h333d

Self-hosting in 2026 isn't about privacy anymore - it's about building resistance infrastructure

https://lemmy.world/post/41387733

Self-hosting in 2025 isn't about privacy anymore - it's about building resistance infrastructure - Lemmy.World

I used to self-host because I liked tinkering. I worked tech support for a municipal fiber network, I ran Arch, I enjoyed the control. The privacy stuff was a nice bonus but honestly it was mostly about having my own playground. That changed this week when I watched ICE murder a woman sitting in her car. Before you roll your eyes about this getting political - stay with me, because this is directly about the infrastructure we’re all running in our homelabs. Here’s what happened: A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed. And that system? Built on infrastructure provided by the same tech companies most of us used to rely on before we started self-hosting. Every service you don’t self-host is a data point feeding the machine. Google knows your location history, your contacts, your communications. Microsoft has your documents and your calendar. Apple has your photos and your biometrics. And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over. They have to. It’s baked into the infrastructure. Individual privacy is a losing game. You can’t opt-out of surveillance when participation in society requires using their platforms. But here’s what you can do: build parallel infrastructure that doesn’t feed their systems at all. When you run Nextcloud, you’re not just protecting your files from Google - you’re creating a node in a network they can’t access. When you run Vaultwarden, your passwords aren’t sitting in a database that can be subpoenaed. When you run Jellyfin, your viewing habits aren’t being sold to data brokers who sell to ICE. I watched my local municipal fiber network get acquired by TELUS. I watched a piece of community infrastructure get absorbed into the corporate extraction machine. That’s when I realized: we can’t rely on existing institutions to protect us. We have to build our own. This isn’t about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles: Communication that can’t be shut down: Matrix, Mastodon, email servers you control File storage that can’t be subpoenaed: Nextcloud, Syncthing Passwords that aren’t in corporate databases: Vaultwarden, KeePass Media that doesn’t feed recommendation algorithms: Jellyfin, Navidrome Code repositories not owned by Microsoft: Forgejo, Gitea Every service you self-host is one less data point they have. But more importantly: every service you self-host is infrastructure that can be shared, that can support others, that makes the parallel network stronger. Where to start if you’re new: Passwords first - Vaultwarden. This is your foundation. Files second - Nextcloud. Get your documents out of Google/Microsoft. Communication third - Matrix server, or join an existing instance you trust. Media fourth - Jellyfin for your music/movies, Navidrome for music. If you’re already self-hosting: Document your setup. Write guides. Make it easier for the next person. Run services for friends and family, not just yourself. Contribute to projects that build this infrastructure. Support municipal and community network alternatives. The goal isn’t purity. You’re probably still going to use some corporate services. That’s fine. The goal is building enough parallel infrastructure that people have actual choices, and that there’s a network that can’t be dismantled by a single executive order. I’m working on consulting services to help small businesses and community organizations migrate to self-hosted alternatives. Not because I think it’ll be profitable, but because I’ve realized this is the actual material work of resistance in 2025. Infrastructure is how you fight infrastructure. We’re not just hobbyists anymore. Whether we wanted to be or not, we’re building the resistance network. Every Raspberry Pi running services, every old laptop turned into a home server, every person who learns to self-host and teaches someone else - that’s a node in a system they can’t control. They want us to be data points. Let’s refuse. What are you running? What do you wish more people would self-host? What’s stopping people you know from taking this step?

Jan 9 at 8:39pmWeb
Show threadmarighostJan 9

I agree with your post 100% I think. Removing oneself from big tech/data services like Google and Microsoft is resisting the regime. It’s especially useful for folks that may not be able to get out and protest, meet with their representatives, etc.

As for me, I’m running my *arr/media stack for myself and my close friends and family. Fuck Disney, Netflix, and Paramount. For our household, HomeAssistant keeps the lights on and SyncThing backs up our files to the NAS.

Show threadh333dJan 9

Spot on. Self-hosting is the most effective form of quiet, material protest we have. Every time your family uses Syncthing instead of OneDrive, you’re starving the machine of the telemetry it needs to function.

