
    What the full cluster looks like.
  </Card>
</CardGroup>