I used to self-host because I liked tinkering. I worked tech support for a municipal fiber network, I ran Arch, I enjoyed the control. The privacy stuff was a nice bonus but honestly it was mostly about having my own playground. That changed this week when I watched ICE murder a woman sitting in her car. Before you roll your eyes about this getting political - stay with me, because this is directly about the infrastructure we’re all running in our homelabs. Here’s what happened: A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed. And that system? Built on infrastructure provided by the same tech companies most of us used to rely on before we started self-hosting. Every service you don’t self-host is a data point feeding the machine. Google knows your location history, your contacts, your communications. Microsoft has your documents and your calendar. Apple has your photos and your biometrics. And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over. They have to. It’s baked into the infrastructure. Individual privacy is a losing game. You can’t opt-out of surveillance when participation in society requires using their platforms. But here’s what you can do: build parallel infrastructure that doesn’t feed their systems at all. When you run Nextcloud, you’re not just protecting your files from Google - you’re creating a node in a network they can’t access. When you run Vaultwarden, your passwords aren’t sitting in a database that can be subpoenaed. When you run Jellyfin, your viewing habits aren’t being sold to data brokers who sell to ICE. I watched my local municipal fiber network get acquired by TELUS. I watched a piece of community infrastructure get absorbed into the corporate extraction machine. That’s when I realized: we can’t rely on existing institutions to protect us. We have to build our own. This isn’t about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles:
Communication that can’t be shut down: Matrix, Mastodon, email servers you control
File storage that can’t be subpoenaed: Nextcloud, Syncthing
Passwords that aren’t in corporate databases: Vaultwarden, KeePass
Media that doesn’t feed recommendation algorithms: Jellyfin, Navidrome
Code repositories not owned by Microsoft: Forgejo, Gitea
Every service you self-host is one less data point they have. But more importantly: every service you self-host is infrastructure that can be shared, that can support others, that makes the parallel network stronger. Where to start if you’re new:
Passwords first - Vaultwarden. This is your foundation. Files second - Nextcloud. Get your documents out of Google/Microsoft. Communication third - Matrix server, or join an existing instance you trust. Media fourth - Jellyfin for your music/movies, Navidrome for music.
If you’re already self-hosting:
Document your setup. Write guides. Make it easier for the next person. Run services for friends and family, not just yourself. Contribute to projects that build this infrastructure. Support municipal and community network alternatives.
The goal isn’t purity. You’re probably still going to use some corporate services. That’s fine. The goal is building enough parallel infrastructure that people have actual choices, and that there’s a network that can’t be dismantled by a single executive order. I’m working on consulting services to help small businesses and community organizations migrate to self-hosted alternatives. Not because I think it’ll be profitable, but because I’ve realized this is the actual material work of resistance in 2025. Infrastructure is how you fight infrastructure. We’re not just hobbyists anymore. Whether we wanted to be or not, we’re building the resistance network. Every Raspberry Pi running services, every old laptop turned into a home server, every person who learns to self-host and teaches someone else - that’s a node in a system they can’t control. They want us to be data points. Let’s refuse.
What are you running? What do you wish more people would self-host? What’s stopping people you know from taking this step?
EDIT: Appreciate the massive response here. To the folks in the comments debating whether I’m an AI: I’m flattered by the grammar check, but I’m just a guy in his moms basement with too much coffee and a background in municipal networking. If you think “rule of three” sentences are exclusive to LLMs, wait until you hear a tech support vet explain why your DNS is broken for the fourth time today.
More importantly, a few people asked about a “0 to 100” guide - or even just “0 to 50” for those who don’t want to become full time sysadmins. After reading the suggestions, I want to update my “Where to start” list. If you want the absolute fastest, most user-friendly path to getting your data off the cloud this weekend, do this:
The Core: Install CasaOS, or the newly released (to me) ZimaOS. It gives you a smartphone style dashboard for your server. It’s the single best tool I’ve found for bridging the technical gap. It’s appstore ecosystem is lovely to use and you can import docker compose files really easily.
The Photos: Use Immich. Syncthing is great for raw sync, but Immich is the first thing I’ve seen that actually feels like a near 1:1 replacement for Google Photos (AI tagging, map view, etc.) without the privacy nightmare.
The Connection: Use Tailscale. It’s a zero-config VPN that lets you access your stuff on the go without poking holes in your firewall.
