Illustration of a small server with radiating network connections on a dark grid background

A year with my Intel N100 home server: what changed

It's been a year since I built my Intel N100 home server, and a few things have happened since I wrote that post. Some of what I set up is still humming along untouched. Some of it I quietly tore out. And some of what I added wasn't on the original plan at all.

This is the honest "what I'd actually do differently" follow-up.

The boring infrastructure won

The most useful thing I can report is how little I've thought about this server. It's been up for 50+ days at a stretch between reboots - most recently for kernel updates, not because anything broke. Total downtime in a year has been under an hour, all of it self-inflicted.

The services I set up first are still the ones earning their keep:

  • AdGuard Home is invisible until I open the dashboard. The kids' devices, our laptops, the smart TV - they all quietly stop talking to ad and tracker domains, and nobody in the household notices except when I show off the daily query log.
  • WireGuard for the kids' devices does what I built it to do. They get filtered DNS at school, at friends' houses, on mobile data. I have not had to debug it once.
  • Time Machine over SMB has been completely reliable. Three Macs, no failed backups, no sparsebundle corruption.

That alone makes the £250 build worth it for me.

What I removed: Unbound

The biggest change to the original design was disabling Unbound.

The premise was great: AdGuard handles filtering, Unbound handles recursive resolution from the root servers down, no single upstream provider sees my full browsing history. Privacy through distribution.

In practice, the latency was a problem. Popular domains were fine - they cache locally and return instantly. But for the long tail of less-popular domains, recursive resolution means walking the DNS tree on demand, and each hop is a real network round-trip from a UK home connection to wherever the next nameserver lives. By the time you've gone root → TLD → authoritative → CDN → CNAME chain, you've spent enough milliseconds for a person to notice. Pages felt sluggish to load, and family members were the canary.

Switching AdGuard to forward directly to a single fast public resolver fixed it instantly. I lost the "no third party sees my queries" property, but I kept the filtering and gained the snap-back responsiveness people actually feel.

The lesson I'd pass on: measure DNS perceived latency from someone who doesn't know how DNS works, not from yourself looking at dig output. Your tolerance is much higher than theirs.

What I added: Tailscale

The unplanned addition that changed the most was Tailscale.

Originally I thought WireGuard could do remote access for me too - just spin up a personal config and tunnel home when I need to manage the server. Technically true. In practice, Tailscale's mesh VPN with magic DNS is so much more pleasant for "just let me reach my server from anywhere" that I never bothered.

Now the n100 lives at a fixed *.ts.net name regardless of where I am. I can SSH from a coffee shop without configuring anything. There's zero port forwarding on the router for my own access - Tailscale handles NAT traversal. SSH itself isn't exposed to the public internet at all.

I still keep WireGuard for the kids' devices because that's a single-purpose dependency I want to fully own. But for me, Tailscale won.

What else found its way onto the box

Three things I didn't plan for ended up earning their place:

AirConnect turns Chromecast and UPnP speakers into AirPlay targets. We had a couple of speakers that aren't Apple-aware, and the alternative was buying new hardware or waving phones at the wrong device for ten minutes. AirConnect runs as two systemd services. Worth it. The Google Home speakers we have are sometimes slow and drop out intermittently though, so I might not have perfectly cracked this yet.

Netdata gave me a real-time monitoring dashboard at http://n100-home:19999/. I won't pretend I check it daily - but every time I have checked it, it's earned its place. When I wondered whether Time Machine backups were CPU-bound, the answer was right there in a chart. When I worried about thermal throttling on the passively-cooled N100, the temperature traces said no. The investment in installing it is small; the times you need it, you really need it.

Fail2ban is the kind of thing you put on and forget. SSH isn't exposed to the public internet anyway (Tailscale-only), but Fail2ban means even on my own LAN there's a hard limit on bad-credential noise. Belt and braces.

What I'd change about the build

Going back to the hardware, my original post said I'd go SSD-only if I were rebuilding. I'd take that back.

The 2.5" HDD has absorbed something like 1.3 TB of Time Machine writes over the year. Putting that on an SSD would have eaten into its endurance for no real benefit - Time Machine's bottleneck is the network, not the disk. The split between fast NVMe for the OS and a slow spinning disk for backups has been quietly correct.

The other thing I overthought before the build was HDD noise. I went down a rabbit hole comparing "quiet" enterprise drives, almost talked myself into going SSD-only just to dodge the question, and even called the HDD the noisiest part of the system in the original post. In practice, a one-line hdparm -S 120 /dev/sda (run as a tiny systemd unit at boot) puts the drive into standby after ten minutes of idle, and since Time Machine is the only thing using it, I genuinely can't hear it from the same room. The compromise that wasn't.

The one mild regret on the build is disk size. The boot NVMe is 500 GB and is barely 5% used. I could have got away with 256 GB and saved a few quid. The Time Machine HDD, on the other hand, is now 73% full at 1.3 TB / 1.8 TB. I've capped Time Machine at 1.5 TB to leave headroom. Anyone planning the same setup should size the backup disk for at least 3× their largest Mac's data.

The numbers, a year in

Metric Value
Uptime since last reboot 50 days (kernel update)
Total downtime in a year < 1 hour
RAM used 1.6 GB / 16 GB
CPU load average ~1.0 of 4 cores
Idle power 6-8 W
Total annual electricity cost ~£20
Things that have broken on their own None

There's still room for everything I could plausibly throw at it.

What's next

The infrastructure has gone quiet, which means there's headroom. CPU mostly idle, 14 GB of RAM untouched, and a backlog of self-hosted bits I've been meaning to try. Nextcloud for files I'd rather not park on someone else's cloud. Jellyfin for the family media library. Home Assistant to do home automation properly. A few others on the maybe pile.

Whatever earns its place, you'll hear about it.

Earlier in this series: Building a tiny Intel N100 home server · Running AdGuard Home and Unbound · WireGuard for safe browsing on kids' devices