this post was submitted on 09 Jan 2026
1251 points (99.0% liked)

Selfhosted

54413 readers
1309 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
1251
Self-hosting in 2026 isn't about privacy anymore - it's about building resistance infrastructure (lemmy.world)
submitted 1 day ago* (last edited 5 hours ago) by h333d@lemmy.world to c/selfhosted@lemmy.world
220 comments fedilink hide all child comments
 

I used to self-host because I liked tinkering. I worked tech support for a municipal fiber network, I ran Arch, I enjoyed the control. The privacy stuff was a nice bonus but honestly it was mostly about having my own playground. That changed this week when I watched ICE murder a woman sitting in her car. Before you roll your eyes about this getting political - stay with me, because this is directly about the infrastructure we're all running in our homelabs. Here's what happened: A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed. And that system? Built on infrastructure provided by the same tech companies most of us used to rely on before we started self-hosting. Every service you don't self-host is a data point feeding the machine. Google knows your location history, your contacts, your communications. Microsoft has your documents and your calendar. Apple has your photos and your biometrics. And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over. They have to. It's baked into the infrastructure. Individual privacy is a losing game. You can't opt-out of surveillance when participation in society requires using their platforms. But here's what you can do: build parallel infrastructure that doesn't feed their systems at all. When you run Nextcloud, you're not just protecting your files from Google - you're creating a node in a network they can't access. When you run Vaultwarden, your passwords aren't sitting in a database that can be subpoenaed. When you run Jellyfin, your viewing habits aren't being sold to data brokers who sell to ICE. I watched my local municipal fiber network get acquired by TELUS. I watched a piece of community infrastructure get absorbed into the corporate extraction machine. That's when I realized: we can't rely on existing institutions to protect us. We have to build our own. This isn't about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles:

Communication that can't be shut down: Matrix, Mastodon, email servers you control

File storage that can't be subpoenaed: Nextcloud, Syncthing

Passwords that aren't in corporate databases: Vaultwarden, KeePass

Media that doesn't feed recommendation algorithms: Jellyfin, Navidrome

Code repositories not owned by Microsoft: Forgejo, Gitea

Every service you self-host is one less data point they have. But more importantly: every service you self-host is infrastructure that can be shared, that can support others, that makes the parallel network stronger. Where to start if you're new:

Passwords first - Vaultwarden. This is your foundation. Files second - Nextcloud. Get your documents out of Google/Microsoft. Communication third - Matrix server, or join an existing instance you trust. Media fourth - Jellyfin for your music/movies, Navidrome for music.

If you're already self-hosting:

Document your setup. Write guides. Make it easier for the next person. Run services for friends and family, not just yourself. Contribute to projects that build this infrastructure. Support municipal and community network alternatives.

The goal isn't purity. You're probably still going to use some corporate services. That's fine. The goal is building enough parallel infrastructure that people have actual choices, and that there's a network that can't be dismantled by a single executive order. I'm working on consulting services to help small businesses and community organizations migrate to self-hosted alternatives. Not because I think it'll be profitable, but because I've realized this is the actual material work of resistance in 2025. Infrastructure is how you fight infrastructure. We're not just hobbyists anymore. Whether we wanted to be or not, we're building the resistance network. Every Raspberry Pi running services, every old laptop turned into a home server, every person who learns to self-host and teaches someone else - that's a node in a system they can't control. They want us to be data points. Let's refuse.

What are you running? What do you wish more people would self-host? What's stopping people you know from taking this step?

EDIT: Appreciate the massive response here. To the folks in the comments debating whether I’m an AI: I’m flattered by the grammar check, but I'm just a guy in his moms basement with too much coffee and a background in municipal networking. If you think "rule of three" sentences are exclusive to LLMs, wait until you hear a tech support vet explain why your DNS is broken for the fourth time today.

More importantly, a few people asked about a "0 to 100" guide - or even just "0 to 50" for those who don't want to become full time sysadmins. After reading the suggestions, I want to update my "Where to start" list. If you want the absolute fastest, most user-friendly path to getting your data off the cloud this weekend, do this:

The Core: Install CasaOS, or the newly released (to me) ZimaOS. It gives you a smartphone style dashboard for your server. It’s the single best tool I’ve found for bridging the technical gap. It's appstore ecosystem is lovely to use and you can import docker compose files really easily.

The Photos: Use Immich. Syncthing is great for raw sync, but Immich is the first thing I’ve seen that actually feels like a near 1:1 replacement for Google Photos (AI tagging, map view, etc.) without the privacy nightmare.

The Connection: Use Tailscale. It’s a zero-config VPN that lets you access your stuff on the go without poking holes in your firewall.

I’m working on a Privacy Stack type repo that curates these one click style tools specifically to help people move fast. Infrastructure is only useful if people can actually use it. Stay safe out there.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] merc@sh.itjust.works -2 points 9 hours ago (1 children)

Communication that can't be shut down: Matrix, Mastodon, email servers you control

Uh, those can all be shut down. You may control the server but you don't control the datacenter the email server lives in, unless you're hosting out of your house, which is a bad idea. You also don't control the pipes to and from these servers. There have been many plans over the years requiring that ISPs ban users who are accused of copyright infringement. And, even if you don't infringe copyrights, we all know about how the DMCA can be weaponized against people who have done nothing wrong.

