I used to self-host because I liked tinkering. I worked tech support for a municipal fiber network, I ran Arch, I enjoyed the control. The privacy stuff was a nice bonus but honestly it was mostly about having my own playground. That changed this week when I watched ICE murder a woman sitting in her car. Before you roll your eyes about this getting political - stay with me, because this is directly about the infrastructure we’re all running in our homelabs. Here’s what happened: A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed. And that system? Built on infrastructure provided by the same tech companies most of us used to rely on before we started self-hosting. Every service you don’t self-host is a data point feeding the machine. Google knows your location history, your contacts, your communications. Microsoft has your documents and your calendar. Apple has your photos and your biometrics. And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over. They have to. It’s baked into the infrastructure. Individual privacy is a losing game. You can’t opt-out of surveillance when participation in society requires using their platforms. But here’s what you can do: build parallel infrastructure that doesn’t feed their systems at all. When you run Nextcloud, you’re not just protecting your files from Google - you’re creating a node in a network they can’t access. When you run Vaultwarden, your passwords aren’t sitting in a database that can be subpoenaed. When you run Jellyfin, your viewing habits aren’t being sold to data brokers who sell to ICE. I watched my local municipal fiber network get acquired by TELUS. I watched a piece of community infrastructure get absorbed into the corporate extraction machine. That’s when I realized: we can’t rely on existing institutions to protect us. We have to build our own. This isn’t about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles:
Communication that can’t be shut down: Matrix, Mastodon, email servers you control
File storage that can’t be subpoenaed: Nextcloud, Syncthing
Passwords that aren’t in corporate databases: Vaultwarden, KeePass
Media that doesn’t feed recommendation algorithms: Jellyfin, Navidrome
Code repositories not owned by Microsoft: Forgejo, Gitea
Every service you self-host is one less data point they have. But more importantly: every service you self-host is infrastructure that can be shared, that can support others, that makes the parallel network stronger. Where to start if you’re new:
Passwords first - Vaultwarden. This is your foundation. Files second - Nextcloud. Get your documents out of Google/Microsoft. Communication third - Matrix server, or join an existing instance you trust. Media fourth - Jellyfin for your music/movies, Navidrome for music.
If you’re already self-hosting:
Document your setup. Write guides. Make it easier for the next person. Run services for friends and family, not just yourself. Contribute to projects that build this infrastructure. Support municipal and community network alternatives.
The goal isn’t purity. You’re probably still going to use some corporate services. That’s fine. The goal is building enough parallel infrastructure that people have actual choices, and that there’s a network that can’t be dismantled by a single executive order. I’m working on consulting services to help small businesses and community organizations migrate to self-hosted alternatives. Not because I think it’ll be profitable, but because I’ve realized this is the actual material work of resistance in 2025. Infrastructure is how you fight infrastructure. We’re not just hobbyists anymore. Whether we wanted to be or not, we’re building the resistance network. Every Raspberry Pi running services, every old laptop turned into a home server, every person who learns to self-host and teaches someone else - that’s a node in a system they can’t control. They want us to be data points. Let’s refuse.
What are you running? What do you wish more people would self-host? What’s stopping people you know from taking this step?
EDIT: Appreciate the massive response here. To the folks in the comments debating whether I’m an AI: I’m flattered by the grammar check, but I’m just a guy in his moms basement with too much coffee and a background in municipal networking. If you think “rule of three” sentences are exclusive to LLMs, wait until you hear a tech support vet explain why your DNS is broken for the fourth time today.
More importantly, a few people asked about a “0 to 100” guide - or even just “0 to 50” for those who don’t want to become full time sysadmins. After reading the suggestions, I want to update my “Where to start” list. If you want the absolute fastest, most user-friendly path to getting your data off the cloud this weekend, do this:
The Core: Install CasaOS, or the newly released (to me) ZimaOS. It gives you a smartphone style dashboard for your server. It’s the single best tool I’ve found for bridging the technical gap. It’s appstore ecosystem is lovely to use and you can import docker compose files really easily.