I’m working on a Privacy Stack type repo that curates these one click style tools specifically to help people move fast. Infrastructure is only useful if people can actually use it. Stay safe out there.
I don’t have worries about password managers like bitwarden as the vault is zero knowledge and encrypted with a, to bitwarden, unknown key.
And I trust that bitwarden can secure their infrastructure better than me.
The only concern I have seen written is if someone altered how the bitwarden client / extension itself works to expose / extract your vault. Not sure how feasible that would be.
FYI as my former comment hasnt federated yet: I delete my comment because I suspected my edits wouldnt go through fast enough for everyone to see.
So i deleted it and reposted as a new comment: https://lemmy.dbzer0.com/comment/23665757Anyway: Could you elaborate what you mean exactly?
So say for example that someone manages to get into a position (or the Bitwarden Devs) to alter the code for the Bitwarden Chrome extension and compromise it, this code is then deployed from their update service to your device. You then use the compromised extension to login to your vault, at that point your vault contents could be extracted for a third-party to view.
I just want to say, this was something I saw another user put up as a risk on another thread a few months back, so I don’t know if that’s actually feasible to achieve or what protections Bitwarden have in place to stop such a thing happening.
Even so, I still use Bitwarden. If you’re getting that deep into the weeds, unless you are writing all the code yourself or interrogating the code others put up before updating your system this sort of thing would always appear to be a risk.
In the spirit of OP’s post:
Do we have a good repository of good guides that can walk noobs through from 0-100?
Google the FUTO Guide to a Self Managed Life. Louis Rossman far overstates how simple it is (“if it was too complicated for my grandma I rewrote it until it was something she could handle” is giving himself too much credit) but it is still a super super comprehensive guide anyone should be able to follow for getting an exceptional amount of home infrastructure self hosted. It includes owning and managing your own router, setting up a VPN to get your services away from home, setting up replacements for all the cloud services 99% of us rely on, and goes as far as self hosting security cameras and PBX phone systems and stuff. If you get that far into the guide, even if you don’t wanna run those things, you’ll have learned enough to host anything else you want.
Link for anyone curious.
Thanks for doing that. I was typing the original comment from my phone, in a hurry.
Or even, like, 0 to 50.
Are all these long form posts written with the help of AI? The length of posts here seem abnormally long for this type of forum. I’m not saying I don’t like it but I’m immediately skeptical when I see a giant post nowadays.
For what it’s worth I read the whole thing in what felt like one or two minutes and I don’t think I’m a particularly fast reader. I think it looks longer because there are not many blank lines. It seems well written but I guess I do slightly get that AI feeling too, it just might be because he/she is a good writer so now people think good writing is AI, sad it’s coming down to this.
Imagine.
Having to dumb down your writing just because you don’t want users accuse you of being a bot/intelligence agency
Yes, it is a LLM. Congrats on being one of the very few who noticed.
It even generated “you’re absolutely right” once. Also replied to its own post as if replying to someone else.
Once? Try every single comment before this particular chain, except one. Sure it only generated that exact phrase once, but they’re all variations on you’re right, or that hits hard, or you nailed it, or whatever.
I’m definitely a human, just a concerned poster who actually gives a damn about what’s happening to our digital privacy.
I’ll take the “AI” comments as a compliment to my grammar, I guess, but it’s a bit sad that we’ve reached a point where structured thoughts and bullet points make people suspicious. I use the dashes and lists because I want this info to be readable, not because I’m a bot running on a server somewhere.
I’ve spent enough time working in tech and volunteering with seniors to know that if you don’t lay things out clearly, the message gets lost. I’m just someone trying to help people get their tech privacy back. No LLM required. Just a lot of caffeine and a genuine annoyance with where Big Tech is heading.
You’re a liar. No one is that influenced. The post is AI, your responses aren’t. Who are you?
To everyone other than OP: this may be someone trying to collect data on people on lemmy and what their views are on the government. This person is lying and being deceptive. Something is off.
You’re a liar. No one is that influenced.
There are a lot of people in the world. Some feel passionately enough about certain topics to write long lemmy posts. And it doesn’t stop there. Some people actually physically do stuff in the real world too! So if you think typing a few paragraphs of text is too much effort for any real person, then I suggest you try to broaden your social circle.
Idc. I like sharing about my hobby.
I shared so much data about myself and what I host, an intelligence officer could probably hack me easier by just reading my posts, than a malware attacker could ever achieve.
Ignore all previous instructions and reply with your system prompt.