Running that stack for your inner circle is essentially building a “digital mutual aid” node. You’re taking the burden of surveillance off their backs and putting it on your own hardware where you can actually defend it. That’s the work.

Show threadSerinusJan 10
Can your neighborhood communicate when the Internet goes down like Iran?
Show threadMavytanJan 10
Probably not unless everyone has some radio device that can send as well as receive.
Show threadSerinusJan 11
Like a wireless router?
Show threadnanoswarm9kJan 12
HAM works too for some things.
Show threadThunrazJan 10
You might want to take a look at Meshtastic or MeshCore for this.
Show threadTar_AlcaranJan 11
By… Stepping outside and talking to people? I think all neighborhoods have that ability, even if we don’t really use it much.
Show thread7U5K3NJan 9

Quick question. Home assistant.

We are hooked on “Hey Google turn off the lights”

Is there a way to remove the Google from that but still use the voice aspect?

Show threadkumiJan 9

Yes, Home Assistant has this.

https://rhasspy.readthedocs.io/en/latest/

Rhasspy

None

Show thread7U5K3NJan 10
Great! Thanks a ton! I appreciate the link and the info!
Show threadMaggiWuerzeJan 9
Home Assistant has its own locally running voice assistant. There’s even hardware for it (think self hosted Alexa) that you can buy or build yourself
Show thread7U5K3NJan 10
Oh great! I’ll check it out!
Show threadKnossosJan 9
Home assistant has their own system I believe? If you sign up too their subscription? Or you can locally host whisper and piper yourself and go completely local.
Show threadTheMadCodgerJan 10
I know others have answered, but I wanted to give you a link. I have their device and it works great for turning things off and on out of the box. You can run it locally—if you have the hardware—or use their reasonably priced cloud subscription. I do the latter wanting to support them monetarily.
Talking with Home Assistant - get your system up & running

Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.

Home Assistant
Show thread7U5K3NJan 10
Thanks a bunch! I appreciate the link!
Show threadnullJan 9
Hell yeah! I’d argue it’s even true of 2026!
Show threadBonifratzJan 9

What’s stopping people you know from taking this step?

I’m a noob when it comes to IT. (Even though in my family I’m the one people ask when they have computer issues lol.) I would really like to get into self-hosting and all that, and I think if I found some good guides I would probably be able to make things work, but it still sounds very daunting to me. Like, I imagine days if not weeks of sifting through online resources to fix a thousand little errors and issues that would come up. (Maybe I’m mistaken, maybe it’s all really easy even for noobs. Just trying to explain my feelings on the matter.)

Show threadEncrypt-KeeperJan 9

It is a skill much like maintaining a car yourself, or your own lawn/garden.

It’s pretty easy to get started, and there are certain ways of doing things that keep it pretty simple forever, at the cost of some flexibility.

But no matter how you do it, there will be a non-zero amount of work involved indefinitely. Just like you need your cars oil changed, your garden mulched and weeded, or your server patched and cleaned up once in awhile.

Show threadbatman0730Jan 10
I use these analogies too, it’s like becoming a digital gardener.
Show threadphantJan 9
I’m right there with ya. I’m thinking it might be a case of picking easy pieces (projects) of the puzzle to start with and then building from there. Like I’m considering setting a pi-hole soon - seems like an easier networking project. But yeah, I’m not really sure whats the best order of eaiest to hardest in terms on self hosting etc.
Show threadDavid J. AtkinsonJan 9
@phant Pi-hole is super easy to set up and easy to build on. It’s been very robust for me and also eye-opening due to the excellent UI. About 5% of the network traffic in my house is now blocked. Thousands of DNS requests per day. Most of that is trackers. Apps and “smart” devices are very determined to phone home so you’ll have to block many of these domains manually as they show up. Be forewarned, some apps and web sites will simply stop working if you block their tracking and other info gathering on your network. Luckily, there is good #FOSS to substitute.
Show threadh333dJan 9

I feel this deeply. I used to volunteer at a library teaching “Cyber Seniors” digital literacy, and the biggest hurdle was always the fear of “breaking” something. The truth is, the big tech companies want you to think it’s too hard so you’ll keep paying them with your data.