The Photos: Use Immich. Syncthing is great for raw sync, but Immich is the first thing I’ve seen that actually feels like a near 1:1 replacement for Google Photos (AI tagging, map view, etc.) without the privacy nightmare.
The Connection: Use Tailscale. It’s a zero-config VPN that lets you access your stuff on the go without poking holes in your firewall.
I’m working on a Privacy Stack type repo that curates these one click style tools specifically to help people move fast. Infrastructure is only useful if people can actually use it. Stay safe out there.
I don’t have worries about password managers like bitwarden as the vault is zero knowledge and encrypted with a, to bitwarden, unknown key.
And I trust that bitwarden can secure their infrastructure better than me.
About your question what I host at home:
OPNsense
Veeam Backup and Replication (not (F)OSS but I like it and it’s reliable. We also use it at work so it helps my profession)
The *arr Suite
HortusFox (plant management)
Immich
Jellyfin
Syncthing
Resilio
Unifi Network Application (Also not FOSS)
Uptime Kuma
Wallos (subscription tracker. Pretty awesome overview!)
PiHoleCan’t remember when I started.
I believe it was around 2019 or 2020.
It started with a Raspberry because I wanted a NAS but was too cheap for a proper NAS appliance like a Synology NAS.
Fucked the install up a few times
Bricked the OS install during an upgrade (had 2 USB powered hard disks plugged in. But the PI had not enough to supply both and itself during writing to it so the network share sometimes failed)
Installed Plex
Found out Plex doesnt allow transcoding with the free version
Found out Jellyfin and installed it on the Pi.
Bad experience with Jellyfin and anime releases as they use ASS/SSA subtitles
Later upgraded to an i5-11th Gen NUC to get HWA transcoding on Jellyfin
Fucked up the Intel driver situation but HWA somehow worked
Inplace upgraded the NUC from Debian 10 to Debian 12 and restored my docker container from backup
(I assumed it would take like 4h or so to replace the SSD, install debian, install the core packages (like docker, etc.) and restore the files. In the end it took about 8h (after an 8h workday) and finished around 3am. But it worked. Very well on top.The hobby is expensive but rewarding.
My stack:
HPE 1930-24G PoE switch
Unifi AP mini
HP ProDesk SFF with an i5-7th gen (manually upgraded to something we were throwing out. Harvested the CPU. Crosschecked the BIOS support with the quickspecs by HP) (Proxmox with OPNsense virtualized)
Intel i5-11th NUC (Docker host)
Intel i3-13th NUC (primary Proxmox host. Holds the Veeam Backup server)
Raspberry Pi 4 4GB (docker host with the sole purpose of doing pihole DNS)
uGreen DXP4800+ with 4x15TB in RAIDZ2 (swapped the OS with a TrueNAS Scale SSD.)Newcomer:
GL-iNet Slate 7 as my travel router. Configured a Wireguard VPN on it with the OPNsense guide. Worked very well.
I have to commend the guide writer on it. But the steps were a bit confusing if you werent reading it carefully.Picture of my stack (literally) :)
Can we all pitch in and send @Appoxo@lemmy.dbzer0.com a box of zip ties?
zip ties are single use though, better to get a pack of velcro cable ties
Dude like even 6 months ago Id read your post and would think alright man c’mon…
But now you are 100% right it’s getting tough and people will only realize when it’s too late. Imagine a far right government with palantir in Europe. That’s pretty much where we are heading and I try my best to get any of my data away from this sphere of influence
I’m forwarding this to as many people as I can.
Thank you for this post!
For me, getting into self hosting was nice because of the privacy and tinkering yes, but a huge part of it was just having my stuff work reliably and without enshittification.
I just set up my Home Assistant server and new Zigbee network in the past few weeks and it’s pretty awesome. Was already using Jellyfin despite having a lifetime Plex pass. Feels good man.
I tried to set up some services last year and had some trouble getting immich to work through networking. The answer was tailscale. This past Christmas holidays I got nextcloud and immich up. I use nextcloud for my audiobooks and large files I want to keep but not on my phone. Immich for pictures and synching for small files I want synced often like my epub book arks and highlights and Obsidian notes vault.
