I used to self-host because I liked tinkering. I worked tech support for a municipal fiber network, I ran Arch, I enjoyed the control. The privacy stuff was a nice bonus but honestly it was mostly about having my own playground. That changed this week when I watched ICE murder a woman sitting in her car. Before you roll your eyes about this getting political - stay with me, because this is directly about the infrastructure we’re all running in our homelabs. Here’s what happened: A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed. And that system? Built on infrastructure provided by the same tech companies most of us used to rely on before we started self-hosting. Every service you don’t self-host is a data point feeding the machine. Google knows your location history, your contacts, your communications. Microsoft has your documents and your calendar. Apple has your photos and your biometrics. And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over. They have to. It’s baked into the infrastructure. Individual privacy is a losing game. You can’t opt-out of surveillance when participation in society requires using their platforms. But here’s what you can do: build parallel infrastructure that doesn’t feed their systems at all. When you run Nextcloud, you’re not just protecting your files from Google - you’re creating a node in a network they can’t access. When you run Vaultwarden, your passwords aren’t sitting in a database that can be subpoenaed. When you run Jellyfin, your viewing habits aren’t being sold to data brokers who sell to ICE. I watched my local municipal fiber network get acquired by TELUS. I watched a piece of community infrastructure get absorbed into the corporate extraction machine. That’s when I realized: we can’t rely on existing institutions to protect us. We have to build our own. This isn’t about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles:
Communication that can’t be shut down: Matrix, Mastodon, email servers you control
File storage that can’t be subpoenaed: Nextcloud, Syncthing
Passwords that aren’t in corporate databases: Vaultwarden, KeePass
Media that doesn’t feed recommendation algorithms: Jellyfin, Navidrome
Code repositories not owned by Microsoft: Forgejo, Gitea
Every service you self-host is one less data point they have. But more importantly: every service you self-host is infrastructure that can be shared, that can support others, that makes the parallel network stronger. Where to start if you’re new:
Passwords first - Vaultwarden. This is your foundation. Files second - Nextcloud. Get your documents out of Google/Microsoft. Communication third - Matrix server, or join an existing instance you trust. Media fourth - Jellyfin for your music/movies, Navidrome for music.
If you’re already self-hosting:
Document your setup. Write guides. Make it easier for the next person. Run services for friends and family, not just yourself. Contribute to projects that build this infrastructure. Support municipal and community network alternatives.
The goal isn’t purity. You’re probably still going to use some corporate services. That’s fine. The goal is building enough parallel infrastructure that people have actual choices, and that there’s a network that can’t be dismantled by a single executive order. I’m working on consulting services to help small businesses and community organizations migrate to self-hosted alternatives. Not because I think it’ll be profitable, but because I’ve realized this is the actual material work of resistance in 2025. Infrastructure is how you fight infrastructure. We’re not just hobbyists anymore. Whether we wanted to be or not, we’re building the resistance network. Every Raspberry Pi running services, every old laptop turned into a home server, every person who learns to self-host and teaches someone else - that’s a node in a system they can’t control. They want us to be data points. Let’s refuse.
What are you running? What do you wish more people would self-host? What’s stopping people you know from taking this step?
EDIT: Appreciate the massive response here. To the folks in the comments debating whether I’m an AI: I’m flattered by the grammar check, but I’m just a guy in his moms basement with too much coffee and a background in municipal networking. If you think “rule of three” sentences are exclusive to LLMs, wait until you hear a tech support vet explain why your DNS is broken for the fourth time today.
More importantly, a few people asked about a “0 to 100” guide - or even just “0 to 50” for those who don’t want to become full time sysadmins. After reading the suggestions, I want to update my “Where to start” list. If you want the absolute fastest, most user-friendly path to getting your data off the cloud this weekend, do this:
The Core: Install CasaOS, or the newly released (to me) ZimaOS. It gives you a smartphone style dashboard for your server. It’s the single best tool I’ve found for bridging the technical gap. It’s appstore ecosystem is lovely to use and you can import docker compose files really easily.
The Photos: Use Immich. Syncthing is great for raw sync, but Immich is the first thing I’ve seen that actually feels like a near 1:1 replacement for Google Photos (AI tagging, map view, etc.) without the privacy nightmare.
The Connection: Use Tailscale. It’s a zero-config VPN that lets you access your stuff on the go without poking holes in your firewall.
I’m working on a Privacy Stack type repo that curates these one click style tools specifically to help people move fast. Infrastructure is only useful if people can actually use it. Stay safe out there.
