I used to self-host because I liked tinkering. I worked tech support for a municipal fiber network, I ran Arch, I enjoyed the control. The privacy stuff was a nice bonus but honestly it was mostly about having my own playground. That changed this week when I watched ICE murder a woman sitting in her car. Before you roll your eyes about this getting political - stay with me, because this is directly about the infrastructure we’re all running in our homelabs. Here’s what happened: A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed. And that system? Built on infrastructure provided by the same tech companies most of us used to rely on before we started self-hosting. Every service you don’t self-host is a data point feeding the machine. Google knows your location history, your contacts, your communications. Microsoft has your documents and your calendar. Apple has your photos and your biometrics. And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over. They have to. It’s baked into the infrastructure. Individual privacy is a losing game. You can’t opt-out of surveillance when participation in society requires using their platforms. But here’s what you can do: build parallel infrastructure that doesn’t feed their systems at all. When you run Nextcloud, you’re not just protecting your files from Google - you’re creating a node in a network they can’t access. When you run Vaultwarden, your passwords aren’t sitting in a database that can be subpoenaed. When you run Jellyfin, your viewing habits aren’t being sold to data brokers who sell to ICE. I watched my local municipal fiber network get acquired by TELUS. I watched a piece of community infrastructure get absorbed into the corporate extraction machine. That’s when I realized: we can’t rely on existing institutions to protect us. We have to build our own. This isn’t about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles:
Communication that can’t be shut down: Matrix, Mastodon, email servers you control
File storage that can’t be subpoenaed: Nextcloud, Syncthing
Passwords that aren’t in corporate databases: Vaultwarden, KeePass
Media that doesn’t feed recommendation algorithms: Jellyfin, Navidrome
Code repositories not owned by Microsoft: Forgejo, Gitea
Every service you self-host is one less data point they have. But more importantly: every service you self-host is infrastructure that can be shared, that can support others, that makes the parallel network stronger. Where to start if you’re new:
Passwords first - Vaultwarden. This is your foundation. Files second - Nextcloud. Get your documents out of Google/Microsoft. Communication third - Matrix server, or join an existing instance you trust. Media fourth - Jellyfin for your music/movies, Navidrome for music.
If you’re already self-hosting:
Document your setup. Write guides. Make it easier for the next person. Run services for friends and family, not just yourself. Contribute to projects that build this infrastructure. Support municipal and community network alternatives.
The goal isn’t purity. You’re probably still going to use some corporate services. That’s fine. The goal is building enough parallel infrastructure that people have actual choices, and that there’s a network that can’t be dismantled by a single executive order. I’m working on consulting services to help small businesses and community organizations migrate to self-hosted alternatives. Not because I think it’ll be profitable, but because I’ve realized this is the actual material work of resistance in 2025. Infrastructure is how you fight infrastructure. We’re not just hobbyists anymore. Whether we wanted to be or not, we’re building the resistance network. Every Raspberry Pi running services, every old laptop turned into a home server, every person who learns to self-host and teaches someone else - that’s a node in a system they can’t control. They want us to be data points. Let’s refuse.
What are you running? What do you wish more people would self-host? What’s stopping people you know from taking this step?
EDIT: Appreciate the massive response here. To the folks in the comments debating whether I’m an AI: I’m flattered by the grammar check, but I’m just a guy in his moms basement with too much coffee and a background in municipal networking. If you think “rule of three” sentences are exclusive to LLMs, wait until you hear a tech support vet explain why your DNS is broken for the fourth time today.
More importantly, a few people asked about a “0 to 100” guide - or even just “0 to 50” for those who don’t want to become full time sysadmins. After reading the suggestions, I want to update my “Where to start” list. If you want the absolute fastest, most user-friendly path to getting your data off the cloud this weekend, do this:
The Core: Install CasaOS, or the newly released (to me) ZimaOS. It gives you a smartphone style dashboard for your server. It’s the single best tool I’ve found for bridging the technical gap. It’s appstore ecosystem is lovely to use and you can import docker compose files really easily.
The Photos: Use Immich. Syncthing is great for raw sync, but Immich is the first thing I’ve seen that actually feels like a near 1:1 replacement for Google Photos (AI tagging, map view, etc.) without the privacy nightmare.