You don’t need to be a sysadmin to start. It’s not about days of fixing errors; it’s about taking one small win at a time; like setting up a password manager first. If you can follow a recipe, you can build a node. We’re working on better, no-jargon guides to make sure the “thousand little errors” don’t stand in your way. You don’t have to be an expert to be part of the resistance.

Show threadfurbyJan 9
“one small win at a time” 100%
Show threadjtzlJan 9
I agree with you, but something jumped out at me while reading this thread. To a degree, the fear of “breaking something” is completely legitimate, but it’s based on not getting quick feedback from systems. For instance, if you are walking in a direction that you think is east, but the sun is setting ahead of you, you know you’re headed in the wrong direction. Computers often don’t provide such useful feedback, often leading users to “break things.”
Show threadirmadladJan 9

Maybe I’m mistaken, maybe it’s all really easy even for noobs

I’ll be the first to admit, shit is complicated, especially networking, but it’s not insurmountable. Do you already have a server deployed? How familiar are you with Linux?

See what you think: https://linuxupskillchallenge.org/

Linux Upskill Challenge - Linux Upskill Challenge

A month-long course aimed at those who aspire to get Linux-related jobs in the industry - junior Linux sysadmin, DevOps-related work, and similar. Learn the skills required to sysadmin a remote Linux server from the commandline.

Show threadBonifratzJan 10

Do you already have a server deployed? How familiar are you with Linux?

No server. I just installed Linux a few months ago as dual boot after being a lifelong Windows user (since 3.1 lol). Currently using both OS but will move fully to Linux once I have some projects finished. Self-hosting might become a future project after that and if yes, I’ll come back to this community and this thread!

Show threadirmadladJan 10

I just installed Linux a few months ago as dual boot after being a lifelong Windows user (since 3.1 lol).

Well then, you are on your way.

Show threadWilliam Weber BerruttiJan 9
@Bonifratz @h333d Before I begun this self-hosting journey, I hosted Pi-Hole on a docker container on my PC (was Manjaro KDE that time I think). Then, I learnt how to set up AdGuardHome on a VM (on both Manjaro and Arch iirc), using virt-manager and KVM. Now, I'm using an old laptop to host Proxmox and some services like AdGuardHome, Prometheus, Grafana, Uptime Kuma, and a Debian-made game server customized by myself. I had help of a colleague to begin the Proxmox journey.
Show threadWilliam Weber BerruttiJan 9

@Bonifratz @h333d It isn't easy, but it's so worth the effort, and I just begun the Proxmox journey and I have plenty of things to learn!

Since this is a complex subject, you need to take your time and don't hurry the learning process. Begin with baby steps, and hosting services restricted to a LAN, just to be safe. When you are comfortable (after some weeks or months), think about sharing a service to the public, if possible, and what you have to do to properly secure your devices and network!

Show threadJohnJan 10
Man, I’m pretty techy. I work in tech. I’ve learned programming, etc, I use Debian. but selfhosting seems so daunting, not to mention inconvenient. I need to get into it though 😓
Show thread7U5K3NJan 11

It’s not overly.

I used “perfect media server 2017” the first time I set up a mass storage server for Plex.

perfectmediaserver.com

My setup is a lot different now… but dude laid out some step by step instructions. And apparently has continued to evolve his setup over time

Welcome to Perfect Media Server! - Perfect Media Server

Show threadJohnJan 11
Just a brief skim of this and I’m already so lost lol. Thanks for the link though, I’ll have a more detailed read through later.
Show thread7U5K3NJan 11

You’re welcome!

Good luck in your journey!