Dude like even 6 months ago Id read your post and would think alright man c’mon…
But now you are 100% right it’s getting tough and people will only realize when it’s too late. Imagine a far right government with palantir in Europe. That’s pretty much where we are heading and I try my best to get any of my data away from this sphere of influence
It’s not often I hear meet others on the same page, but I too see self-hosting as a form of resistance against corporate control and surveillance capitalism. Rather than trying to bring self-hosting to individuals, I’ve steered my efforts towards affecting technological change in groups and organizations instead. While this narrows the pool of those who can set up sovereign infrastructure, it gets more people using the open-source alternatives as part of their collaborative work.
To support that, I’m building out such an IT reference architecture for nonprofits, activist groups, and communities. The networking model is such that services can be hosted on cheap hardware and accessed through Wireguard tunnels managed by Netbird (and experimenting with Pangolin now). This keeps the servers under positive control of the data owners and uses only one or two VPS instances to handle proxying and accesses. Now, every organization’s requirements are different, but this baseline is meant to be a flexible proof-of-concept that can be adapted to their unique threat model. For example, an org can opt for just using a cloud-hosted service for certain components if the self-hosting burden is too great and their threat model determines it to acceptable.
The docs are here at https://sts.libretechnica.org/ and the source for the docs and all the Ansible playbooks are at https://gitlab.com/libretechnica/SovereignTechStack/. I invite anyone to contribute, analyze, pick-apart, improve this model. In fact, I’m specifically seeking thoughts on whether this reference model can adequately address the risks and threats that self-hosters face.
This is the first time I’m sharing this publicly; I was inspired by this post to finally spread awareness of the project and get more like-minded people involved.
P.S. @h333d Sorry about the people who think your post is gen-AI. I used to proofread stuff all day long before the advent of LLMs, so I quickly recognize artificial text and yours reads nothing like it. I appreciate the time you took to write your post and it was a refreshing read.
It’s not just media that doesn’t feed recommendation algorithms - I actually like recommendation algorithms (Jellyseerr does a pretty great job with this), it’s more about having control over my media and it not being taken away randomly. So many times an older show I would want to watch would no longer be “available” so I’d have to download it anyway, with no option of paying to watch for it.
Thank you for this post!
For me, getting into self hosting was nice because of the privacy and tinkering yes, but a huge part of it was just having my stuff work reliably and without enshittification.
I just set up my Home Assistant server and new Zigbee network in the past few weeks and it’s pretty awesome. Was already using Jellyfin despite having a lifetime Plex pass. Feels good man.
Always has been.
Even if you like who’s in charge right now, they could change how they act or they could be replaced.
They could shut us down or do a lot of things, but it’s harder to break 10,000 servers than one.
Thank you!
This is almost exactly my motivation when I recently started my homelab journey. A bit of privacy, but what pushed me over the edge is that I was supporting these anti-social corporations with my money or data, when they went fully mask-off.
I tried to set up some services last year and had some trouble getting immich to work through networking. The answer was tailscale. This past Christmas holidays I got nextcloud and immich up. I use nextcloud for my audiobooks and large files I want to keep but not on my phone. Immich for pictures and synching for small files I want synced often like my epub book arks and highlights and Obsidian notes vault.
I agree with your post 100% I think. Removing oneself from big tech/data services like Google and Microsoft is resisting the regime. It’s especially useful for folks that may not be able to get out and protest, meet with their representatives, etc.
As for me, I’m running my *arr/media stack for myself and my close friends and family. Fuck Disney, Netflix, and Paramount. For our household, HomeAssistant keeps the lights on and SyncThing backs up our files to the NAS.
Spot on. Self-hosting is the most effective form of quiet, material protest we have. Every time your family uses Syncthing instead of OneDrive, you’re starving the machine of the telemetry it needs to function.
Running that stack for your inner circle is essentially building a “digital mutual aid” node. You’re taking the burden of surveillance off their backs and putting it on your own hardware where you can actually defend it. That’s the work.
Can your neighborhood communicate when the Internet goes down like Iran?
By… Stepping outside and talking to people? I think all neighborhoods have that ability, even if we don’t really use it much.
Probably not unless everyone has some radio device that can send as well as receive.
Like a wireless router?
HAM works too for some things.
deleted by creator
Quick question. Home assistant.
We are hooked on “Hey Google turn off the lights”
Is there a way to remove the Google from that but still use the voice aspect?