The Connection: Use Tailscale. It’s a zero-config VPN that lets you access your stuff on the go without poking holes in your firewall.
I’m working on a Privacy Stack type repo that curates these one click style tools specifically to help people move fast. Infrastructure is only useful if people can actually use it. Stay safe out there.
Dude like even 6 months ago Id read your post and would think alright man c’mon…
But now you are 100% right it’s getting tough and people will only realize when it’s too late. Imagine a far right government with palantir in Europe. That’s pretty much where we are heading and I try my best to get any of my data away from this sphere of influence
It’s not often I hear meet others on the same page, but I too see self-hosting as a form of resistance against corporate control and surveillance capitalism. Rather than trying to bring self-hosting to individuals, I’ve steered my efforts towards affecting technological change in groups and organizations instead. While this narrows the pool of those who can set up sovereign infrastructure, it gets more people using the open-source alternatives as part of their collaborative work.
To support that, I’m building out such an IT reference architecture for nonprofits, activist groups, and communities. The networking model is such that services can be hosted on cheap hardware and accessed through Wireguard tunnels managed by Netbird (and experimenting with Pangolin now). This keeps the servers under positive control of the data owners and uses only one or two VPS instances to handle proxying and accesses. Now, every organization’s requirements are different, but this baseline is meant to be a flexible proof-of-concept that can be adapted to their unique threat model. For example, an org can opt for just using a cloud-hosted service for certain components if the self-hosting burden is too great and their threat model determines it to acceptable.
The docs are here at https://sts.libretechnica.org/ and the source for the docs and all the Ansible playbooks are at https://gitlab.com/libretechnica/SovereignTechStack/. I invite anyone to contribute, analyze, pick-apart, improve this model. In fact, I’m specifically seeking thoughts on whether this reference model can adequately address the risks and threats that self-hosters face.
This is the first time I’m sharing this publicly; I was inspired by this post to finally spread awareness of the project and get more like-minded people involved.
P.S. @h333d Sorry about the people who think your post is gen-AI. I used to proofread stuff all day long before the advent of LLMs, so I quickly recognize artificial text and yours reads nothing like it. I appreciate the time you took to write your post and it was a refreshing read.
On the one hand I do support the existence of open-source self-hostable alternatives to surveillance-capitalist offerings. But at the same time it has been driving me crazy how many things are being shifted toward this server-based architecture. For one example, I want an open-source app that will allow me to import recipes from any text or website automatically. But I want those recipes to save in files, be offline, and I do not want to maintain a whole damn server just to manage my fucking recipes.
Not everything needs to be web connected by default, and most people have no interest in running any kind of server.
If your recipes are formatted like markdown, then there are offline notes apps like Obsidian. The new issue becomes keeping your files backed up in case of whatever, and that’s when the self hosted server comes into play. This is a really good usecase for synching which can keep your small recipes files duplicated on your phone and your computer without ever leaving your network.
Synthing does not use a server based architecture.
If you have a Wi-Fi router in your home you are technically already running a server. With OpenWRT even quite practically, although sadly most routers are slighly too underpowered to do much with them.
Those same routers that still have problems with security updates, and are frequently the targets of cyber attacks? So how is it in any way a good idea to run entire server stacks, and databases (which throw a wrench in data portability compared to standard file formats), creating so much bloat and unnecessary attack surface, and then making all of these apps network-facing - opening them up to attacks?
How about instead I just use a standard text editor to save my recipe as a markdown file, and if I need to move it I can either get a usb cord or use Syncthing? Sorry but this whole self host movement is pretty insane.
I agree with most of what you’re saying, I disagree with the last part of what you’re saying.
The self-host movement is about taking control away from companies, and running web services locally instead of having to rely on companies for them and pay for them. Most things you can run locally without needing a server, but there are absolutely good use cases for server-based services. Some great examples of this are cloud storage, code repositories, and chat servers. You could run each of those things locally, but they are each improved by running them on a dedicated server designed for 24/7 uptime and centralized access.
