My goal is to keep my home automation as local as possible. I have a few rules:

1. Everything has a manual override. If we lose internet, everything should still function as much as possible. This means occasionally purchasing extra hardware that seems silly - until all my stuff still works when we lose power/internet.
2. Nothing is network-enabled that can grant access to my home or burn it down.
3. Ideally, everything can be managed via Home Assistant.
4. Everything should be local wherever possible, i.e. no internet access required for functionality.
5. Avoid shipping any data or network access to any external company.
6. Z-Wave over Zigbee. (This isn’t really a rule anymore, as I have receivers for both. I like the idea of Z-Wave better but it seems Zigbee is much more popular and less expensive. I do a bit of Matter too.)

As always, rules are made to be broken, and this is aspirational where viable alternatives simply don’t exist.

Everything operates via Home Assistant, using Neon and OpenVoice OS (OVOS) as my smart assistants. These two products took over for Mycroft when it went out of business.

Built-in Alexa or Google Home is a dealbreaker for me on smart hardware.

Smart Power Strips

TP-Link Kasa HS300 Used this script to set up local internet, connecting to the strip’s local wifi and executing:

power_strip = SmartPowerStrip("192.168.0.1")
power_strip.set_wifi_credentials("MYSSID", "MYPASSWORD", "3")

Blocked tplinkcloud.com via my local DNS to prevent the power strip from reporting home or receiving updates. Eventually I’d like to flash the firmware altogether but that’s going to be more work since they aren’t using standard chips.

Smart Plugs

• Sonoff S31 plugs flashed with Tasmota.

Setup:

• Ideal article for hardware portion but the web flashing utility for Tasmota is insecure in most browsers.
• How I actually flashed them
• Great explanation of using a graphical utility to flash it, plus setting up Home Assistant and MQTT if you don’t already have it set up

Smart Doorbell

• Amcrest 1080P Video Doorbell Camera Pro Didn’t activate the free cloud storage. Set up Surveillance Center on my Synology NAS and access it directly there via Home Assistant.

Eventually I want to block the doorbell’s outbound access. I’ve also set up better alerting with Home Assistant, Node-Red, and Telegram.

Outdoor Camera

• Arlo Essential Outdoor Camera with built-in siren, which came free from my ISP. Integrated into Home Assistant via the aarlo custom component so I’m not dependent on the Arlo cloud for state.

HVAC

• Ecobee3 Lite Smart Thermostat, 2nd Gen
• Ecobee SmartSensors

Downstairs Lights

• Inovelli Red Z-Wave Switches
• UltraPro Z-Wave Switches

Home Lights

• Martin Jerry Tasmota Switches
  • I love these things - great price, they come with Tasmota installed by default, easy to hook up, can’t beat it! My only complaint is that they don’t have a slim version so I can’t fit two in a two-gang box, but their support said that should be on the way.
• Adaptive Lighting integration in Home Assistant — automatically shifts color temperature and brightness across the day to match circadian rhythms. It makes the house feel right at every hour.

Home Entertainment

• Logitech Harmony Hub
• Plex running on the Synology, connected to my local media files.
• Apple TV 4k

Cleaning

• iRobot Roomba 675

Core Services

• Synology DS920+ — bulk storage, media, and a few stateful services that haven’t moved to Kubernetes yet.
• Home Assistant running Home Assistant OS on an x86 Mini-PC. Also hosts AdGuard Home as my LAN-wide DNS with malware blocklists (Hagezi TIF, AdGuard DNS filter, AdAway) and rewrites for internal services.
• Zooz 700 Series Z-Wave Plus S2 USB Stick
• Home Assistant SkyConnect for Zigbee and Matter-over-Thread support.
• Google Home Mini / Nest Mini in each room, with microphones physically switched off. I use them as Home Assistant media_player sources via AirPlay for whole-house TTS announcements. Inexpensive, reasonable quality, and the only commercial smart speaker I could find with a hardware mic switch.
  • One day I’ll replace these entirely with OVOS/Neon devices, but for now they’re a good stopgap.
• Gaming laptop with an NVIDIA 3090 GPU, running Windows 11. Used for gaming, plus local LLMs and ML experimentation.
• Node-RED for visual automations in Home Assistant.
• Ubiquiti UniFi access points for WiFi, with VLAN segmentation in progress for IoT isolation. Migrated off Google Wifi — bandwidth was the bottleneck and proper VLANs were the long-term need.
• A Raspberry Pi 3B+ print server running Ubuntu lite, exposing the printer via CUPS / AirPrint for the household’s Apple devices.
• Bambu Labs P1S 3D Printer — an upgrade from the small one a friend gifted me. I love this thing.
• Twingate for private remote access. Two redundant connectors in the cluster. Access to internal services is per-Resource via group membership rather than full network access. Resource and group config is managed in Terraform against a self-hosted state backend, so adding a new internal service is a one-line config change.

