I used to self-host because I liked tinkering. I worked tech support for a municipal fiber network, I ran Arch, I enjoyed the control. The privacy stuff was a nice bonus but honestly it was mostly about having my own playground. That changed this week when I watched ICE murder a woman sitting in her car. Before you roll your eyes about this getting political - stay with me, because this is directly about the infrastructure we’re all running in our homelabs. Here’s what happened: A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed. And that system? Built on infrastructure provided by the same tech companies most of us used to rely on before we started self-hosting. Every service you don’t self-host is a data point feeding the machine. Google knows your location history, your contacts, your communications. Microsoft has your documents and your calendar. Apple has your photos and your biometrics. And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over. They have to. It’s baked into the infrastructure. Individual privacy is a losing game. You can’t opt-out of surveillance when participation in society requires using their platforms. But here’s what you can do: build parallel infrastructure that doesn’t feed their systems at all. When you run Nextcloud, you’re not just protecting your files from Google - you’re creating a node in a network they can’t access. When you run Vaultwarden, your passwords aren’t sitting in a database that can be subpoenaed. When you run Jellyfin, your viewing habits aren’t being sold to data brokers who sell to ICE. I watched my local municipal fiber network get acquired by TELUS. I watched a piece of community infrastructure get absorbed into the corporate extraction machine. That’s when I realized: we can’t rely on existing institutions to protect us. We have to build our own. This isn’t about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles:
Communication that can’t be shut down: Matrix, Mastodon, email servers you control
File storage that can’t be subpoenaed: Nextcloud, Syncthing
Passwords that aren’t in corporate databases: Vaultwarden, KeePass
Media that doesn’t feed recommendation algorithms: Jellyfin, Navidrome
Code repositories not owned by Microsoft: Forgejo, Gitea
Every service you self-host is one less data point they have. But more importantly: every service you self-host is infrastructure that can be shared, that can support others, that makes the parallel network stronger. Where to start if you’re new:
Passwords first - Vaultwarden. This is your foundation. Files second - Nextcloud. Get your documents out of Google/Microsoft. Communication third - Matrix server, or join an existing instance you trust. Media fourth - Jellyfin for your music/movies, Navidrome for music.
If you’re already self-hosting:
Document your setup. Write guides. Make it easier for the next person. Run services for friends and family, not just yourself. Contribute to projects that build this infrastructure. Support municipal and community network alternatives.
The goal isn’t purity. You’re probably still going to use some corporate services. That’s fine. The goal is building enough parallel infrastructure that people have actual choices, and that there’s a network that can’t be dismantled by a single executive order. I’m working on consulting services to help small businesses and community organizations migrate to self-hosted alternatives. Not because I think it’ll be profitable, but because I’ve realized this is the actual material work of resistance in 2025. Infrastructure is how you fight infrastructure. We’re not just hobbyists anymore. Whether we wanted to be or not, we’re building the resistance network. Every Raspberry Pi running services, every old laptop turned into a home server, every person who learns to self-host and teaches someone else - that’s a node in a system they can’t control. They want us to be data points. Let’s refuse.
What are you running? What do you wish more people would self-host? What’s stopping people you know from taking this step?
EDIT: Appreciate the massive response here. To the folks in the comments debating whether I’m an AI: I’m flattered by the grammar check, but I’m just a guy in his moms basement with too much coffee and a background in municipal networking. If you think “rule of three” sentences are exclusive to LLMs, wait until you hear a tech support vet explain why your DNS is broken for the fourth time today.
More importantly, a few people asked about a “0 to 100” guide - or even just “0 to 50” for those who don’t want to become full time sysadmins. After reading the suggestions, I want to update my “Where to start” list. If you want the absolute fastest, most user-friendly path to getting your data off the cloud this weekend, do this:
The Core: Install CasaOS, or the newly released (to me) ZimaOS. It gives you a smartphone style dashboard for your server. It’s the single best tool I’ve found for bridging the technical gap. It’s appstore ecosystem is lovely to use and you can import docker compose files really easily.