My problem isn’t with open-source online services existing. Of course some things are inherently net-based. My problem is with the way everything is being done as a server even when it’s completely unnecessary. Syncthing alone - which is not server-based btw - is more than enough to take care of cloud needs for everything from calendars, to photos, recipes, text files, password databases, and more.
Hell, it’d actually be pretty interesting if someone did come up with a way to make a e2e chat client that works through Syncthing.
My point is I just want to download an app, have that app convert a recipe webpage into its own standard format, and then save that file on my own device. I do not want to deal with the hassle of getting Docker installed and working, nor to have it gobble up tons of computer resources just to do that one simple thing.
It’s not just media that doesn’t feed recommendation algorithms - I actually like recommendation algorithms (Jellyseerr does a pretty great job with this), it’s more about having control over my media and it not being taken away randomly. So many times an older show I would want to watch would no longer be “available” so I’d have to download it anyway, with no option of paying to watch for it.
Thank you for this post!
For me, getting into self hosting was nice because of the privacy and tinkering yes, but a huge part of it was just having my stuff work reliably and without enshittification.
I just set up my Home Assistant server and new Zigbee network in the past few weeks and it’s pretty awesome. Was already using Jellyfin despite having a lifetime Plex pass. Feels good man.
Come to i2p, fam.
Don’t use tailscale, a few years back they moved their server storage from Canada to the USA. Use headscle or wireguard if you are tech savvy
While true, only partially.
- United States Ashburn, Chicago, Dallas, Denver, Honolulu, Los Angeles, Miami, New York City, San Francisco, Seattle
- Australia Sydney
- Brazil São Paulo
- Canada Toronto
- Finland Helsinki
- France Paris
- Germany Frankfurt, Nuremberg
- India Bangalore
- Japan Tokyo
- South Africa Johannesburg
- United Kingdom London
- Others Various locations in other regions, including Asia and Europe
Are these relays? I think their announcement was data server, which means USA govt would have all your tailscale keys if they decide to keep going on the fascism.
data server
Here is the way I understand Tailscale to work. Feel free to correct any misinformation.
Tailscale doesn’t operate ‘data‑center’ servers that store or forward your traffic.
-
Control plane: Holds device metadata, public keys, ACL policies, and the DERP map. It is a small, highly available service that all clients contact only when they start up or need a policy update. Tailscale runs this service on a handful of cloud providers (primarily AWS and GCP) in the United States. TThe service carries no user data. Only control information.
-
Data plane: Carries the actual packets between your devices. After the control plane tells two devices how to reach each other, they open a direct WireGuard tunnel that is end to end encrypted. There are no dedicated ‘data servers’. Traffic travels directly between the peers. If a direct path can’t be established because of strict NATs or firewalls, the connection falls back to a DERP relay. The DERP relays are the only servers that ever carry user payload.
However, to keep with your fear of the US having all your Tailscale keys, what makes you think that Australia, Brazil, Canada, Finland, France, Germany, India, Japan, or the UK wouldn’t/couldn’t do the same? I’m no shill for Tailscale. AFAIC, you can either use the service or not. Your choice, no skin off my back. I’m just curious how far the paranoia rabbit hole goes.
Based on current USA actions, I have more faith in my own country and allies. The account info and control plane is what I mean, it could get compromised being under US control where they don’t seem to Ned warrants anymore
Understandable. I don’t know what your threat model is. I don’t trust any of them except to do what is in their best interest, globally. However, there is nothing stopping Australia, Brazil, Canada, Finland, France, Germany, India, Japan, UK, or even your country, from doing the very same thing. Governments make laws for citizens, not themselves. Everything can be compromised at any time a government decides to. That is the reality of it all. If I am going to have to hide my online activities from a government in 2026, then game over, and there’s not a damn thing I could/can do about it. I’ll just unplug, and live out the rest of my life in the seclusion of my farm/compound.
Well it is a post about online privacy and keeping the prying eyes out.
I wish you the best with you efforts.
-
Always has been.
Even if you like who’s in charge right now, they could change how they act or they could be replaced.
They could shut us down or do a lot of things, but it’s harder to break 10,000 servers than one.
Thank you!
This is almost exactly my motivation when I recently started my homelab journey. A bit of privacy, but what pushed me over the edge is that I was supporting these anti-social corporations with my money or data, when they went fully mask-off.
