Projects

Home Security & Automation System

A self-hosted, privacy-first security stack built on consumer hardware. Cloud used only for offsite backup. Covers surveillance, AI-powered person detection, redundant storage, network-wide threat blocking, secure remote access, and active threat monitoring.

Raspberry Pi NAS Pi-hole Coral TPU Frigate DDNS Nginx Linux Docker

Camera System & NAS Storage

Four Raspberry Pi Zero 2 W units, each fitted with a camera module and weatherproof enclosure, stream continuous footage to a NAS with a RAM upgrade for improved throughput. Motion events are immediately uploaded onto an offsite backup for redundancy. For offsite camera storage backup I went with Synology C2 Storage because it had plans specifically for unlimited camera motion events which were quite affordable (under $50 a year).

Pi Zero 2 W with camera module inside weatherproof enclosure Synology NAS, Raspberry Pi stack, Coral TPU, and network switch

AI Person Detection

A Google Coral USB TPU accelerates on-device inference for real-time person detection via Frigate NVR, keeping all video processing local with zero cloud dependency. Events are relayed to the Surveillance and home automation software to mark person detections on the timeline, trigger a local network chime, and send mobile notifcations.

Google Coral USB TPU accelerator Frigate NVR dashboard showing live camera feeds

Network-wide Ad & Threat Blocking

Pi-hole runs as the local DNS server for the entire network, blocking ads, trackers, and known malicious domains at the DNS layer before any device makes a connection. Paired with curated blocklists and a custom allowlist, it covers every device on the LAN without per-device configuration. Hosted on a rasperry pi zero 2 W with a Ethernet HAT for minimal DNS delay.

Pi-hole dashboard showing 167,843 total queries with 5% blocked

Remote Access via DDNS & Reverse Proxy

Using a DDNS server, reverse proxy https, and authenticated logins; the NAS exposes the camera dashboard and home automation interface publicly, securely exposing them over the internet without opening raw ports to internal services.

Honeypot & Passive Packet Monitoring

A dedicated Raspberry Pi 4 runs both a honeypot server to detect and log unauthorized access attempts and a passive packet monitoring daemon that taps all wired network equipment through port mirroring, surfacing anomalous traffic patterns and lateral movement attempts before they reach production devices. Pairs with Pi-hole DNS logs for a unified threat picture. Alerts are sent via a local MQTT server and logged in Home Assistant where an automation sends it as a mobile notifications to my phone.

Daily Backups

Home Assistant is configured to use a MariaDB SQL database to allow easy backups. This database along with all NAS and docker container configurations (and some selected logs) are backed up daily onto a local external SSD and offsite S3 object storage. For offsite backups, since my backup size was small, I was able to go with the free tier of BackBlaze B2 Storage.