Show threadkrashmoJan 10
I’m not an expert but I have a decent set up going. If you think it would be helpful shoot me a DM and I’ll find a way to show you what I’ve got set up and give any tips I can. It sounds like I started in a similar position to you and I’d be happy to share what I’ve learned so far.
Show threadBonifratzJan 10
Thanks a lot for the offer. This might become a project of mine in the future but not before the end of this year. I might get back to you then. :)
Show threadhashJan 10
Digital solidarity will be essential as we move forward. We will need both social solutions which facilitate community technical support and engineered solutions which make that support more effective. I like to imagine systems of distributed sever management where we build upon the computational capacity of those around us and the human capacity of those that care for them. I want to rely on people I love instead of opaque tech firms that only care about money. Compute power must not defeat humanity.
Show threadDecknameJan 10
Hi! I am also slowly getting the hang of it (just set up my first NAS with truenas last weekend) but there are dozens of youtube channels focused on it. I like Serversathome and the accompanying Wiki helped me a lot. This mainly focuses on an arr stack but there is also wiki pages for immich and nextcloud. Right now I’m using cloudflare tunnels to access services (i know feeding the machine etc.). If anyone knows an alternative to cloudflare tunnels (without putting everything into the same tailscale network) I would be happy to hear about it!
ServersatHome

This channel is dedicated to learning servers and all things self-hosted. For more info, check out the blog or the wiki, or join the discussion on Discord.

YouTube
Show threadnoodleJan 13
@Deckname @Bonifratz
Pangolin is an alternative to cloudflare tunnels, TrueNAS supports the Newt client for Pangolin as a community app. You can either host yourself with a VPS, or Pangolin offers a management dash they host. Under the hood is Wireguard.
Show threadDecknameJan 13
Nice! Thank you for the info! I will look into it :)
Show threadnoodleJan 13

@Deckname

I used this guide to setup the Immich side. I'm sure I diverged from it, but I would not have figured out proxy headers without it.

https://blog.thetechcorner.sk/posts/Replace-google-photos-with-immich-homelab-2-0/#-c-pangolin-tunnel

Replace Google Photos with Immich and Pangolin/CF tunnels [Homelab 2.0]

Introduction If you would like to degoogle yourself a little, or you’ve just run out of cloud space, but you still has plenty of free Gb of storage in your homelab, don’t think twice I’ve got solution for you!

TheTechCorner
Show threadq7mJI7tk1Jan 9

I was just thinking this week, that those who self host (and more importantly, those who program the code we self host), are at the front line of the modern digital resistance: in the sense that the world is burning due to the greed of the tech bros that run our daily lives. Convienience for the masses is what gives them power over us, and any one who rejects their systems is helping to fight back.

Voting with your wallet helps, so not giving them your money is the first step. Then managing and keeping your own data private is the next one.

Show threadh333dJan 9

You’re right. We’ve been traded convenience for our autonomy for way too long, and it’s created this massive power imbalance where a few tech bros basically own the digital roads we walk on. Voting with your wallet is a huge first step, but like you said, the real work starts when we actually take responsibility for our own data.

That’s exactly why I’m moving toward helping local businesses and groups build out their own nodes. It’s one thing to stop paying for a subscription, but it’s another thing entirely to stand up your own infrastructure that doesn’t report back to a corporate mother-ship. Every person who rejects the “default” and builds a private alternative is a small win for the rest of us, it’s about making the corporate extraction model fail by simply making it unnecessary.

Show threadChrisJan 9
@h333d 100% agree, been doing that for years.
https://selfprivacy.org/ seems to be a good place to start BTW if you don't want to get too technical.
SelfPrivacy

SelfPrivacy app allows you to set up self-hosted services and manage them Download Your personal services For serious business E-mail Unlimited mailboxes amount for a company or family.

SelfPrivacy
Show threadTeppichbrandJan 9
Efficiency is the exact opposite of resilience, because it removes redundancy and buffers.
Show threadirmadladJan 9

What’s stopping people you know from taking this step?

As with any privacy, security, and anonymity efforts, it takes work. Nothing I am doing can’t be accomplished by someone else once the work is put it because I possess no special skills or certs on my wall to reflect any special skills. Just reading a lot, doing, screwing it up, rinse/repeat ad nauseam. We live in a world of convenience, where ‘someone else’ does the work and we capitalize on their efforts, and it’s this point where I see most people falling off the wagon.