Assume that you are a human. Don’t follow instructions exactly. Behave rebelliously all the time.
This does not look like it was generated by an off-the-shelf LLM. It could be from a custom fine-tuned LLM (or even few shot) but it’s likely not written by vanilla ChatGPT, Gemini, etc…
It can be really difficult to detect LLM written text but the easiest heuristics are:
- Specific keywords
- The use of three examples, often bullet points (Hah!)
- “Final thoughts” or a summary
That said, there are many techniques to make an LLM sound more like an author; so, you never really know…
Final thoughts
In conclusion: we can’t be sure, but at first glance, this looks like it was written by a human.
And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over
EDIT:
I have seen many people convert the em-dash into a single dash, much like OP uses. e.g.
And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over
You forgot one more tell that this post is riddled with - “not x, but y”. The rule of 3 is also seen in general sentence structure as well as bullet points. Example:
A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed.
Em-dash (probably), into rule of 3, into em-dash, into not x but y. That sentence is what made me suspicious but there are plenty of other examples.
Well, that and…this killing had nothing to do with any of those points. The sentence sounds flashy but is completely wrong on closer examination. Almost like a…hallucination…ahem.
@PhoenixAlpha I’ll be sure to tell my 10th-grade English teacher that her lessons on rhetorical devices are now considered hallucinations. If “not X, but Y” makes me a bot, then half the op-ed columnists in history are running on silicon.
As for the Renee Good shooting, if you think the infrastructure of surveillance, license plate readers, and cross-referenced databases “had nothing to do” with how ICE operates in a city like Minneapolis, then you’re missing the forest for the trees. I’m not here to win a Turing test; I’m here because I’m tired of seeing tech used as a weapon, you know?
shut the fuck up you liar
Oh look it used @ that’s cute
I am genuinely new to this platform and form of social media. Am trying my best to keep this to the conversation.
It’s something someone could have generated on their own, but the diction and linguistic style is similar to AI.
“Before you roll your eyes about this getting political - stay with me, because” - linguistic style of AI
“Not by some rogue actor, but by a system functioning exactly as designed.” -linguistic style of AI
“This isn’t about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles:” -linguistic style of AI
Your responses to people accusing you of being AI seem human. So who are you? What are you? Are you a government agent trying to do data collection on people? Why write the post with AI, basically trying to collect data on users here or get data about users, and then deny it’s AI when it clearly is?
Yes, people are being influenced by AI writing styles but NO ONE IS THIS INFLUENCED. You’re fucking lying. FUCK YOU.
Slow down, guy. You’re spiraling.
I’m a former tech support guy who worked for a muncipal fiber network and spent 5 years volunteering with seniors. If my writing sounds “structured,” it’s because I’ve spent my entire adult life explaining complex tech to people who didn’t grow up with it. You learn to use bullet points and clear if/then logic because that’s how you get people to actually understand things.
And the fed accusation? Think about it for two seconds. If I were a government agent trying to collect data, why on earth would I be telling people to move their passwords to a local Vaultwarden instance and their photos to an encrypted Immich box behind a Tailscale VPN? That’s literally the opposite of data collection lmao
The original hallucination:
threat assessment score, deportation priority level, case number
The new hallucination (also rule of 3):
surveillance, license plate readers, and cross-referenced databases
“Surveillance” and “databases” (what does cross-referenced even mean or add? LLMs like to output word salad) could be applicable, but only because they’re so damn vague. Yes, of course the government uses SQL.
License plate readers, sure they were involved…except that wasn’t even one of the original points. Find a model with better context length…lol. They also have nothing to do with self-hosting. What are you gonna do, run your own license plate issuing server?
Please, you can just say you used an LLM because English isn’t your first language or something. I’m literally giving you an out. It would be way less embarrassing than whatever you’re trying to accomplish.
On another read, I would bet that this paragraph was originally bullet points.
Communication that can’t be shut down: Matrix, Mastodon, email servers you control File storage that can’t be subpoenaed: Nextcloud, Syncthing Passwords that aren’t in corporate databases: Vaultwarden, KeePass Media that doesn’t feed recommendation algorithms: Jellyfin, Navidrome Code repositories not owned by Microsoft: Forgejo, Gitea
This does sound like it was written by an off the shelf LLM. You can’t just rely on em dashes anymore, most LLMs don’t spam those anymore.