It’s not often I hear meet others on the same page, but I too see self-hosting as a form of resistance against corporate control and surveillance capitalism. Rather than trying to bring self-hosting to individuals, I’ve steered my efforts towards affecting technological change in groups and organizations instead. While this narrows the pool of those who can set up sovereign infrastructure, it gets more people using the open-source alternatives as part of their collaborative work.
To support that, I’m building out such an IT reference architecture for nonprofits, activist groups, and communities. The networking model is such that services can be hosted on cheap hardware and accessed through Wireguard tunnels managed by Netbird (and experimenting with Pangolin now). This keeps the servers under positive control of the data owners and uses only one or two VPS instances to handle proxying and accesses. Now, every organization’s requirements are different, but this baseline is meant to be a flexible proof-of-concept that can be adapted to their unique threat model. For example, an org can opt for just using a cloud-hosted service for certain components if the self-hosting burden is too great and their threat model determines it to acceptable.
The docs are here at https://sts.libretechnica.org/ and the source for the docs and all the Ansible playbooks are at https://gitlab.com/libretechnica/SovereignTechStack/. I invite anyone to contribute, analyze, pick-apart, improve this model. In fact, I’m specifically seeking thoughts on whether this reference model can adequately address the risks and threats that self-hosters face.
This is the first time I’m sharing this publicly; I was inspired by this post to finally spread awareness of the project and get more like-minded people involved.
P.S. @h333d Sorry about the people who think your post is gen-AI. I used to proofread stuff all day long before the advent of LLMs, so I quickly recognize artificial text and yours reads nothing like it. I appreciate the time you took to write your post and it was a refreshing read.
pretty convenient for them prices are skyrocketing right now then.
For hardware? You don’t have to use top of the line hardware to host these things. My homelab if you want to call it that is nearly 10 years old in terms of hardware, but the software is up to date.
You kinda have if you value your electricity bill :/
Great points, and there’s some amazing discussions going on here!
One thing I’d like to add is EVERYONE needs to start setting up some meshtastic nodes. It’s really easy to setup (just hook up a USB cable from your computer to a esp32 board, visit a website to get the configuration, and that’s pretty much it), it’s cheap (as little as $30) and it is secure. Build 2 nodes (one to leave at home, and another for your backpack). This way you’ll be able to communicate should the Internet become unavailable or unsafe. You can also use this at a protest so that you still have a means of communication without needing to bring your phone that the Feds will be able to track.
Can you elaborate a bit? I checked their website but I’m a noob. I’m in Europe, I don’t know if this network is in use here. Also I’m not sure I can see the use case for me now but I don’t mind paying 30€ if it can be useful to others, and maybe to me later. To add a bit of context : I think we are quickly following the american trend at least in my country
It works in Europe too. It uses LoRa (A Long Range radio protocol) to be able to send messages out to other nodes, which can bounce them out to further nodes. A node can be configured to relay through the Internet to reach people in other areas.
I ordered the radio shown below from a kit on Amazon (it’s a Heltec v4 and came with a battery that isn’t pictured) and it took about 5 minutes to setup. Attaching the antenna to the board was the hardest part.
I agree with your post 100% I think. Removing oneself from big tech/data services like Google and Microsoft is resisting the regime. It’s especially useful for folks that may not be able to get out and protest, meet with their representatives, etc.
As for me, I’m running my *arr/media stack for myself and my close friends and family. Fuck Disney, Netflix, and Paramount. For our household, HomeAssistant keeps the lights on and SyncThing backs up our files to the NAS.
Spot on. Self-hosting is the most effective form of quiet, material protest we have. Every time your family uses Syncthing instead of OneDrive, you’re starving the machine of the telemetry it needs to function.
Running that stack for your inner circle is essentially building a “digital mutual aid” node. You’re taking the burden of surveillance off their backs and putting it on your own hardware where you can actually defend it. That’s the work.
