Home Mini Host Service Setup Notes (Part Four)


This is the fourth article in the series on building a mini home server. This article focuses on istoreos and n8n, and it is more concise compared to previous ones.

Istoreos solves the problem of the unattractive and difficult-to-use interface of OpenWrt, while n8n addresses one of the initial requirements, which is automating workflows.

It has been 14 days since the last article in this series was published, and I don't know when the next one will be updated. I apologize for the delay.

Finally, my zodiac year is coming to an end. I am 24 years old, not 12, not 36, and definitely not 48. Thank you. I am not really middle-aged.

Wishing everyone who reads this article a happy Year of the Dragon.

Add a zero to your balance, and may your health improve every day!

~Sincere and warm wishes~

Goodbye, ikuai#

In the previous article, I followed the tutorial video N100 Installation Guide for PVE8.0, Integrated Graphics SRIOV, Integrated Graphics HDMI Passthrough, All-In-One Tutorial, ikuai+op+Black Synology+Win11+Private Streaming to perform complex operations involving PVE + ikuai + op.

After some practice and reinstallation, I suddenly realized that I don't need to set the machine's gateway to op. I can simply set up a proxy for the required applications.

I found that all the software I use supports proxies, and using a proxy is much better than setting the virtual machine's gateway to op. It doesn't affect normal access, and the internet connection is fast and stable.

Therefore, ikuai is unnecessary for me because I don't need to balance multiple network cables, manage access points, or perform intelligent traffic splitting.

So, here's what I did: I cleared the static address in ikuai, reclaimed all IP addresses, deleted the DHCP service, stopped and uninstalled the application, set all virtual machine gateways to the router, restarted PVE, and achieved a fulfilling outcome in life.


There are many branches of op, but most of them are difficult to use and have complex interfaces.

Istoreos is one of the branches of op. It inherits the basic functions of op and is maintained by a professional team in China. It is stable and frequently updated.

The installation interface of istoreos is very user-friendly. It provides key information to prevent errors and is fast and simple.

Screenshot of istoreos main page

When the black output box in the upper right corner turns green, it means that the installation is complete. Combined with a domestic download source, installing applications is much more comfortable compared to the previous article Installing AdGuard Home Core on OpenWrt.

Screenshot of istoreos installation interface

Installing ZeroTier on istoreos for Public Access to Internal Network Services#

The video ZeroTier: From Simple to Complex, All Revealed explains this topic very well, in a detailed and straightforward manner.

Since the ZeroTier server is located overseas, the speed of the IPv4 connection in China may not reach 100 Mbps. However, it is more than sufficient to access the service page.

If you, like me, only use istoreos/op for internet access or as a secondary router, you only need to follow a few steps from the video tutorial:

  • Create a new interface on istoreos and point it to a new firewall with inbound and outbound traffic allowed. The video provides more details.

ZeroTier firewall rule configuration

  • In the istoreos firewall configuration, enable IP masquerading for your original LAN port. This is essentially enabling NAT. The video provides more details.

Enable NAT for istoreos LAN port

  • Create an inbound rule in the istoreos firewall to allow traffic on port 9993. The video provides more details.

Inbound firewall rule for port 9993 in ZeroTier

  • Configure ZeroTier on its official website by selecting all newly added devices and adding a route. The route should include your internal network subnet, with the route gateway pointing to the IP address assigned to istoreos/op by ZeroTier.

Add a route to the internal network subnet in ZeroTier

After completing these steps, you will be able to access your 192 internal network services using ZeroTier VPN on your mobile device.

I won't include a video because I'm too lazy, but it's magical how the internet works. Remember to take a snapshot after restarting.

Setting Up and Initializing n8n#

n8n is a node-based workflow automation tool.

I didn't choose to use argo-workflows because I am not skilled enough, and getting started with Kubernetes is too difficult.

  • If you are using n8n installed with Docker or Docker Compose, and you want to use external tools, you need to install them inside the Docker container. Therefore, it is recommended to install n8n with cnpm on your local machine.
apt-get install npm nodejs && npm cache clean --force && npm config set registry && npm install -g cnpm && cnpm install n8n -g &&    cnpm install pm2 -g
  • Create a script file named and add the following content:
n8n start --tunnel
  • Make sure this script has executable permissions:
chmod +x
  • Use PM2 to start this script:
pm2 start --name n8n
  • This way, PM2 will manage the shell script directly, and the script will be responsible for starting n8n. This avoids potential compatibility issues when starting n8n directly with PM2.
  • Save the PM2 process list: To ensure that PM2 remembers and restarts n8n after a system reboot, you need to save the current PM2 process list. Use the following command to save it:
pm2 save
  • This command saves the current running PM2 process list, including the n8n process you just started.
pm2 status
  • This command displays the status of all processes managed by PM2. You should see a process named n8n in the list, and its status should be online.

Screenshot of running npm version of n8n in the background with PM2 and enabling auto-start on boot

  • In the long run, n8n may require some custom environment variables. To stop n8n, which is also a good opportunity to show you how to stop it (doge), use the following command:
pm2 delete n8n

# Load environment variables from .env file
set -a # Automatically export variables
source .env
set +a # Disable automatic exporting of variables

# Start n8n
n8n start --tunnel

  • Create a .env file in the same directory as and modify its contents according to your needs
# Proxy settings

# Timezone setting

# n8n log level

# Base URL for n8n API and Webhook
  • Restart using pm2 start --name n8n

  • VUE_APP_URL_BASE_API and WEBHOOK_URL are mainly used to configure the access path for your n8n instance. This is crucial for ensuring that external services can correctly callback to your n8n instance.

  • These settings do not directly affect n8n's ability to make requests to external services. The ability of n8n to access external services is mainly achieved through node configurations, not through these URL settings.

  • In scenarios where external services need to callback to n8n, it is necessary to ensure that WEBHOOK_URL is correctly set.

  • When starting n8n with the command n8n start --tunnel, it creates a temporary publicly accessible URL through the tunnel service provided by n8n. This URL is mainly used for development and testing purposes, allowing external services to temporarily access your n8n instance without a fixed public IP or domain name.



Memo: Installing oc/pw on istoreos#

Download oc from the latest release page.

Download the kernel from the official OpenWrt download page. The format should be kernel_xxx_x86_64.ipk.

Refer to the oc release page for the components required in the console.

opkg update && opkg install coreutils-nohup bash iptables dnsmasq-full curl ca-certificates ipset ip-full iptables-mod-tproxy libcap libcap-bin ruby ruby-yaml kmod-tun kmod-inet-diag unzip luci-compat luci luci-base kmod-nft-tproxy

System-File Transfer, upload and copy the file path to the terminal for installation

opkg install /tmp/upload/kernel_6.1.74-1-83764a037d5da4b65844fa9bc9d55bc3_x86_64.ipk
opkg update
opkg install /tmp/upload/luci-app-openclash_0.45.157-beta_all.ipk

After installation, it may freeze. Restart the required applications from the Services section. If the subscription update fails, try changing the GitHub address in the override settings to an accelerated address or downgrade Clash.

You can also download pw from this page and manually install it by selecting istore-manual installation.


Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.