Edit: great!!! Thanks for the direction folks!!!
Yes, Home Assistant has this.
https://rhasspy.readthedocs.io/en/latest/
Works great. My biggest challenge was finding a decent microphone setup and ended up like many do with old Playstation 3 webcams. That was a while back and I would guess it’s easier to find something more appropriate today.
Great! Thanks a ton! I appreciate the link and the info!
Home Assistant has its own locally running voice assistant. There’s even hardware for it (think self hosted Alexa) that you can buy or build yourself
Oh great! I’ll check it out!
I know others have answered, but I wanted to give you a link. I have their device and it works great for turning things off and on out of the box. You can run it locally—if you have the hardware—or use their reasonably priced cloud subscription. I do the latter wanting to support them monetarily.
Thanks a bunch! I appreciate the link!
Home assistant has their own system I believe? If you sign up too their subscription? Or you can locally host whisper and piper yourself and go completely local.
Hell yeah! I’d argue it’s even true of 2026!
Just FYI unless you self-host headscale, tailscale is centralised and not private. They claim it is end to end encrypted but their proprietary centralised control server distributes the keys, so they could very easily MITM you.
Tailscale is good tech and good crypto, but Applied cryptography cannot solve a security problem. It can only convert a security problem into a key-management problem, and tailscale does not do decentralised key management.
Glad to see this comment on the chain. I haven’t tried it myself (yet) but I’ve got a friend that does and says it works great.
It’s on my list. Unfortunately, it’s a really long list.
Are you serious? I had no idea Tailscale was a “trust me bro” kind of operation. I’ve always heard “serious” people boosting it.
Well they are a serious company with serious engineering capabilities. Just know that whoever runs the control server can control your network, and almost everyone uses Tailscale’s centralised control server, so they control the networks of almost all of their customers. Most of their customers are for internal use by companies which don’t care about relying on SaaS products. But if you self-host for resilience, using Tailscale doesn’t make much sense without also self-hosting the control server through the unofficial headscale implementation.
Can you help me understand what head/tail scale do? I’m at the “get friends and family on” stage so I’ve been struggling figuring out how to get friendly domain names working through Wireguard.
Note: I have only done this with Tailscale. I have not looked into this with headscale.
You can invite them to your network, or share a machine to their network. The second option is probably more likely what you will do with Tailscale since it is unlimited and the first option has a limited number of users for the free tier. The biggest hurdle will be them getting devices added to their tailnet so those devices can access your machine.
I imagine it’s maybe a little easier with headscale. I haven’t gone down that route yet. I would probably want to have my DDNS point to a VPS and have that be the entry point to my network. I could point it to my ISP IP, but one more layer that isn’t very expensive is probably smarter security wise.
Thanks!
Like all the “selfhosters” and their Cloudflare proxies lmao.
just use wireguard. :/
Along with headscale, I have also hosted Pangolin instance. Multi network setup with docker
Don’t stop at self-hosting. We need all forms of community building, from organizing like-minded people to gardening, off-grid energy, etc.
What’s stopping people you know from taking this step?
I’m a noob when it comes to IT. (Even though in my family I’m the one people ask when they have computer issues lol.) I would really like to get into self-hosting and all that, and I think if I found some good guides I would probably be able to make things work, but it still sounds very daunting to me. Like, I imagine days if not weeks of sifting through online resources to fix a thousand little errors and issues that would come up. (Maybe I’m mistaken, maybe it’s all really easy even for noobs. Just trying to explain my feelings on the matter.)
Edit: Woke up to 10 replies lol. Thanks for everybody’s input and helpful links. I think this might become a future project for me, but not before winter 26/27 (for life reasons).
It is a skill much like maintaining a car yourself, or your own lawn/garden.
It’s pretty easy to get started, and there are certain ways of doing things that keep it pretty simple forever, at the cost of some flexibility.
But no matter how you do it, there will be a non-zero amount of work involved indefinitely. Just like you need your cars oil changed, your garden mulched and weeded, or your server patched and cleaned up once in awhile.
I use these analogies too, it’s like becoming a digital gardener.
I feel this deeply. I used to volunteer at a library teaching “Cyber Seniors” digital literacy, and the biggest hurdle was always the fear of “breaking” something. The truth is, the big tech companies want you to think it’s too hard so you’ll keep paying them with your data.