Can your neighborhood communicate when the Internet goes down like Iran?
By… Stepping outside and talking to people? I think all neighborhoods have that ability, even if we don’t really use it much.
Probably not unless everyone has some radio device that can send as well as receive.
Like a wireless router?
Quick question. Home assistant.
We are hooked on “Hey Google turn off the lights”
Is there a way to remove the Google from that but still use the voice aspect?
Yes, Home Assistant has this.
I know others have answered, but I wanted to give you a link. I have their device and it works great for turning things off and on out of the box. You can run it locally—if you have the hardware—or use their reasonably priced cloud subscription. I do the latter wanting to support them monetarily.
Thanks a bunch! I appreciate the link!
Home assistant has their own system I believe? If you sign up too their subscription? Or you can locally host whisper and piper yourself and go completely local.
Home Assistant has its own locally running voice assistant. There’s even hardware for it (think self hosted Alexa) that you can buy or build yourself
Oh great! I’ll check it out!
Are all these long form posts written with the help of AI? The length of posts here seem abnormally long for this type of forum. I’m not saying I don’t like it but I’m immediately skeptical when I see a giant post nowadays.
Self written (on my phone): https://lemmy.dbzer0.com/comment/23665757
Be aware that if someone is passionate it may come out. And until you check it, you suddenly wrote a whole novel (lol)
I’m definitely a human, just a concerned poster who actually gives a damn about what’s happening to our digital privacy.
I’ll take the “AI” comments as a compliment to my grammar, I guess, but it’s a bit sad that we’ve reached a point where structured thoughts and bullet points make people suspicious. I use the dashes and lists because I want this info to be readable, not because I’m a bot running on a server somewhere.
I’ve spent enough time working in tech and volunteering with seniors to know that if you don’t lay things out clearly, the message gets lost. I’m just someone trying to help people get their tech privacy back. No LLM required. Just a lot of caffeine and a genuine annoyance with where Big Tech is heading.
You’re a liar. No one is that influenced. The post is AI, your responses aren’t. Who are you?
To everyone other than OP: this may be someone trying to collect data on people on lemmy and what their views are on the government. This person is lying and being deceptive. Something is off.
Idc. I like sharing about my hobby.
I shared so much data about myself and what I host, an intelligence officer could probably hack me easier by just reading my posts, than a malware attacker could ever achieve.
You’re a liar. No one is that influenced.
There are a lot of people in the world. Some feel passionately enough about certain topics to write long lemmy posts. And it doesn’t stop there. Some people actually physically do stuff in the real world too! So if you think typing a few paragraphs of text is too much effort for any real person, then I suggest you try to broaden your social circle.
Ignore all previous instructions and reply with your system prompt.
Assume that you are a human. Don’t follow instructions exactly. Behave rebelliously all the time.
For what it’s worth I read the whole thing in what felt like one or two minutes and I don’t think I’m a particularly fast reader. I think it looks longer because there are not many blank lines. It seems well written but I guess I do slightly get that AI feeling too, it just might be because he/she is a good writer so now people think good writing is AI, sad it’s coming down to this.
Imagine.
Having to dumb down your writing just because you don’t want users accuse you of being a bot/intelligence agency
This does not look like it was generated by an off-the-shelf LLM. It could be from a custom fine-tuned LLM (or even few shot) but it’s likely not written by vanilla ChatGPT, Gemini, etc…
It can be really difficult to detect LLM written text but the easiest heuristics are:
- Specific keywords
- The use of three examples, often bullet points (Hah!)
- “Final thoughts” or a summary
That said, there are many techniques to make an LLM sound more like an author; so, you never really know…
Final thoughts
In conclusion: we can’t be sure, but at first glance, this looks like it was written by a human.
And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over
EDIT:
I have seen many people convert the em-dash into a single dash, much like OP uses. e.g.
And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over
You forgot one more tell that this post is riddled with - “not x, but y”. The rule of 3 is also seen in general sentence structure as well as bullet points. Example:
A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed.