I tried to set up some services last year and had some trouble getting immich to work through networking. The answer was tailscale. This past Christmas holidays I got nextcloud and immich up. I use nextcloud for my audiobooks and large files I want to keep but not on my phone. Immich for pictures and synching for small files I want synced often like my epub book arks and highlights and Obsidian notes vault.
I agree with your post 100% I think. Removing oneself from big tech/data services like Google and Microsoft is resisting the regime. It’s especially useful for folks that may not be able to get out and protest, meet with their representatives, etc.
As for me, I’m running my *arr/media stack for myself and my close friends and family. Fuck Disney, Netflix, and Paramount. For our household, HomeAssistant keeps the lights on and SyncThing backs up our files to the NAS.
Spot on. Self-hosting is the most effective form of quiet, material protest we have. Every time your family uses Syncthing instead of OneDrive, you’re starving the machine of the telemetry it needs to function.
Running that stack for your inner circle is essentially building a “digital mutual aid” node. You’re taking the burden of surveillance off their backs and putting it on your own hardware where you can actually defend it. That’s the work.
Can your neighborhood communicate when the Internet goes down like Iran?
By… Stepping outside and talking to people? I think all neighborhoods have that ability, even if we don’t really use it much.
Probably not unless everyone has some radio device that can send as well as receive.
Like a wireless router?
HAM works too for some things.
deleted by creator
Quick question. Home assistant.
We are hooked on “Hey Google turn off the lights”
Is there a way to remove the Google from that but still use the voice aspect?
Edit: great!!! Thanks for the direction folks!!!
Yes, Home Assistant has this.
https://rhasspy.readthedocs.io/en/latest/
Works great. My biggest challenge was finding a decent microphone setup and ended up like many do with old Playstation 3 webcams. That was a while back and I would guess it’s easier to find something more appropriate today.
Great! Thanks a ton! I appreciate the link and the info!
Home Assistant has its own locally running voice assistant. There’s even hardware for it (think self hosted Alexa) that you can buy or build yourself
Oh great! I’ll check it out!
I know others have answered, but I wanted to give you a link. I have their device and it works great for turning things off and on out of the box. You can run it locally—if you have the hardware—or use their reasonably priced cloud subscription. I do the latter wanting to support them monetarily.
Thanks a bunch! I appreciate the link!
Home assistant has their own system I believe? If you sign up too their subscription? Or you can locally host whisper and piper yourself and go completely local.
Hell yeah! I’d argue it’s even true of 2026!
Just FYI unless you self-host headscale, tailscale is centralised and not private. They claim it is end to end encrypted but their proprietary centralised control server distributes the keys, so they could very easily MITM you.
Tailscale is good tech and good crypto, but Applied cryptography cannot solve a security problem. It can only convert a security problem into a key-management problem, and tailscale does not do decentralised key management.
Glad to see this comment on the chain. I haven’t tried it myself (yet) but I’ve got a friend that does and says it works great.
It’s on my list. Unfortunately, it’s a really long list.
Are you serious? I had no idea Tailscale was a “trust me bro” kind of operation. I’ve always heard “serious” people boosting it.
Like all the “selfhosters” and their Cloudflare proxies lmao.
just use wireguard. :/
Well they are a serious company with serious engineering capabilities. Just know that whoever runs the control server can control your network, and almost everyone uses Tailscale’s centralised control server, so they control the networks of almost all of their customers. Most of their customers are for internal use by companies which don’t care about relying on SaaS products. But if you self-host for resilience, using Tailscale doesn’t make much sense without also self-hosting the control server through the unofficial headscale implementation.
Can you help me understand what head/tail scale do? I’m at the “get friends and family on” stage so I’ve been struggling figuring out how to get friendly domain names working through Wireguard.
Note: I have only done this with Tailscale. I have not looked into this with headscale.
You can invite them to your network, or share a machine to their network. The second option is probably more likely what you will do with Tailscale since it is unlimited and the first option has a limited number of users for the free tier. The biggest hurdle will be them getting devices added to their tailnet so those devices can access your machine.