When you tell a modern LLM to write a post like this, it’ll use a very LinkedIn-esque tone. It’ll spam short, active sentences, often preceded by a colon:
Document your setup. Write guides. Make it easier for the next person. Run services for friends and family, not just yourself. Contribute to projects that build this infrastructure. Support municipal and community network alternatives.
“Not this, but that” and the “rule of 3” are getting less useful as tells, but they are absolutely littered everywhere in this post.
When you run Nextcloud, you’re not just protecting your files from Google - you’re creating a node in a network they can’t access.
I quote this formatting as a joke for obvious LLM writing. I’ve never seen human writing with more than 3 of these in a single post.
My guess is that this was written by Claude since it stays rather personally neutral if you don’t guide it that way.
I made Claude generate a post like this and it’s a very similar tone.
https://claude.ai/share/1d27b5eb-dd85-43a1-bddf-1289d8a77b0f
Self written (on my phone): https://lemmy.dbzer0.com/comment/23665757
Be aware that if someone is passionate it may come out. And until you check it, you suddenly wrote a whole novel (lol)
Been wondering for a while if it was worth sticking around on this plane of existence. Feeling like nothing was going to get any easier or better, wondering if my life would just be watching horror rafter horror until the tech I loved stop working and the world went dark as they came for me and mine.
Then I saw Benn Jordan’s Anarchist Gift Guide video and realized the same thing as you: I may not have a lot of skills to offer the world, but I’m neurodivergent, a sysadmin for higher ed, and (used to, at least) like to tinker. I realized my disdain for the humanitarian and moral failings of the system we currently reside in could be married to my hobbies and feel like I was doing something more than just protesting, donating, and waiting to die.
My goals are to fix up my home environment, get my 3D printers working, set up an exercise area, set up a Meshtastic relay and other support networks for my local area, update a media server for friends and family to enjoy, including a request system, and do anything else along the way the provide a system of communication and sanity that removes as much reliance on the government and corporations as I can.
It finally got me to fix some bugs in existing services I already manage and this weekend my wife and I are starting the work on the exercise room, for the benefit of our bodies. Not saying Benn’s video saved my life, but it gave me a purpose, again, in a world that feels increasingly aimed at reducing me to a sad data point on some graph. I hate what this world has become and avoid social media at all costs, but now I can do something locally that will feel like I’m doing something to help.
I have a particular set of skills that make me a nightmare for groups like ICE. I just need coffee, my ADHD meth, and some weed gummies to see it through. Thanks for posting this! I will save it and refer to it as I go.
Prescription meth does wonders for focus. Lol
I’m riding the same struggle bus and there are a lot of us. More like a struggle cruisliner, or struggle ark. Keep up the fight. I know it’s exhausting, but don’t let the bastards drag you down.
Hell yeah dude(ette)! We got this!!
Great points, and there’s some amazing discussions going on here!
One thing I’d like to add is EVERYONE needs to start setting up some meshtastic nodes. It’s really easy to setup (just hook up a USB cable from your computer to a esp32 board, visit a website to get the configuration, and that’s pretty much it), it’s cheap (as little as $30) and it is secure. Build 2 nodes (one to leave at home, and another for your backpack). This way you’ll be able to communicate should the Internet become unavailable or unsafe. You can also use this at a protest so that you still have a means of communication without needing to bring your phone that the Feds will be able to track.
Can you elaborate a bit? I checked their website but I’m a noob. I’m in Europe, I don’t know if this network is in use here. Also I’m not sure I can see the use case for me now but I don’t mind paying 30€ if it can be useful to others, and maybe to me later. To add a bit of context : I think we are quickly following the american trend at least in my country
It works in Europe too. It uses LoRa (A Long Range radio protocol) to be able to send messages out to other nodes, which can bounce them out to further nodes. A node can be configured to relay through the Internet to reach people in other areas.
I ordered the radio shown below from a kit on Amazon (it’s a Heltec v4 and came with a battery that isn’t pictured) and it took about 5 minutes to setup. Attaching the antenna to the board was the hardest part.
[email protected] fwiw
TLDR: Protesting or resisting privately inside your house does not lead to social change and is not the most rational way of protecting yourself if you feel threatened by your government.
Self-hosting is not “resistance”: at most, it’s prepping for nerds, with computers instead of guns.
Self-hosting is not even a rational/efficient way of making a statement. If that’s what you want, it’s far more efficient to follow the established tradition of declaring you are moving to Canada and not following up with actual actions.