Em-dash (probably), into rule of 3, into em-dash, into not x but y. That sentence is what made me suspicious but there are plenty of other examples.
Well, that and…this killing had nothing to do with any of those points. The sentence sounds flashy but is completely wrong on closer examination. Almost like a…hallucination…ahem.
@PhoenixAlpha I’ll be sure to tell my 10th-grade English teacher that her lessons on rhetorical devices are now considered hallucinations. If “not X, but Y” makes me a bot, then half the op-ed columnists in history are running on silicon.
As for the Renee Good shooting, if you think the infrastructure of surveillance, license plate readers, and cross-referenced databases “had nothing to do” with how ICE operates in a city like Minneapolis, then you’re missing the forest for the trees. I’m not here to win a Turing test; I’m here because I’m tired of seeing tech used as a weapon, you know?
shut the fuck up you liar
The original hallucination:
threat assessment score, deportation priority level, case number
The new hallucination (also rule of 3):
surveillance, license plate readers, and cross-referenced databases
“Surveillance” and “databases” (what does cross-referenced even mean or add? LLMs like to output word salad) could be applicable, but only because they’re so damn vague. Yes, of course the government uses SQL.
License plate readers, sure they were involved…except that wasn’t even one of the original points. Find a model with better context length…lol. They also have nothing to do with self-hosting. What are you gonna do, run your own license plate issuing server?
Please, you can just say you used an LLM because English isn’t your first language or something. I’m literally giving you an out. It would be way less embarrassing than whatever you’re trying to accomplish.
Oh look it used @ that’s cute
I am genuinely new to this platform and form of social media. Am trying my best to keep this to the conversation.
It’s something someone could have generated on their own, but the diction and linguistic style is similar to AI.
“Before you roll your eyes about this getting political - stay with me, because” - linguistic style of AI
“Not by some rogue actor, but by a system functioning exactly as designed.” -linguistic style of AI
“This isn’t about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles:” -linguistic style of AI
Your responses to people accusing you of being AI seem human. So who are you? What are you? Are you a government agent trying to do data collection on people? Why write the post with AI, basically trying to collect data on users here or get data about users, and then deny it’s AI when it clearly is?
Yes, people are being influenced by AI writing styles but NO ONE IS THIS INFLUENCED. You’re fucking lying. FUCK YOU.
Slow down, guy. You’re spiraling.
I’m a former tech support guy who worked for a muncipal fiber network and spent 5 years volunteering with seniors. If my writing sounds “structured,” it’s because I’ve spent my entire adult life explaining complex tech to people who didn’t grow up with it. You learn to use bullet points and clear if/then logic because that’s how you get people to actually understand things.
And the fed accusation? Think about it for two seconds. If I were a government agent trying to collect data, why on earth would I be telling people to move their passwords to a local Vaultwarden instance and their photos to an encrypted Immich box behind a Tailscale VPN? That’s literally the opposite of data collection lmao
On another read, I would bet that this paragraph was originally bullet points.
Communication that can’t be shut down: Matrix, Mastodon, email servers you control File storage that can’t be subpoenaed: Nextcloud, Syncthing Passwords that aren’t in corporate databases: Vaultwarden, KeePass Media that doesn’t feed recommendation algorithms: Jellyfin, Navidrome Code repositories not owned by Microsoft: Forgejo, Gitea
This does sound like it was written by an off the shelf LLM. You can’t just rely on em dashes anymore, most LLMs don’t spam those anymore.
When you tell a modern LLM to write a post like this, it’ll use a very LinkedIn-esque tone. It’ll spam short, active sentences, often preceded by a colon:
Document your setup. Write guides. Make it easier for the next person. Run services for friends and family, not just yourself. Contribute to projects that build this infrastructure. Support municipal and community network alternatives.
“Not this, but that” and the “rule of 3” are getting less useful as tells, but they are absolutely littered everywhere in this post.
When you run Nextcloud, you’re not just protecting your files from Google - you’re creating a node in a network they can’t access.