You don’t need to be a sysadmin to start. It’s not about days of fixing errors; it’s about taking one small win at a time; like setting up a password manager first. If you can follow a recipe, you can build a node. We’re working on better, no-jargon guides to make sure the “thousand little errors” don’t stand in your way. You don’t have to be an expert to be part of the resistance.
“one small win at a time” 100%
I agree with you, but something jumped out at me while reading this thread. To a degree, the fear of “breaking something” is completely legitimate, but it’s based on not getting quick feedback from systems. For instance, if you are walking in a direction that you think is east, but the sun is setting ahead of you, you know you’re headed in the wrong direction. Computers often don’t provide such useful feedback, often leading users to “break things.”
I’m right there with ya. I’m thinking it might be a case of picking easy pieces (projects) of the puzzle to start with and then building from there. Like I’m considering setting a pi-hole soon - seems like an easier networking project. But yeah, I’m not really sure what’s the best order of eaiest to hardest projects in terms of self hosting etc.
@phant Pi-hole is super easy to set up and easy to build on. It’s been very robust for me and also eye-opening due to the excellent UI. About 5% of the network traffic in my house is now blocked. Thousands of DNS requests per day. Most of that is trackers. Apps and “smart” devices are very determined to phone home so you’ll have to block many of these domains manually as they show up. Be forewarned, some apps and web sites will simply stop working if you block their tracking and other info gathering on your network. Luckily, there is good #FOSS to substitute.
Maybe I’m mistaken, maybe it’s all really easy even for noobs
I’ll be the first to admit, shit is complicated, especially networking, but it’s not insurmountable. Do you already have a server deployed? How familiar are you with Linux?
See what you think: https://linuxupskillchallenge.org/
Do you already have a server deployed? How familiar are you with Linux?
No server. I just installed Linux a few months ago as dual boot after being a lifelong Windows user (since 3.1 lol). Currently using both OS but will move fully to Linux once I have some projects finished. Self-hosting might become a future project after that and if yes, I’ll come back to this community and this thread!
I just installed Linux a few months ago as dual boot after being a lifelong Windows user (since 3.1 lol).
Well then, you are on your way.
Man, I’m pretty techy. I work in tech. I’ve learned programming, etc, I use Debian. but selfhosting seems so daunting, not to mention inconvenient. I need to get into it though 😓
It’s not overly.
I used “perfect media server 2017” the first time I set up a mass storage server for Plex.
https://perfectmediaserver.com/
My setup is a lot different now… but dude laid out some step by step instructions. And apparently has continued to evolve his setup over time
Just a brief skim of this and I’m already so lost lol. Thanks for the link though, I’ll have a more detailed read through later.
You’re welcome!
Good luck in your journey!
I’m not an expert but I have a decent set up going. If you think it would be helpful shoot me a DM and I’ll find a way to show you what I’ve got set up and give any tips I can. It sounds like I started in a similar position to you and I’d be happy to share what I’ve learned so far.
Edit: anyone else reading this is welcome to do the same.
Thanks a lot for the offer. This might become a project of mine in the future but not before the end of this year. I might get back to you then. :)
@Bonifratz @h333d Before I begun this self-hosting journey, I hosted Pi-Hole on a docker container on my PC (was Manjaro KDE that time I think). Then, I learnt how to set up AdGuardHome on a VM (on both Manjaro and Arch iirc), using virt-manager and KVM. Now, I’m using an old laptop to host Proxmox and some services like AdGuardHome, Prometheus, Grafana, Uptime Kuma, and a Debian-made game server customized by myself. I had help of a colleague to begin the Proxmox journey.
@Bonifratz @h333d It isn’t easy, but it’s so worth the effort, and I just begun the Proxmox journey and I have plenty of things to learn!
Since this is a complex subject, you need to take your time and don’t hurry the learning process. Begin with baby steps, and hosting services restricted to a LAN, just to be safe. When you are comfortable (after some weeks or months), think about sharing a service to the public, if possible, and what you have to do to properly secure your devices and network!
Currently in that “sifting through online resouces” phase, but less because of broken stuff, and more because I want to set up everything prefectly the first time. Which is probs impossible lol. I am majoring in Cyber, so tech is my life, but this homelab is how I actually put what I’ve learned to use and learn even more than what college will probably teach me.
I’m on winter break and having a blast (kind of 😅) setting up my Proxmox to have all the services I want. I have gotten stuck several times, but I can find info eventually, and keep moving forward. Thankfully there’s a website that contains Proxmox setup scripts for almost every service imaginable, making a homelab way more accessible.