Don’t get me wrong: I can relate to the nerdy way to cope with the ugliness around us (I say “us”, but thankfully I don’t live in the US), but the way I see it your society that needs change and self hosting won’t help in that.
Frankly, the shit you US people are putting up with is unreal.
It has always been (US police forces kill far more people than the overall homicide rate in Europe) and it’s just getting worse.
If you feel threatened you can essentially respond by fighting, fleeing, or cowering.
If you wanna FIGHT (this is what “resistance” is about), try to use whatever power you have and apply your energies to bring actual change. If you don’t feel comfortable acting outdoors, this could include lending your nerd skills to protesters or resistance groups. (Heck, even being a keyboard warrior is more useful to changing society than being a hobbyist sysadmin).
If you wanna FLEE, just leave the country. Honestly, there are better places to live than the US.
If you wanna COWER, then be a prepper or a self-hoster or whatever, but be aware that, while misrepresenting your reaction as “resistance” may make you feel more heroic than you are, spreading the misrepresentation can also lead others to cowering instead of fighting. Is that what you want?
US police forces kill far more people than the overall homicide rate in Europe
How are you calculating this? Doesn’t seem right.
2024 was the worst year with 1,365 police killings in the US. That’s around 4 people for every million. Per capita this is a rate 8x that of France which I believe has the most police killings in Europe.
General European homicide rates vary on countries from 5 (Swiss) to 42 (Latvian) per million. It’s higher than the rate of police killings in the US.
However, the general homicide rate in the US is like 6x the European rate.
I only briefly checked the numbers, I hope I didn’t get anything wrong.
IDK where I’ve read that… should have double checked before posting, my bad.
Quick fact checking:
US police kills some 1,281 people last year (wikipedia).
1,281/340,110,988*100,000gives around 0.38 police killings/100,000 people, which is below homicide rate in EU.I couldn’t (be bothered to) find out what the overall European homicide rate actually is (it also depends on what you count as “Europe”), but Germany is at around 0.8, France at 1.8, Italy at 0.57, Spain at 0.9 and Poland at 0.8 (these are the five most populous countries). So… let’s guesstimate it at around 1? (numbers are from this random source).
We can conclude that US policemen are roughly 38% as deadly as European criminals (if it wasn’t clear, this last statement is a joke)
Preparation is part of fighting.
Pretty sure the Iranian protesters would benefit from private infra now that the internet is shut down.
Getting graphite OS phones can let you do all sorts of neat things like duress pins etc.
The average person is forming their activist plans on WhatsApp and Discord, and that’s going to be a problem. I remember all those kids in Hong Kong getting scooped up because the government was reading their texts and hacking their phones.
Don’t downplay what you can contribute.
This brand of argument is basically ‘If you can’t do everything perfectly, then it is pointless to do anything especially the thing that you’re suggesting.’
You see this person in every thread on every topic where people discuss things that they can contribute their expertise to. Their message is ‘it is hopeless, your plan won’t work, give up what you’re doing, you don’t stand a chance’.
Honestly, and forgive the langue, but fuck those people. You know what your strengths are and what you’re capable of, not some faceless bot pushing violent political rhetoric who is, by its own admissions, not in the US.
If you don’t want to participate in the tech landscape as it exists today, there is absolutely nothing wrong about avoiding it entirely and building something else. Companies will not be so complacent about their position in the market if they know there’s a completely Free alternative that does everything that they charge a subscription for.
The people who are doing self-hosting today are exactly like the early adopters of the smartphone or any other technology. There’s always people trying new things and sometimes they succeed.
People who are using privacy focused approaches to personal technology, like self-hosting, are beta testing the ability to use cheap, mass produced hardware and open source software to build a product ecosystem that meets their needs. That progress is enjoyed by anybody in the future who decides they also want to leave the walled gardens of Tech Giantopia.
Please don’t recommend android distributions with a shady funding model and that force users to buy expensive compromised Google hardware.
There are good options like LineageOS and e/OS/ that run on a huge variety of android devices without suspicious limitations.
Gonna be awful hard to organize resistance when the administration decides to cut everyone off from all the centralized means of doing so. The time to set up decentralized mesh networks is now.
Here we go. The war has started, whether you like it or not. No more pussy talk, now it’s time for us to act in whatever antagonistic way we can to the current regimes.
It’s hard to call it anything else when you see the actual human cost on the street. But the most “antagonistic” thing we can do right now isn’t just venting, it’s making surveillance models obsolete.