I imagine it’s maybe a little easier with headscale. I haven’t gone down that route yet. I would probably want to have my DDNS point to a VPS and have that be the entry point to my network. I could point it to my ISP IP, but one more layer that isn’t very expensive is probably smarter security wise.
Thanks!
Along with headscale, I have also hosted Pangolin instance. Multi network setup with docker
Don’t stop at self-hosting. We need all forms of community building, from organizing like-minded people to gardening, off-grid energy, etc.
What’s stopping people you know from taking this step?
I’m a noob when it comes to IT. (Even though in my family I’m the one people ask when they have computer issues lol.) I would really like to get into self-hosting and all that, and I think if I found some good guides I would probably be able to make things work, but it still sounds very daunting to me. Like, I imagine days if not weeks of sifting through online resources to fix a thousand little errors and issues that would come up. (Maybe I’m mistaken, maybe it’s all really easy even for noobs. Just trying to explain my feelings on the matter.)
Edit: Woke up to 10 replies lol. Thanks for everybody’s input and helpful links. I think this might become a future project for me, but not before winter 26/27 (for life reasons).
It is a skill much like maintaining a car yourself, or your own lawn/garden.
It’s pretty easy to get started, and there are certain ways of doing things that keep it pretty simple forever, at the cost of some flexibility.
But no matter how you do it, there will be a non-zero amount of work involved indefinitely. Just like you need your cars oil changed, your garden mulched and weeded, or your server patched and cleaned up once in awhile.
I use these analogies too, it’s like becoming a digital gardener.
I feel this deeply. I used to volunteer at a library teaching “Cyber Seniors” digital literacy, and the biggest hurdle was always the fear of “breaking” something. The truth is, the big tech companies want you to think it’s too hard so you’ll keep paying them with your data.
You don’t need to be a sysadmin to start. It’s not about days of fixing errors; it’s about taking one small win at a time; like setting up a password manager first. If you can follow a recipe, you can build a node. We’re working on better, no-jargon guides to make sure the “thousand little errors” don’t stand in your way. You don’t have to be an expert to be part of the resistance.
“one small win at a time” 100%
I agree with you, but something jumped out at me while reading this thread. To a degree, the fear of “breaking something” is completely legitimate, but it’s based on not getting quick feedback from systems. For instance, if you are walking in a direction that you think is east, but the sun is setting ahead of you, you know you’re headed in the wrong direction. Computers often don’t provide such useful feedback, often leading users to “break things.”
I’m right there with ya. I’m thinking it might be a case of picking easy pieces (projects) of the puzzle to start with and then building from there. Like I’m considering setting a pi-hole soon - seems like an easier networking project. But yeah, I’m not really sure what’s the best order of eaiest to hardest projects in terms of self hosting etc.
@phant Pi-hole is super easy to set up and easy to build on. It’s been very robust for me and also eye-opening due to the excellent UI. About 5% of the network traffic in my house is now blocked. Thousands of DNS requests per day. Most of that is trackers. Apps and “smart” devices are very determined to phone home so you’ll have to block many of these domains manually as they show up. Be forewarned, some apps and web sites will simply stop working if you block their tracking and other info gathering on your network. Luckily, there is good #FOSS to substitute.
Maybe I’m mistaken, maybe it’s all really easy even for noobs
I’ll be the first to admit, shit is complicated, especially networking, but it’s not insurmountable. Do you already have a server deployed? How familiar are you with Linux?
See what you think: https://linuxupskillchallenge.org/
Do you already have a server deployed? How familiar are you with Linux?
No server. I just installed Linux a few months ago as dual boot after being a lifelong Windows user (since 3.1 lol). Currently using both OS but will move fully to Linux once I have some projects finished. Self-hosting might become a future project after that and if yes, I’ll come back to this community and this thread!
I just installed Linux a few months ago as dual boot after being a lifelong Windows user (since 3.1 lol).
Well then, you are on your way.
I’m not an expert but I have a decent set up going. If you think it would be helpful shoot me a DM and I’ll find a way to show you what I’ve got set up and give any tips I can. It sounds like I started in a similar position to you and I’d be happy to share what I’ve learned so far.
Edit: anyone else reading this is welcome to do the same.