Linux skills/terminal knowlege helps this process go by faster, and my networking knowledge helps too. But that’s basically all I got lol. I can understand an okay amount of what scripts do, but I’m no programmer/scripter. I screw up mount points, look up how to check ssh key fingerprints every 10 mins, I fail to get VPN tunnel configs to work, a whole slew of issues. But I always end up learning something in the end, and get one step closer to that sweet sweet setup. So just learn and break things while you don’t care about it. Who cares if I fuck up the jellyfin config? It only had like two videos in it anyway. Best to screw up now so when I go data hoarder I know how to save my info.
Edit: Just got SMB to work for both my VM and LXCs, and I’m so happy. Every accomplishment with my homelab has me fistbumbing the air and floating on clouds. Make a homelab just the high it gives you when you do something right.
Hi! I am also slowly getting the hang of it (just set up my first NAS with truenas last weekend) but there are dozens of youtube channels focused on it. I like Serversathome and the accompanying Wiki helped me a lot. This mainly focuses on an arr stack but there is also wiki pages for immich and nextcloud. Right now I’m using cloudflare tunnels to access services (i know feeding the machine etc.). If anyone knows an alternative to cloudflare tunnels (without putting everything into the same tailscale network) I would be happy to hear about it!
@Deckname @Bonifratz
Pangolin is an alternative to cloudflare tunnels, TrueNAS supports the Newt client for Pangolin as a community app. You can either host yourself with a VPS, or Pangolin offers a management dash they host. Under the hood is Wireguard.Nice! Thank you for the info! I will look into it :)
I used this guide to setup the Immich side. I’m sure I diverged from it, but I would not have figured out proxy headers without it.
Digital solidarity will be essential as we move forward. We will need both social solutions which facilitate community technical support and engineered solutions which make that support more effective. I like to imagine systems of distributed sever management where we build upon the computational capacity of those around us and the human capacity of those that care for them. I want to rely on people I love instead of opaque tech firms that only care about money. Compute power must not defeat humanity.
I was just thinking this week, that those who self host (and more importantly, those who program the code we self host), are at the front line of the modern digital resistance: in the sense that the world is burning due to the greed of the tech bros that run our daily lives. Convienience for the masses is what gives them power over us, and any one who rejects their systems is helping to fight back.
Voting with your wallet helps, so not giving them your money is the first step. Then managing and keeping your own data private is the next one.
You’re right. We’ve been traded convenience for our autonomy for way too long, and it’s created this massive power imbalance where a few tech bros basically own the digital roads we walk on. Voting with your wallet is a huge first step, but like you said, the real work starts when we actually take responsibility for our own data.
That’s exactly why I’m moving toward helping local businesses and groups build out their own nodes. It’s one thing to stop paying for a subscription, but it’s another thing entirely to stand up your own infrastructure that doesn’t report back to a corporate mother-ship. Every person who rejects the “default” and builds a private alternative is a small win for the rest of us, it’s about making the corporate extraction model fail by simply making it unnecessary.
To the folks in the comments debating whether I’m an AI: I’m flattered by the grammar check
This is the world we live in. If you can actually string words together into grammatically correct sentences, then you are AI. It matters not whether you are or you aren’t. Like the witch hunts of Salem, all that is necessary is the accusation. I personally don’t care if you used AI, the message resonates. Don’t let 'em give you shit about your pony tail.
It is freeing really. I used to proof read my comments, then paste in google search to check for easy to catch typos. When AI arrived, I was even putting my text through them so they are more “common tongue” and not my personal shorthands.
Now I just post it.
It’s a tool. A tool that needs some heavy regulation, but a tool nonetheless
In a fascistic enough world where this would matter, people who abstain from the system are automatically flagged to be shot too, just fyi. You gotta also fill the normie services with conformist content to not become a detected anomaly if you really want to do it properly.
This is the “Gray Man” strategy. If you have zero digital footprint in 2026, that absence of data becomes a data point itself. Anomalies get investigated.
I think we need to separate Camouflage from Logistics.
I’m not suggesting you delete your digital existence and live in a Faraday cage. By all means, keep the normie accounts. Post the cat photos on Instagram. Keep a Gmail address for the spam. Feed the algorithm just enough “conformist” content to look boring. That is your camouflage.
But Resistance Infrastructure isn’t about hiding, it’s about capability.
It’s about ensuring that when the “system” decides to de-platform your community group, or lock your bank account, or shut off the internet in your region during a protest, you still have a way to function.