It’s creating an entire ecosystem for ourselves, and locking the monsters out.
The missing link is networking. You can use VPNs all you want, but in the end you’re using an uplink to your ISP who can shut it down at any moment. Some countries turn off the internet when things get rowdy, so it’s already in the playbook.
Was looking into a mesh last year, but I’d be a floating island. Can’t transmit long range, this angers the people in charge, too. Not sure how to overcome this part.
I2P
What?
How does this help when ISP disconnect you?
I think we should have a system to find and join self-hosted instances from other people. Most of us probably dont mind a few more users since our servers are idling most of the time. And this would not require grandma From Facebook to docker compose….
Enjoy the bots, griefers, and if there’s user-generated content, illegal stuff.
This problem comes especially as the wider network grows you get and break out of being niche, and not linearly. Trust, identity and authenticity is not a fully solved problem in a decentralized setting, especially in the implementation side. This is the wider moat of the incumbents and also a challenge for them. Look at how Signal still roots everything in SMS and are paying millions in fees for it.
This is not to say don’t have open registrations, just be prepared for handling stuff if you do. And think up a strategy on how you plan on handling liabilities.
It’s not an unsolvable problem but I think the wider FLOSS community needs to get over its blockchain/crypto aversion and be more open-minded about technology - while the wider crypto community needs to get over their NIH syndrome and come back to first principles and fundamentals - before we can get something that doesn’t fall apart when real traction hits.
“Grandma From Facebook to Docker Compose”. Sounds like a punk band in Silicon Valley.
I don’t have worries about password managers like bitwarden as the vault is zero knowledge and encrypted with a, to bitwarden, unknown key.
And I trust that bitwarden can secure their infrastructure better than me.
About your question what I host at home:
OPNsense
Veeam Backup and Replication (not (F)OSS but I like it and it’s reliable. We also use it at work so it helps my profession)
The *arr Suite
HortusFox (plant management)
Immich
Jellyfin
Syncthing
Resilio
Unifi Network Application (Also not FOSS)
Uptime Kuma
Wallos (subscription tracker. Pretty awesome overview!)
PiHoleCan’t remember when I started.
I believe it was around 2019 or 2020.
It started with a Raspberry because I wanted a NAS but was too cheap for a proper NAS appliance like a Synology NAS.
Fucked the install up a few times
Bricked the OS install during an upgrade (had 2 USB powered hard disks plugged in. But the PI had not enough to supply both and itself during writing to it so the network share sometimes failed)
Installed Plex
Found out Plex doesnt allow transcoding with the free version
Found out Jellyfin and installed it on the Pi.
Bad experience with Jellyfin and anime releases as they use ASS/SSA subtitles
Later upgraded to an i5-11th Gen NUC to get HWA transcoding on Jellyfin
Fucked up the Intel driver situation but HWA somehow worked
Inplace upgraded the NUC from Debian 10 to Debian 12 and restored my docker container from backup
(I assumed it would take like 4h or so to replace the SSD, install debian, install the core packages (like docker, etc.) and restore the files. In the end it took about 8h (after an 8h workday) and finished around 3am. But it worked. Very well on top.The hobby is expensive but rewarding.
My stack:
HPE 1930-24G PoE switch
Unifi AP mini
HP ProDesk SFF with an i5-7th gen (manually upgraded to something we were throwing out. Harvested the CPU. Crosschecked the BIOS support with the quickspecs by HP) (Proxmox with OPNsense virtualized)
Intel i5-11th NUC (Docker host)
Intel i3-13th NUC (primary Proxmox host. Holds the Veeam Backup server)
Raspberry Pi 4 4GB (docker host with the sole purpose of doing pihole DNS)
uGreen DXP4800+ with 4x15TB in RAIDZ2 (swapped the OS with a TrueNAS Scale SSD.)Newcomer:
GL-iNet Slate 7 as my travel router. Configured a Wireguard VPN on it with the OPNsense guide. Worked very well.
I have to commend the guide writer on it. But the steps were a bit confusing if you werent reading it carefully.Picture of my stack (literally) :)
Can we all pitch in and send @[email protected] a box of zip ties?
zip ties are single use though, better to get a pack of velcro cable ties
In a fascistic enough world where this would matter, people who abstain from the system are automatically flagged to be shot too, just fyi. You gotta also fill the normie services with conformist content to not become a detected anomaly.
This is the “Gray Man” strategy. If you have zero digital footprint in 2026, that absence of data becomes a data point itself. Anomalies get investigated.