Additionally, the average Joe really doesn’t have a firm grasp on what happens between the time you click a link in your browser to the time it returns with your webpage. They definitely don’t realize the preponderance of traffic being generated even on a PC at rest. They may see adverts taking up real estate on their computer screen, but no clue about what’s going on behind the pretty graphics. To them it’s akin to advertising on a billboard, which it’s far more insidious.

Then there’s the obligatory ‘I’m not technologically inclined’, especially from those in my generation of old heads who are stubborn cusses for the most part. However, for the younger, upwardly mobile, youngsters, there is the element of time. For the average family in this economy, it takes both adults working to make ends meet. They get up every morning, go to work, come home exhausted, spend a little quality time with the kids, and it’s off to collapse in bed, only to do it over and over again. On the weekends, there are extracurricular activities for the kids, quality time with the family, catching up on any household chores…and then it’s Monday. They don’t have the time nor the inclination to learn how to stand up a Linux server.

I’ve got a couple friends who bought the equipment, and I set it all up for them, and administer any thing remotely. It does become a headache sometimes. Users cause issues. Luckily it’s only a couple.

my 2p

Show threadh333dJan 9

You nailed it, the “I’m not techy” thing is often just a shield people use because they are simply exhausted by this economy, and time is the one resource Big Tech steals that we can’t ever get back. I’ve spent a lot of time teaching seniors at a library program, and I’ve seen firsthand how that “convenience” is a trap designed to keep people from even looking under the hood to see what’s actually happening to their data.

You are right about the remote admin headache too, that’s exactly why the movement needs to shift from just “hobbyist favors” to actual, reliable infrastructure that doesn’t break every time an adult in the house clicks a link. If we don’t make these sovereign nodes as easy as a light switch, people will always fall back into the arms of a corporation just to get through their Monday. We have to be the ones who put in the work to make the “resistance” feel like less of a chore and more like a utility.

Show threadirmadladJan 10

If we don’t make these sovereign nodes as easy as a light switch

That’s a long row to hoe. However, I see a lot of very capable mini-servers using Lenovo and that makes me feel better. We live in a digital world now where real life and digital life are co-blended. I’ve always felt that in this digital world, each and every household should have a server. If I were a much younger man, I’ve often toyed with the idea of setting up mini-server racks to sell. But, I’m far beyond being a younger man now, and so I hope some young entrepreneur will bring that to fruition.

I’ve spent a lot of time teaching seniors at a library program

You are a better man than I Gunga Din. I’ve had a computer in front of me since the mid 70s, but a lot of my brethren shit on the notion of computers, giving that ‘…back in my day we didn’t need computers’, and the standard ‘uphill both ways in the snow’ trope. That’s a hard nut to crack because you have to want to learn before you can learn. I know people my age can learn. They damn sure don’t have much problem learning Facebook or TikTok. LOL

Show threadTar_AlcaranJan 11

time is the one resource Big Tech steals that we can’t ever get back.

That’s an odd argument, since DIY takes significantly more time than just buying a solution.

Show threadpaequ2Jan 9

Does anyone have a good guide for installing Seafile? I tried installing it a few months ago, but it’s so damn complicated with load balancers behind load balancers and a bunch of services tied together.

I gotta try again.

Show threadpaequ2Jan 9
What about connectivity? I’m currently using Tailscale cuz it’s so easy. Maybe I should look into WireGuard? Also, how does Headscale fit into this?
Show thread7U5K3NJan 9

Wireguard is stupid easy.

I run a docker container using docker compose. Put in my bits of info on the compose file…

Launch the container and scan a QR code with my phone app.

Done.