The Photos: Use Immich. Syncthing is great for raw sync, but Immich is the first thing I’ve seen that actually feels like a near 1:1 replacement for Google Photos (AI tagging, map view, etc.) without the privacy nightmare.
The Connection: Use Tailscale. It’s a zero-config VPN that lets you access your stuff on the go without poking holes in your firewall.
I’m working on a Privacy Stack type repo that curates these one click style tools specifically to help people move fast. Infrastructure is only useful if people can actually use it. Stay safe out there.
I’m slowly making the switch over to self hosting most things. This is a good post.
I use opencloud. Much better than nextcloud
Thank you for kicking this hornet’s nest. There is a lot of great info and enthusiasm here, all of which is sorely needed.
We have massive and widespread attention paid to every cause under the sun by social and traditional media, with movements and protests (deservedly) filling the streets. Yet this issue which is as central and crucial to the notion and practice of freedom itself as any rights currently being fought for (as it intersects with each of them in very clear and direct ways), continues to be sidelined and given the foil hat treatment.
Discussions around disinformation, political extremism, and even mental health all can not be adequately had without addressing our technical and digital context, which has been hijacked by these bad actors, robber barons selling us ease and convenience and promises of bright, shiny, and Utopian futures while conning us out of our liberty.
With the widespread, rapidly declining state of society, and the dramatic rise and spread of technologies like AI, there has never been a more urgent need to act collectively against the invasive practices violating our most fundamental human rights.
Those of you whose eyes are open to this crisis are needed. Your voices are too absent from the discussions surrounding the many problems and challenges we face at this critical moment. Public awareness is needed for any real hope of change to occur.
As many of you have pointed out, the most immediate step people need to take is disengagement with the products and services that are surveiling, exploiting, and manipulating us. Deprive them of both your engagement and your data.
Keep going, keep resisting, do the small things you can do. As the saying goes, small things add up over time. Keep going.
Exactly, I’m glad more people are seeing it this way.
The goal of capital is to gain power and leverage, they don’t really care about some numbers.
It’s the dream of all tech companies to become a monopoly, they even say it with a straight face. They want as much control as possible? Why? So they can use the leverage for even more.
The beautiful/horrifying part is, the system weeds out anyone company that does not do this. The only way is for the end users to push back.
I just want to bring to attention something I was just finding out thanks to this post.
I started self hosting some stuff by installing raw in arch and well… It was a pain, but worth it. Then later I found out about CasaOS, which is recommended by OP, and I agree, it was great to have it to install some more services and a lot easier. But just like OP I just found out about ZimaOS, which is announced even in casaOS project as a better system and an upgrade. So I went to check and the whole project is changing from open source in casaOs to proprietary in ZimaOs. Not content with that, in the latest release of ZimaOs they have added a one time payment to eliminate some limitations of the free version. It is still affordable and a “lifetime” license but if they have added a payment for full access once they might do it again, despite their current promises that they won’t ever make a subscription style payment.
So, careful with that project, I would recommend to avoid any solution that is proprietary or otherwise it won’t be yours in the first place. I had in mind to change from CasaOs in Debian to OpenMediaVault to handle a DAS and install casaOS on top of that. But now I have to reconsider, so far I have already seen a few worth recommendations in this post that seem nice: FreedomBox and YunoHost to mention a couple that are FOSS.
To the folks in the comments debating whether I’m an AI: I’m flattered by the grammar check
This is the world we live in. If you can actually string words together into grammatically correct sentences, then you are AI. It matters not whether you are or you aren’t. Like the witch hunts of Salem, all that is necessary is the accusation. I personally don’t care if you used AI, the message resonates. Don’t let 'em give you shit about your pony tail.
