Z2 Mini Server Documentation¶
Personal documentation for the self-hosted infrastructure running on the HP Z2 Mini G5.
Last updated: May 2026 (Vaultwarden iCloud Passwords migration complete — ~400 logins imported from Gabriel's MacBook, Bitwarden set as the iOS primary password manager, iCloud Passwords AutoFill off. Earlier: Caddy reverse proxy added — single HTTPS ingress; every web service now lives at https://<service>.z2mini.gabrielgabrie.com with an auto-renewing Let's Encrypt cert; DNS for gabrielgabrie.com moved to Cloudflare; all app containers re-bound to 127.0.0.1; the old per-service tailscale serve listeners retired. Vaultwarden self-hosted password manager; Radicale CalDAV/CardDAV calendar + contacts; Immich photo storage + iCloud → Immich migration complete — 29,331 assets / ~470 GB; GPU acceleration on the Quadro T2000; iCloud subscription downgraded 2 TB → 200 GB)
Quick reference¶
| I want to... | See doc |
|---|---|
| Connect to the server | 01-connecting.md |
| Set up a fresh Ubuntu install | 02-os-install.md |
| Configure or troubleshoot Tailscale | 03-tailscale.md |
| Configure or troubleshoot Samba | 04-samba.md |
| Understand the backup system | 05-backups.md |
| Configure drive health monitoring | 06-drive-monitoring.md |
| Configure email alerts | 07-email-relay.md |
| Recover from a disaster | 08-recovery.md |
| Routine maintenance | 09-maintenance.md |
| Reference: paths, ports, services | 10-system-reference.md |
| Set up or operate Immich photo storage | 11-immich.md |
| Migrate an iCloud Photos library to Immich | 11-immich.md#migrating-an-icloud-photos-library |
| Operate the Homepage launcher dashboard | 13-homepage.md |
| Operate the Beszel metrics dashboard / configure alerts | 14-beszel.md |
| Operate the Radicale calendar / contacts server | 15-radicale.md |
| Operate Vaultwarden / manage passwords + 2FA + passkeys | 16-vaultwarden.md |
| Operate the Caddy reverse proxy / add a service behind it | 17-caddy.md |
What's running on this server¶
- Ubuntu Server 24.04 LTS — the operating system
- Tailscale — encrypted private network for remote access
- Samba — file sharing for Windows, macOS, iOS
- smartd — drive health monitoring with email alerts
- msmtp — outbound email relay (used by smartd)
- rsync + cron — daily versioned backups
- Caddy — single HTTPS reverse-proxy ingress; every web service below is reachable at
https://<service>.z2mini.gabrielgabrie.comwith an auto-renewing Let's Encrypt cert (ACME DNS-01 via Cloudflare). Locally built (caddy +caddy-dns/cloudflare),network_mode: host, Tailscale-only. See 17-caddy.md. - Immich — self-hosted photo and video library replacing iCloud Photos (Docker Compose stack,
127.0.0.1:2283behind Caddy →immich.z2mini.gabrielgabrie.com) - icloudpd + immich-go — one-shot tools for migrating an existing iCloud library into Immich
- Navidrome — self-hosted music streaming with Subsonic-API client support (Docker,
127.0.0.1:4533→navidrome.z2mini.gabrielgabrie.com) - Homepage — single-page launcher dashboard; tiles for Immich, Navidrome, Radicale, Vaultwarden, Tailscale (live widgets for the ones with an API) (Docker,
127.0.0.1:3000→home.z2mini.gabrielgabrie.com) - Beszel — system-metrics dashboard with CPU/RAM/disk/network/per-container graphs and email alerting (Docker, hub+agent,
127.0.0.1:8090→beszel.z2mini.gabrielgabrie.com) - Radicale — self-hosted CalDAV/CardDAV server, calendars and contacts stored as
.ics/.vcffiles (Docker,127.0.0.1:5232→radicale.z2mini.gabrielgabrie.com) - Vaultwarden — self-hosted Bitwarden-compatible password manager, accessed with official Bitwarden clients (Docker,
127.0.0.1:8080→vault.z2mini.gabrielgabrie.com;DOMAIN=https://vault.z2mini.gabrielgabrie.com)
Common tasks (one-liners)¶
# Connect
ssh gabriel@z2mini
# Manual backup
~/scripts/backup-files.sh
# Check backup log
tail -50 /mnt/backup/backup.log
# Check disk space
df -h
# Drive health
sudo smartctl -a /dev/nvme0n1
# Service status
sudo systemctl status smbd tailscaled smartd
# Immich stack status
cd /data/docker/immich && docker compose ps
# Homepage stack status
cd /data/docker/homepage && docker compose ps
# Beszel stack status
cd /data/docker/beszel && docker compose ps
# Radicale stack status
cd /data/docker/radicale && docker compose ps
# Vaultwarden stack status
cd /data/docker/vaultwarden && docker compose ps
# Caddy stack status / reload after a Caddyfile edit
cd /data/docker/caddy && docker compose ps
docker compose -f /data/docker/caddy/docker-compose.yml exec caddy caddy reload --config /etc/caddy/Caddyfile
# System updates
sudo apt update && sudo apt upgrade -y
Conventions used in these docs¶
code blocks— commands to run or filenames- Bold — important warnings or key concepts
- Commands prefixed with
sudorequire root privileges - Commands without
sudorun as thegabrieluser
When you see a path like /etc/samba/smb.conf, that's a file on the Z2 itself (not your laptop). When you see \\z2mini\files, that's a network share path used from a Windows laptop.