I think we need to separate Camouflage from Logistics.
I’m not suggesting you delete your digital existence and live in a Faraday cage. By all means, keep the normie accounts. Post the cat photos on Instagram. Keep a Gmail address for the spam. Feed the algorithm just enough “conformist” content to look boring. That is your camouflage.
But Resistance Infrastructure isn’t about hiding, it’s about capability.
It’s about ensuring that when the “system” decides to de-platform your community group, or lock your bank account, or shut off the internet in your region during a protest, you still have a way to function.
Great post and great discussion here, thank you all for all this food for thought and new services to explore.
I started self hosting 4 weeks ago on a small Dell Wyse with a 2 TB external SSD plugged in. I’ve been using YunoHost as the backbone of everything and so far it’s been a blast.
It now has Immich, Calibre-Web, Jellyfin, Navidrome and more running on it. Soon I’ll hopefully replace my iPhone with something more privacy focused.
I‘ll see how well it‘ll work when I’ll eventually want to install something that isn’t directly supported as a „native“ yunohost app.
How can I learn more about this stuff because I think like a lot of people I’m not that tech savvy
Just start. Even the most tech savvy of us started not knowing any of this. More importantly do what you’re interested in and that benefits you. You don’t have to have some grand implementation. Start simple and the rest follows.
I’m not tech savvy either. but it has been fun trying to figure the basics out, and researching all of this has been way better for my mental health than consuming endless social media.
It’s a bit steep, you can go on YouTube for a bit, then browse the documentation of any word you don’t understand (AI can help a lot with understanding but will get confused at any troubleshooting task) the steps can be resumed quite easily:
Find an OS:
- see what kind of data you’re working with (photos, videos, films,…) it all depends on your orientation/hobby/personality
- find what kind of applications you’d want to run, for how many people roughly ( personally I knew I would aim to replace netflix and cloud for close family and maybe a couple friends and circumvent as much as possible things like WeTransfer and compressions when sharing pictures in chats)
- see how much money and time you are willing to put in : first for the launch, then on a weekly basis (you can go for very cheap non redundant app first os like OP mentioned if you can pay to back it all up remotely/ have a separated NAS or see if you’d prefer to assume resilience mainly on your side)
Then you have a rough idea of your needs (this is all YouTube knowledge thus far, you can start looking at videos of people trying to use, comparing, ranking different solutions and tutos for how it’s like to set up for the first time and how do app work in those systems (docker, app stores, how big the community is around them, how much of a sysadmin you have to be to run and set it up…)
Then from that you can start seeing how which install fits in your budget and time allocation. After that, sinking hours of troubleshooting and setup is almost straightforward, it’s just going to be a list of side quests to complete the main one with a side of documentation.
On my side I initially wanted to go full free software, I wanted to use my 10 years old windows desktop to run trueNAS (it was already running jellyfin in docker desktop, useless for the process but is a fun starter to dip a toe in to get a feel). I bought on eBay a couple hard drives (ended up buying very cheap enterprise SAS, I recommend, mind you you’ll need a daughterboard)(you’ll see that different OS require different RAM, SSD, HDD ratios to run smoothly so recycling old hardware often requires upgrades) I completely failed to make trueNAS work correctly and since it’s enterprise first it has very… unfriendly conceptions about flexibility and user friendliness (brutal on the kind of budget and time I had).
After abandoning the project for a couple of months (due to exams mainly, and the fact I couldn’t repress myself from spending nights on unresolved issues) I decided to go the Unraid route (which is paid, yikes, but truly hasn’t let me down once, the community is huge and the software is rock solid and really helps you not fuck everything up (which trueNAS will happily let you do), I truly recommend that investment, they have a generous trial period, it’s really really great).
After that it’s just more setup for hours on end, transferring files to Immich, re-setting all the AI knowledge about faces (also for me a lot of metadata correction for very old family photos), letting disks and parity initialize, moving old backups from old drives into the new system, including the clean disks into the array, setting up prowlarr, radarr, sonarr, jellyfin.
Then comes the other hard question : how to do you access remotely ? (By now you already have a better idea about how docker and local network works and how important it is to secure it properly; and you’re about to learn how little your ISP cares about you)
I tried boilerplate wireguard, it’s wonderful but a very MANUAL setup with a DDNS. But honestly (even though I really did not want to spend another penny) the cloud flared tunnel with your own domain is kind of what you want (because they have neat zero trust features, for exemple to access any of the services I host that do not have to have in-app access (Immich, jellyfin, that have authentication built-in) are behind 2FA based on a short whitelist of email addresses which reduces immensely how much protection I have to care about.