It is freeing really. I used to proof read my comments, then paste in google search to check for easy to catch typos. When AI arrived, I was even putting my text through them so they are more “common tongue” and not my personal shorthands.
Now I just post it.
It’s a tool. A tool that needs some heavy regulation, but a tool nonetheless
I’m glad you are starting to tinker and using privacy tools. It is always nice to see someone go down the rabbit hole/journey. Been on this journey myself since 2012. When it comes to social media nostr is also a go one to self host. It is a protocol.
Yeah I mean this is why I’ve always been concerned about privacy.
The most flagrant example is the Pasco county “intelligence-led policing” where they used data acquired by databrokers and fed it into a prediction model that decided who was most likely to commit a crime, then harassed them at all hours of the day and night until they were coerced into committing a crime or they left town.
I assume ICE is doing the same sort of things.
This was always the inevitable result of all the data hoarding. Keep your data out of these databases and you just become nearly invisible to them.
I’m forwarding this to as many people as I can.
TLDR: Protesting or resisting privately inside your house does not lead to social change and is not the most rational way of protecting yourself if you feel threatened by your government.
Self-hosting is not “resistance”: at most, it’s prepping for nerds, with computers instead of guns.
Self-hosting is not even a rational/efficient way of making a statement. If that’s what you want, it’s far more efficient to follow the established tradition of declaring you are moving to Canada and not following up with actual actions.
Don’t get me wrong: I can relate to the nerdy way of coping with the ugliness around us (I say “us”, but thankfully I don’t live in the US), but - the way I see it - it’s that your society that needs change, and self hosting won’t help with that.
Frankly, the shit you US people are putting up with is unreal.
It has always been (
US police forces kill far more people than the overall homicide rate in Europe - read that again and pause a second to think about itthis isn’t true - see comments below), and it’s just getting worse.If you feel threatened you can essentially respond by fighting, fleeing, or cowering.
If you wanna FIGHT (this is what “resistance” is about), try to use whatever power you have and apply your energies to bring actual change. If you don’t feel comfortable acting outdoors, this could include lending your nerd skills to protesters or (nonviolent) resistance groups. Heck, even being a keyboard warrior is more useful to changing society than being a hobbyist sysadmin.
If you wanna FLEE, just leave the country. Honestly, there are better places to live than the US, and (if you have or plan to have any) better places to raise your children.
If you wanna COWER, then be a prepper or a self-hoster or whatever, but be aware that, while misrepresenting your reaction as “resistance” may make you feel more heroic than you are, spreading the misrepresentation can also lead others to cower instead of fighting. Is that what you want?
Preparation is part of fighting.
Pretty sure the Iranian protesters would benefit from private infra now that the internet is shut down.
Getting graphite OS phones can let you do all sorts of neat things like duress pins etc.
The average person is forming their activist plans on WhatsApp and Discord, and that’s going to be a problem. I remember all those kids in Hong Kong getting scooped up because the government was reading their texts and hacking their phones.
Don’t downplay what you can contribute.
This brand of argument is basically ‘If you can’t do everything perfectly, then it is pointless to do anything especially the thing that you’re suggesting.’
You see this person in every thread on every topic where people discuss things that they can contribute their expertise to. Their message is ‘it is hopeless, your plan won’t work, give up what you’re doing, you don’t stand a chance’.
Honestly, and forgive the langue, but fuck those people. You know what your strengths are and what you’re capable of, not some faceless bot pushing violent political rhetoric who is, by its own admissions, not in the US.
If you don’t want to participate in the tech landscape as it exists today, there is absolutely nothing wrong about avoiding it entirely and building something else. Companies will not be so complacent about their position in the market if they know there’s a completely Free alternative that does everything that they charge a subscription for.
The people who are doing self-hosting today are exactly like the early adopters of the smartphone or any other technology. There’s always people trying new things and sometimes they succeed.
