Issue 1 was the why: who I am and what Tunneld is. This one's the hardware: what's on the network, what each device does, and what's about to get ripped out.
TL;DR: Replacing the gateway, killing the last WiFi hop with a fibre run, and mapping devices that each do exactly one job.
// THE MAP
Device | Role | Status |
|---|---|---|
NanoPi Zero 2 | Gateway (Tunneld) | Being retired |
NanoPi R3S-LTS | Gateway (incoming) | Pending fibre run |
NanoPi Neo 3 #1 | DNS (Pi-hole) | Active |
NanoPi Neo 3 #2 | None | Dormant, earmarked |
NanoPi Zero 2 #2 | Test subnet | Active, isolated |
Raspberry Pi 3B | Build node | Active, likely deprecated soon |
Mac Mini M4 (16GB) | Compute / AI services | Active |
Ryzen 9 7945HX rig | Compute / gaming | Mostly idle |
Most of the choices here were intentional, and less about which software or service to self-host. I care more about the hardware itself, what it runs on, and how to make it better over time.
// THE EDGE
The house has a basic FTTH ONT from the ISP, Cat6e into a Huawei WiFi AX3. Tunneld currently connects to that home router over WiFi, a bottleneck I'm well aware of.
Behind it sits a TP-Link Archer MR600 in bridge mode. It gives WiFi coverage to the personal subnet and passes DNS through to Tunneld, which forwards it to a Pi-hole instance on the subnet.
Behind that, a TP-Link TL-SG105 five-port unmanaged switch handles everything wired.

Misc cables, and some hardware
// THE GATEWAY

Nano Pi Zero 2 1G
NanoPi Zero 2 (1GB) is running the current Tunneld instance. It does its job, and it's being retired soon.
Before the Zero 2, the gateway was a NanoPi Neo 3 paired with a USB3 TP-Link AC1300 Nano. Driver support, heat, and WiFi bandwidth sharing over the USB bus all got worse over time, not viable long-term. The Zero 2 moved WiFi to a M.2 2230 Intel AX210 card, which solved some of that, but it's still a bandaid for what I wanted longer term.
The replacement: NanoPi R3S-LTS. RK3566, dual GbE, 2GB RAM. WAN in on one port, subnet out the other.
A fibre run is pending to support it: media converters from the main house router into the R3S's WAN port, linked by a single fibre line. I'm planning an LC-to-LC fibre cable, around 30m, run through the roof with added shielding for the distance/protection.
The run uses BiDi (bidirectional) transceivers: a single cable carrying two wavelengths simultaneously, one per direction, with wavelength splitters on each media converter. One cable does the job of two.
Did you know? A standard fibre link normally needs two strands, one for sending and one for receiving. BiDi transceivers do both over a single strand, which is why this run only needs one LC-to-LC cable instead of two. More on Wavelength-division multiplexing →
Once this lands, the last WiFi hop in the path is gone: lower latency, better bandwidth between the home and isolated subnet, and consistent, predictable throughput.
// ON THE SWITCH
Raspberry Pi 3B, the Builder Node. Pulls source, compiles every Tunneld release, and deploys to the public installer repo. It's old and limited, and I have better hardware for this job. It's up for now but will likely get handed off to one of the Neos in time.

Raspberry PI Model 3B
NanoPi Neo 3 #1, DNS Server. Runs Pi-hole; Tunneld points DNS here on the subnet. Eventually I'll self-host more services on it. This was originally the candidate to run the second Tunneld instance, before the WiFi issues put it in a slow uptime death spiral, driver problems, constant disconnects, and a USB adapter (the TP-Link Nano Archer T3U) that ran hot enough to touch.

Nano PI Neo 3 1G
Mac Mini M4 (16GB), Compute and AI Node. Runs Open WebUI, LiteLLM, and Ollama. My partner and friends get scoped API keys. It stays on around the clock and handles day-to-day serving without waking the beast.

// THE BEAST
Everything above is infrastructure. This one's a toy that occasionally moonlights as a server. AMD Ryzen 9 7945HX, RX 7900 XTX 24GB, 96GB DDR5.
It's off most of the time, my hosting needs are covered by the M4, but it's connected to the switch, and given how prices have moved over the past year, it was one of the better purchases I've made. I don't see myself using it outside of gaming for now. Long-term, I want to shift it toward shared compute and testing.

Ryzen 9 7945HX + 96GB DDR5
Before the M4 existed, this was the LLM machine: LM Studio, Ollama, llama.cpp. Leaving something this power-hungry running around the clock was never ideal, but it gave me something the M4 still can't: memory headroom. I could cycle between open-weight models, finding the right quant to locally test inference. That's where it earned its keep. Image generation lived here too at some point, via ComfyUI.
Inference is still where I prefer spending research time. ROCm driver support was painful enough that Windows stayed the main OS. That initially closed some doors, but support has gotten better recently, and I just haven't updated anything yet.
The GPU partitioning experiments were worth it too: Hyper-V with scripts to provision VMs with sliced hardware, headless access via Moonlight/Sunshine, which I still use today across phone, Mac, and TV, for gaming both on the device and in VMs. Proxmox or a full Linux move is on the list as ROCm matures. For now, it's a gaming machine. I know there's time I could sink into this, but my focus stays on the gateway and gaming, not fighting GPU passthrough configs against hardware that's still catching up on driver support.
// THE REST
The MacBook M1 Pro (16GB) is the daily driver. An LG OLED CX 55 sits on the subnet over WiFi. The second NanoPi Neo 3 is dormant. It was the original gateway candidate before the Zero 2, until a USB WiFi adapter and Rockchip firmware issues on Debian ended that. It's earmarked for isolated services down the line. A second NanoPi Zero 2 lives on a clean test subnet, purely for breaking things without touching the main instance.
// THE RESULT

One gateway being replaced with something better. One build machine. One DNS filter. One services box. One beast that mostly sleeps but is the closest thing I run to larger models or larger context, for when my use cases outgrow the M4.
The fibre run lands soon. Once it does, I'll be happy with the network layer and bandwidth for a while, and the focus shifts to the relay (more soon).
Next time: From WiFi to Fibre, subnet speeds and internet speeds before and after the changes.