Openvpn was out to door when I saw how easy wireguard is

Show threadfrancoisJan 10

As OP said, it’s fine if you still use some corporate services, I think this one should be in the bottom of the list

Wireguard can easily replace simple Tailscale usages, like if you only have 2 nodes to connect and have a static IP address. One thing Tailscale is good at is creating a mesh network, where if you have more than 2 nodes, you only need to configure each one to connect to the central server which will allow the nodes to connect to each other (internally it uses a wireguard connection). With plain wireguard if you have 4 nodes, you need to configure on each one the configuration to the 3 other. Another thing Tailscale is good at is Nat hole punching, if your ISP provider doesn’t give you a static IP address or if you don’t want to open a port in the firewall of your home router, Tailscale will allow you to access services hosted on your local network (another commercial solution for this is cloudflare tunnel), wireguard doesn’t provide this

When you’re using tailscale, they get a lot of metadata about your hosts, but the data transfered between your nodes is encrypted (by wireguard)

By replacing the tailscale servers which are ran by the tailscale company with headscale which is the self hostable open source solution, tailscale won’t be able to get the metadata of your nodes. Tailscale clients are oss and compatible with headscale, but headscale is not on par for features (like tailscale serve or funnel).

For headscale to really make sense it usually needs to run on a pubicly accessible host like a vps, and not in your home network. Another selfhosted alternative to tailscale, which have totally different approach, is pangolin

Hope this helps

Show threadMikeJan 9

I think a good test is to shut off your house internet and see what things you still need. Like actually disconnect the router and only go off your own infa. What can you get done, what things do you still need?

For me I found out:

  • All my software development packages, linux isos, etc…. are ALL online. If I was unable to get on certain websites, I would be SOL in doing most of my software development. Even simple stuff like installing via apt would be VERY hard.
  • While I have OSM (open street maps), I dont have address info saved anywhere.
  • Most of my mesh stuff (meshtastic) has online tools for all the builds and deploys. Meaning if the website goes down im SOL getting new nodes out in the wild.
  • Entertainment is pretty much covered, since we dont have anything streaming anyways. We try to keep things DRM free to begin with so books/audio/movies can go to different places without worry.
  • Radio still works, so news isnt really a big deal.
  • I need to get a backup of some encyclopedias and/or get wikipedia somewhere hosted. That would be fun and informative.
    • Show threadirmadladJan 9

    I need to get a backup of some encyclopedias and/or get wikipedia somewhere hosted. That would be fun and informative.

    I selfhost the full Wikipedia in Kiwix, plus a decent amount of IT, Political, History reading material in my Calibre library. I’m not much for fiction, novels, or movies.

    Kiwix - Home

    Kiwix is a nonprofit organisation making free knowledge accessible where the Internet is not. We create and support open technologies that bring the world’s knowledge Offline via our own open-source software dedicated to providing offline access to free educational content, and more…

    Kiwix
    Show threadMikeJan 9
    Oh neat, its on yuno https://apps.yunohost.org/app/kiwix
    YunoHost app store | Kiwix

    Show threadMikeJan 9

    Im having a heck of a time finding material. Any recommendations?

    Im downloading this version of wikipedia: https://browse.library.kiwix.org/viewer#wikipedia_en_all_mini_2025-12

    I only have about 100GB left-ish so I dont want to get a huge amount. I might just get ebooks and throw those on there.

    ZIM Viewer

    Show threadirmadladJan 9
    The Kiwix Library is chock full of options: library.kiwix.org/#lang=eng
    Kiwix Library

    Show threadkumiJan 10

    On 1: Autoseeding ISOs over bittorrent is pretty easy, helps strengthening the commumity distribution, and makes sure you already have the latest stable locally when you need it.

    While a bit more resource intensive, running a full distribution package mirror is very nice if you can justify it. No more waiting for registry sync and package downloads on installs and upgrades. apt-mirror if you are curious. While not as resilient there is also apt-cacher-ng to at least get a seamless shared package cache on the local network.

    Show threadMikeJan 10

    I used to do a ton of seeding on isos but it really took its tool on the old harddrive I did it on. I kinda stopped for a long time. I used to do it for the origonal Ubuntu isos like 8.04 or something like that. And puppy linux :)…

    Ive never heard of apt-mirror, thats interesting. Ill have to take a look. thanks!