People who are using privacy focused approaches to personal technology, like self-hosting, are beta testing the ability to use cheap, mass produced hardware and open source software to build a product ecosystem that meets their needs. That progress is enjoyed by anybody in the future who decides they also want to leave the walled gardens of Tech Giantopia.
US police forces kill far more people than the overall homicide rate in Europe
How are you calculating this? Doesn’t seem right.
2024 was the worst year with 1,365 police killings in the US. That’s around 4 people for every million. Per capita this is a rate 8x that of France which I believe has the most police killings in Europe.
General European homicide rates vary on countries from 5 (Swiss) to 42 (Latvian) per million. It’s higher than the rate of police killings in the US.
However, the general homicide rate in the US is like 6x the European rate.
I only briefly checked the numbers, I hope I didn’t get anything wrong.
IDK where I’ve read that… should have double checked before posting, my bad.
Quick fact checking:
US police kills some 1,281 people last year (wikipedia).
1,281/340,110,988*100,000gives around 0.38 police killings/100,000 people, which is below homicide rate in EU.I couldn’t (be bothered to) find out what the overall European homicide rate actually is (it also depends on what you count as “Europe”), but Germany is at around 0.8, France at 1.8, Italy at 0.57, Spain at 0.9 and Poland at 0.8 (these are the five most populous countries). So… let’s guesstimate it at around 1? (numbers are from this random source).
We can conclude that US policemen are roughly 38% as deadly as European criminals (if it wasn’t clear, this last statement is a joke)
Gonna be awful hard to organize resistance when the administration decides to cut everyone off from all the centralized means of doing so. The time to set up decentralized mesh networks is now.
Been wondering for a while if it was worth sticking around on this plane of existence. Feeling like nothing was going to get any easier or better, wondering if my life would just be watching horror rafter horror until the tech I loved stop working and the world went dark as they came for me and mine.
Then I saw Benn Jordan’s Anarchist Gift Guide video and realized the same thing as you: I may not have a lot of skills to offer the world, but I’m neurodivergent, a sysadmin for higher ed, and (used to, at least) like to tinker. I realized my disdain for the humanitarian and moral failings of the system we currently reside in could be married to my hobbies and feel like I was doing something more than just protesting, donating, and waiting to die.
My goals are to fix up my home environment, get my 3D printers working, set up an exercise area, set up a Meshtastic relay and other support networks for my local area, update a media server for friends and family to enjoy, including a request system, and do anything else along the way the provide a system of communication and sanity that removes as much reliance on the government and corporations as I can.
It finally got me to fix some bugs in existing services I already manage and this weekend my wife and I are starting the work on the exercise room, for the benefit of our bodies. Not saying Benn’s video saved my life, but it gave me a purpose, again, in a world that feels increasingly aimed at reducing me to a sad data point on some graph. I hate what this world has become and avoid social media at all costs, but now I can do something locally that will feel like I’m doing something to help.
I have a particular set of skills that make me a nightmare for groups like ICE. I just need coffee, my ADHD meth, and some weed gummies to see it through. Thanks for posting this! I will save it and refer to it as I go.
I hate to point this out, but it’s 2026.
Everything else is great though.
Just FYI unless you self-host headscale, tailscale is centralised and not private. They claim it is end to end encrypted but their proprietary centralised control server distributes the keys, so they could very easily MITM you.
Tailscale is good tech and good crypto, but Applied cryptography cannot solve a security problem. It can only convert a security problem into a key-management problem, and tailscale does not do decentralised key management.
Along with headscale, I have also hosted Pangolin instance. Multi network setup with docker
Are you serious? I had no idea Tailscale was a “trust me bro” kind of operation. I’ve always heard “serious” people boosting it.
Well they are a serious company with serious engineering capabilities. Just know that whoever runs the control server can control your network, and almost everyone uses Tailscale’s centralised control server, so they control the networks of almost all of their customers. Most of their customers are for internal use by companies which don’t care about relying on SaaS products. But if you self-host for resilience, using Tailscale doesn’t make much sense without also self-hosting the control server through the unofficial headscale implementation.