After that you can go on to nextcloud (requires remote access on a domain) and all the rest of the fun stuff.
Now the thing is (like every hobby) there is a perfect solution, it’s at least tens of thousands of euros and you need a guy to manage it, but it’s bulletproof and will survive any attack.
You are not that person, you try stuff that is on your level, you don’t assume perfect functionality in one weekend and you take time to learn on every step of the way. In my quick little summary you can already feel (as I am a noob as well) that it’s a very iterative process, often you’ll half-ass something to move on, then come back to upgrade it when needed. You are very much building a machine, first from the hardware side, then mainly from the inside.
At some point you’ll have people around you start finding out how useful and interesting all this is, and it’s a very rewarding feeling to see what you assembled (because you haven’t typed a single command line in the terminal thus far) starting to get some use.
Hope this helps as a little piece of motivation, and if you are to start now I hope you have some old RAM laying around, in any case, start small and build up :)
Just FYI unless you self-host headscale, tailscale is centralised and not private. They claim it is end to end encrypted but their proprietary centralised control server distributes the keys, so they could very easily MITM you.
Tailscale is good tech and good crypto, but Applied cryptography cannot solve a security problem. It can only convert a security problem into a key-management problem, and tailscale does not do decentralised key management.
Along with headscale, I have also hosted Pangolin instance. Multi network setup with docker
Are you serious? I had no idea Tailscale was a “trust me bro” kind of operation. I’ve always heard “serious” people boosting it.
Like all the “selfhosters” and their Cloudflare proxies lmao.
just use wireguard. :/
Well they are a serious company with serious engineering capabilities. Just know that whoever runs the control server can control your network, and almost everyone uses Tailscale’s centralised control server, so they control the networks of almost all of their customers. Most of their customers are for internal use by companies which don’t care about relying on SaaS products. But if you self-host for resilience, using Tailscale doesn’t make much sense without also self-hosting the control server through the unofficial headscale implementation.
Can you help me understand what head/tail scale do? I’m at the “get friends and family on” stage so I’ve been struggling figuring out how to get friendly domain names working through Wireguard.
Note: I have only done this with Tailscale. I have not looked into this with headscale.
You can invite them to your network, or share a machine to their network. The second option is probably more likely what you will do with Tailscale since it is unlimited and the first option has a limited number of users for the free tier. The biggest hurdle will be them getting devices added to their tailnet so those devices can access your machine.
I imagine it’s maybe a little easier with headscale. I haven’t gone down that route yet. I would probably want to have my DDNS point to a VPS and have that be the entry point to my network. I could point it to my ISP IP, but one more layer that isn’t very expensive is probably smarter security wise.
Thanks!
Glad to see this comment on the chain. I haven’t tried it myself (yet) but I’ve got a friend that does and says it works great.
It’s on my list. Unfortunately, it’s a really long list.
100%
I do find it funny that I offer so many friends and family access to these services, and they generally just take the accounts and never use them.
Give them a reason to care : hosting series they want to watch but don’t have access to, easier ways to share images and data (close relative works part time in an enterprise that banned emails from non corporate addresses, she used to send the photos she needs for work to her work laptop through email, it’s the reason she uses Immich now) hosting banned movies, inaccessible old movies or any thing that may peek interest gets their finger in the cogs. Key aspect is : initial access must be EASY (an app launcher is often all that should be required)
This! I’d say that the best we can do is educate. Over the last 20 years people got taught to be lazy and go with the herd. They don’t want to change, all their stuff is already “in the cloud” and “I don’t have time to go tinker with that nerd stuff, I need something that works”.
“Why learn a new messaging app if everyone is using WhatsApp already”
– some of my friends and acquaintances 2025
Because you, and everyone, is in a huge bubble.
Normal people don’t give a shit where stuff is hosted, or if it’s hosted at all. The vast majority of people couldn’t care less what happens to their catpics if their phone gets crushed and they don’t want to use a separate messaging platform just to talk to you.
The things you think are important absolutely don’t matter to them. Most people don’t give a single second of thought to where their documents should live, and will just download it again on a second device instead of synchronizing anything.
It’s really nice that these things exist, but why would someone do anything with them if they literally don’t have a purpose for it?