Outdoors

I’m using the following setup for permanent ridgeline LED lighting on the front of my house:

• Pro Pixel Trim with Lights Pre-Installed. When I bought these, they had an “HD” 10 pixels per meter option, so I have a lot of light density. It doesn’t look like they still offer that. I’m using xConnect pigtails.
• Ready-to-Run LEDeez from wantmoore.tech. I was asking this gentleman a lot of questions in the Digiblur Discord and he shared this offering. As close to plug and play as you can get with these kinds of custom setups, and well worth a little extra cost to avoid the hassle of discovering all the little details you missed and need to order after the fact.
• WLED to control everything. Tons of presets, easy to set up, and it’s open source. Easily managed by Home Assistant or by the WLED web interface.

Triggers

• NFC215 Coins for triggering automations via my phone.

Voice Assistants

• 3 Mycroft Mark IIs running Neon
• 2 Mycroft Mark Is running OVOS, thanks to a generous trade from a Mycroft investor and a bounty from Neon.AI

Personal. Private. Open source. I love these things. I have one in my office, one in the living room, and one in the bedroom. I use them for everything from setting timers to playing music to controlling my lights.

I helped Neon create their Neon Hub, which functions as a centralized Voice Assistant/AI server. Using Neon Iris to connect to Diana, it makes Neon available anywhere - laptops, tablets, phones, etc - by the use of the browser web satellite. Iris can also be used as a lightweight headless voice system to run on low-powered hardware. I’ve also been experimenting with different versions of the Neon Node to enable lightweight cross-platform voice assistants - more on this soon!

Home Kubernetes Cluster

A four-node k3s cluster in embedded etcd HA mode runs the bulk of my homelab. I migrated to k3s from MicroK8s after a dqlite corruption incident left me unable to recover any nodes — a hard lesson in picking the right control plane for “real” homelab use.

Everything in the cluster is declared in Forgejo (a Gitea fork) and reconciled by ArgoCD using the App-of-Apps pattern. Direct cluster edits get reverted; the only way to change state is via a git commit. This sounds heavy but it’s saved me from “what did I do six months ago?” mysteries more than once.

Networking

• Istio in ambient mode — no sidecars, mesh-wide STRICT mTLS, single wildcard cert managed by cert-manager via DNS-01.
• MetalLB in L2 mode for bare-metal LoadBalancer services, letting the ingress gateway sit behind a stable VIP that fails over via ARP if a node goes down.
• AdGuard handles DNS-based service discovery for internal hostnames; CoreDNS in the cluster forwards local-domain queries to it so workloads resolve internal names without leaving the LAN.

Observability

• VictoriaMetrics for metrics (Prometheus-compatible, better for homelab-scale storage)
• Loki + Alloy for logs (with annotation-based per-pod log-level filtering to keep ingest sane)
• Grafana for dashboards and alerts
• Blackbox exporter for synthetic monitoring
• Tempo was here for a while but I pulled it out — wasn’t getting enough value from traces to justify the complexity

Security

• Falco for runtime threat detection
• Grype on a CronJob for image vulnerability scans across all running pods
• SOPS + age for secrets-in-git encryption
• STRICT mTLS across the mesh means even an attacker on a compromised pod can’t talk to other services without a valid SPIFFE identity

Storage

• MinIO for S3-compatible object storage (Loki chunks, Terraform state, etc.)
• NFS to the Synology for stateful workloads that need RWX

Apps

The actual stuff I use it for changes constantly, but the steady-state list:

• Voice / AI: OVOS skills, HiveMind Listener, multiple TTS engines (Piper, Kokoro, Supertonic, and Pocket-TTS) chosen per voice/use case, two STT options (FasterWhisper and onnx-asr running NVIDIA’s NeMo Parakeet CTC 0.6B, int8 quantized) for different latency/accuracy tradeoffs, Ollama, Open WebUI, Burr for building stateful LLM agent workflows
• Knowledge: Kiwix with offline Wikipedia and other archives, Engram memory store, Graphiti + Neo4j for temporal knowledge graphs
• Dev infrastructure: Forgejo, private container registry + Trivy/Grype-based scanning, Semaphore as my Ansible runner UI, n8n for workflow automation, Arize Phoenix for LLM observability
• Media/utility: Calibre Web Automated, Foundry VTT, NTFY, Apprise
• A handful of small custom services I’ve written for the family

Adding a new service is a Helm chart or a few YAML files, a commit, and ArgoCD does the rest.

Upcoming

• Smart bulbs throughout the house for ambiance, adaptive lighting scenes, and fun (parties, holidays, etc.) — the switches handle the practical case, the bulbs are for everything else.
• Motion sensors
• Software-Defined Radio set up on one of the Pis (right now, it’s plugged into the print server, but not doing anything)