Can you help me understand what head/tail scale do? I’m at the “get friends and family on” stage so I’ve been struggling figuring out how to get friendly domain names working through Wireguard.
Note: I have only done this with Tailscale. I have not looked into this with headscale.
You can invite them to your network, or share a machine to their network. The second option is probably more likely what you will do with Tailscale since it is unlimited and the first option has a limited number of users for the free tier. The biggest hurdle will be them getting devices added to their tailnet so those devices can access your machine.
I imagine it’s maybe a little easier with headscale. I haven’t gone down that route yet. I would probably want to have my DDNS point to a VPS and have that be the entry point to my network. I could point it to my ISP IP, but one more layer that isn’t very expensive is probably smarter security wise.
Glad to see this comment on the chain. I haven’t tried it myself (yet) but I’ve got a friend that does and says it works great.
It’s on my list. Unfortunately, it’s a really long list.
In a fascistic enough world where this would matter, people who abstain from the system are automatically flagged to be shot too, just fyi. You gotta also fill the normie services with conformist content to not become a detected anomaly if you really want to do it properly.
I don’t have worries about password managers like bitwarden as the vault is zero knowledge and encrypted with a, to bitwarden, unknown key.
And I trust that bitwarden can secure their infrastructure better than me.
About your question what I host at home:
OPNsense
Veeam Backup and Replication (not (F)OSS but I like it and it’s reliable. We also use it at work so it helps my profession)
The *arr Suite
HortusFox (plant management)
Immich
Jellyfin
Syncthing
Resilio
Unifi Network Application (Also not FOSS)
Uptime Kuma
Wallos (subscription tracker. Pretty awesome overview!)
PiHoleCan’t remember when I started.
I believe it was around 2019 or 2020.
It started with a Raspberry because I wanted a NAS but was too cheap for a proper NAS appliance like a Synology NAS.
Fucked the install up a few times
Bricked the OS install during an upgrade (had 2 USB powered hard disks plugged in. But the PI had not enough to supply both and itself during writing to it so the network share sometimes failed)
Installed Plex
Found out Plex doesnt allow transcoding with the free version
Found out Jellyfin and installed it on the Pi.
Bad experience with Jellyfin and anime releases as they use ASS/SSA subtitles
Later upgraded to an i5-11th Gen NUC to get HWA transcoding on Jellyfin
Fucked up the Intel driver situation but HWA somehow worked
Inplace upgraded the NUC from Debian 10 to Debian 12 and restored my docker container from backup
(I assumed it would take like 4h or so to replace the SSD, install debian, install the core packages (like docker, etc.) and restore the files. In the end it took about 8h (after an 8h workday) and finished around 3am. But it worked. Very well on top.The hobby is expensive but rewarding.
My stack:
HPE 1930-24G PoE switch
Unifi AP mini
HP ProDesk SFF with an i5-7th gen (manually upgraded to something we were throwing out. Harvested the CPU. Crosschecked the BIOS support with the quickspecs by HP) (Proxmox with OPNsense virtualized)
Intel i5-11th NUC (Docker host)
Intel i3-13th NUC (primary Proxmox host. Holds the Veeam Backup server)
Raspberry Pi 4 4GB (docker host with the sole purpose of doing pihole DNS)
uGreen DXP4800+ with 4x15TB in RAIDZ2 (swapped the OS with a TrueNAS Scale SSD.)Newcomer:
GL-iNet Slate 7 as my travel router. Configured a Wireguard VPN on it with the OPNsense guide. Worked very well.
I have to commend the guide writer on it. But the steps were a bit confusing if you werent reading it carefully.Picture of my stack (literally) :)
Can we all pitch in and send @[email protected] a box of zip ties?
zip ties are single use though, better to get a pack of velcro cable ties