Thanks a lot for the offer. This might become a project of mine in the future but not before the end of this year. I might get back to you then. :)
Man, I’m pretty techy. I work in tech. I’ve learned programming, etc, I use Debian. but selfhosting seems so daunting, not to mention inconvenient. I need to get into it though 😓
It’s not overly.
I used “perfect media server 2017” the first time I set up a mass storage server for Plex.
https://perfectmediaserver.com/
My setup is a lot different now… but dude laid out some step by step instructions. And apparently has continued to evolve his setup over time
Just a brief skim of this and I’m already so lost lol. Thanks for the link though, I’ll have a more detailed read through later.
You’re welcome!
Good luck in your journey!
@Bonifratz @h333d Before I begun this self-hosting journey, I hosted Pi-Hole on a docker container on my PC (was Manjaro KDE that time I think). Then, I learnt how to set up AdGuardHome on a VM (on both Manjaro and Arch iirc), using virt-manager and KVM. Now, I’m using an old laptop to host Proxmox and some services like AdGuardHome, Prometheus, Grafana, Uptime Kuma, and a Debian-made game server customized by myself. I had help of a colleague to begin the Proxmox journey.
@Bonifratz @h333d It isn’t easy, but it’s so worth the effort, and I just begun the Proxmox journey and I have plenty of things to learn!
Since this is a complex subject, you need to take your time and don’t hurry the learning process. Begin with baby steps, and hosting services restricted to a LAN, just to be safe. When you are comfortable (after some weeks or months), think about sharing a service to the public, if possible, and what you have to do to properly secure your devices and network!
Currently in that “sifting through online resouces” phase, but less because of broken stuff, and more because I want to set up everything prefectly the first time. Which is probs impossible lol. I am majoring in Cyber, so tech is my life, but this homelab is how I actually put what I’ve learned to use and learn even more than what college will probably teach me.
I’m on winter break and having a blast (kind of 😅) setting up my Proxmox to have all the services I want. I have gotten stuck several times, but I can find info eventually, and keep moving forward. Thankfully there’s a website that contains Proxmox setup scripts for almost every service imaginable, making a homelab way more accessible.
Linux skills/terminal knowlege helps this process go by faster, and my networking knowledge helps too. But that’s basically all I got lol. I can understand an okay amount of what scripts do, but I’m no programmer/scripter. I screw up mount points, look up how to check ssh key fingerprints every 10 mins, I fail to get VPN tunnel configs to work, a whole slew of issues. But I always end up learning something in the end, and get one step closer to that sweet sweet setup. So just learn and break things while you don’t care about it. Who cares if I fuck up the jellyfin config? It only had like two videos in it anyway. Best to screw up now so when I go data hoarder I know how to save my info.
Edit: Just got SMB to work for both my VM and LXCs, and I’m so happy. Every accomplishment with my homelab has me fistbumbing the air and floating on clouds. Make a homelab just the high it gives you when you do something right.
Hi! I am also slowly getting the hang of it (just set up my first NAS with truenas last weekend) but there are dozens of youtube channels focused on it. I like Serversathome and the accompanying Wiki helped me a lot. This mainly focuses on an arr stack but there is also wiki pages for immich and nextcloud. Right now I’m using cloudflare tunnels to access services (i know feeding the machine etc.). If anyone knows an alternative to cloudflare tunnels (without putting everything into the same tailscale network) I would be happy to hear about it!
@Deckname @Bonifratz
Pangolin is an alternative to cloudflare tunnels, TrueNAS supports the Newt client for Pangolin as a community app. You can either host yourself with a VPS, or Pangolin offers a management dash they host. Under the hood is Wireguard.Nice! Thank you for the info! I will look into it :)
I used this guide to setup the Immich side. I’m sure I diverged from it, but I would not have figured out proxy headers without it.
Digital solidarity will be essential as we move forward. We will need both social solutions which facilitate community technical support and engineered solutions which make that support more effective. I like to imagine systems of distributed sever management where we build upon the computational capacity of those around us and the human capacity of those that care for them. I want to rely on people I love instead of opaque tech firms that only care about money. Compute power must not defeat humanity.