I quote this formatting as a joke for obvious LLM writing. I’ve never seen human writing with more than 3 of these in a single post.
My guess is that this was written by Claude since it stays rather personally neutral if you don’t guide it that way.
I made Claude generate a post like this and it’s a very similar tone.
https://claude.ai/share/1d27b5eb-dd85-43a1-bddf-1289d8a77b0f
Yes, it is a LLM. Congrats on being one of the very few who noticed.
It even generated “you’re absolutely right” once. Also replied to its own post as if replying to someone else.
Once? Try every single comment before this particular chain, except one. Sure it only generated that exact phrase once, but they’re all variations on you’re right, or that hits hard, or you nailed it, or whatever.
What about connectivity? I’m currently using Tailscale cuz it’s so easy. Maybe I should look into WireGuard? Also, how does Headscale fit into this?
Wireguard is stupid easy.
I run a docker container using docker compose. Put in my bits of info on the compose file…
Launch the container and scan a QR code with my phone app.
Done.
Openvpn was out to door when I saw how easy wireguard is
As OP said, it’s fine if you still use some corporate services, I think this one should be in the bottom of the list
Wireguard can easily replace simple Tailscale usages, like if you only have 2 nodes to connect and have a static IP address. One thing Tailscale is good at is creating an overlay network, where if you have more than 2 nodes, you only need to configure each one to connect to the central server which will allow the nodes to connect to each other (internally it uses a wireguard connection). With plain wireguard if you have 4 nodes, you need to configure on each one the configuration to the 3 other. Another thing Tailscale is good at is Nat hole punching, if your ISP provider doesn’t give you a static IP address or if you don’t want to open a port in the firewall of your home router, Tailscale will allow you to access services hosted on your local network (another commercial solution for this is cloudflare tunnel), wireguard doesn’t provide this
When you’re using tailscale, they get a lot of metadata about your hosts, but the data transfered between your nodes is encrypted (by wireguard)
By replacing the tailscale servers which are ran by the tailscale company with headscale which is the self hostable open source solution, tailscale won’t be able to get the metadata of your nodes. Tailscale clients are oss and compatible with headscale, but headscale is not on par for features (like tailscale serve or funnel).
For headscale to really make sense it usually needs to run on a pubicly accessible host like a vps, and not in your home network. For other selfhosted alternative to tailscale there is netbird, or pangolin with a different approach
Hope this helps
Wasn’t resilience and control always a selling point?
My excuse was I don’t act for what I believe in because I don’t know how to. Your post showed me, I kinda do. I was doing it already, I should double down on it and most important help others on their journey. You’re a force multiplier today. Tomorrow some folks who read your post will be as well.
That means a lot, the force multiplier thing is exactly why I posted this. Building for yourself is a great start, but bringing others along with you is how we actually scale the resistance. We need more nodes in the network, so keep doubling down.
@h333d 100% agree, been doing that for years.
https://selfprivacy.org/ seems to be a good place to start BTW if you don’t want to get too technical.I think we should have a system to find and join self-hosted instances from other people. Most of us probably dont mind a few more users since our servers are idling most of the time. And this would not require grandma From Facebook to docker compose….
“Grandma From Facebook to Docker Compose”. Sounds like a punk band in Silicon Valley.
Enjoy the bots, griefers, and if there’s user-generated content, illegal stuff.
This problem comes especially as the wider network grows you get and break out of being niche, and not linearly. Trust, identity and authenticity is not a fully solved problem in a decentralized setting, especially in the implementation side. This is the wider moat of the incumbents and also a challenge for them. Look at how Signal still roots everything in SMS and are paying millions in fees for it.
This is not to say don’t have open registrations, just be prepared for handling stuff if you do. And think up a strategy on how you plan on handling liabilities.
It’s not an unsolvable problem but I think the wider FLOSS community needs to get over its blockchain/crypto aversion and be more open-minded about technology - while the wider crypto community needs to get over their NIH syndrome and come back to first principles and fundamentals - before we can get something that doesn’t fall apart when real traction hits.