File storage that can't be subpoenaed: Nextcloud, Syncthing

Sorry, your own file storage can be subpoenaed, you just don't have a lawyer on call to help you through the process. If you think "haha, I'll just delete the data", you can be in much worse trouble. AFAIK in some cases the judge / jury are allowed to assume that evidence that you deleted was incriminating.

I self-host things and think it's a good idea. But, don't go overboard with how good it is. It's still vulnerable to government and corporate actions. in many cases you're more vulnerable because you're on your own, you probably don't have a lawyer on retainer, etc.

load more comments (1 replies)
[–] this@sh.itjust.works 2 points 14 hours ago

I'm forwarding this to as many people as I can.

[–] Appoxo@lemmy.dbzer0.com 15 points 22 hours ago* (last edited 22 hours ago) (3 children)

I don't have worries about password managers like bitwarden as the vault is zero knowledge and encrypted with a, to bitwarden, unknown key.

And I trust that bitwarden can secure their infrastructure better than me.

About your question what I host at home:
OPNsense
Veeam Backup and Replication (not (F)OSS but I like it and it's reliable. We also use it at work so it helps my profession)
The *arr Suite
HortusFox (plant management)
Immich
Jellyfin
Syncthing
Resilio
Unifi Network Application (Also not FOSS)
Uptime Kuma
Wallos (subscription tracker. Pretty awesome overview!)
PiHole

Can't remember when I started.
I believe it was around 2019 or 2020.
It started with a Raspberry because I wanted a NAS but was too cheap for a proper NAS appliance like a Synology NAS.
Fucked the install up a few times
Bricked the OS install during an upgrade (had 2 USB powered hard disks plugged in. But the PI had not enough to supply both and itself during writing to it so the network share sometimes failed)
Installed Plex
Found out Plex doesnt allow transcoding with the free version
Found out Jellyfin and installed it on the Pi.
Bad experience with Jellyfin and anime releases as they use ASS/SSA subtitles
Later upgraded to an i5-11th Gen NUC to get HWA transcoding on Jellyfin
Fucked up the Intel driver situation but HWA somehow worked
Inplace upgraded the NUC from Debian 10 to Debian 12 and restored my docker container from backup
(I assumed it would take like 4h or so to replace the SSD, install debian, install the core packages (like docker, etc.) and restore the files. In the end it took about 8h (after an 8h workday) and finished around 3am. But it worked. Very well on top.

The hobby is expensive but rewarding.
My stack:
HPE 1930-24G PoE switch
Unifi AP mini
HP ProDesk SFF with an i5-7th gen (manually upgraded to something we were throwing out. Harvested the CPU. Crosschecked the BIOS support with the quickspecs by HP) (Proxmox with OPNsense virtualized)
Intel i5-11th NUC (Docker host)
Intel i3-13th NUC (primary Proxmox host. Holds the Veeam Backup server)
Raspberry Pi 4 4GB (docker host with the sole purpose of doing pihole DNS)
uGreen DXP4800+ with 4x15TB in RAIDZ2 (swapped the OS with a TrueNAS Scale SSD.)

Newcomer:
GL-iNet Slate 7 as my travel router. Configured a Wireguard VPN on it with the OPNsense guide. Worked very well.
I have to commend the guide writer on it. But the steps were a bit confusing if you werent reading it carefully.

Picture of my stack (literally) :)

load more comments (3 replies)
[–] Warl0k3@lemmy.world 6 points 19 hours ago* (last edited 19 hours ago)

I hate to point this out, but it's 2026.

Everything else is great though.

[–] Formfiller@lemmy.world 15 points 1 day ago (3 children)

How can I learn more about this stuff because I think like a lot of people I’m not that tech savvy

[–] mrl1@jlai.lu 2 points 17 hours ago

It's a bit steep, you can go on YouTube for a bit, then browse the documentation of any word you don't understand (AI can help a lot with understanding but will get confused at any troubleshooting task) the steps can be resumed quite easily:

Find an OS:

  • see what kind of data you're working with (photos, videos, films,...) it all depends on your orientation/hobby/personality
  • find what kind of applications you'd want to run, for how many people roughly ( personally I knew I would aim to replace netflix and cloud for close family and maybe a couple friends and circumvent as much as possible things like WeTransfer and compressions when sharing pictures in chats)
  • see how much money and time you are willing to put in : first for the launch, then on a weekly basis (you can go for very cheap non redundant app first os like OP mentioned if you can pay to back it all up remotely/ have a separated NAS or see if you'd prefer to assume resilience mainly on your side)

Then you have a rough idea of your needs (this is all YouTube knowledge thus far, you can start looking at videos of people trying to use, comparing, ranking different solutions and tutos for how it's like to set up for the first time and how do app work in those systems (docker, app stores, how big the community is around them, how much of a sysadmin you have to be to run and set it up...)

Then from that you can start seeing how which install fits in your budget and time allocation. After that, sinking hours of troubleshooting and setup is almost straightforward, it's just going to be a list of side quests to complete the main one with a side of documentation.

On my side I initially wanted to go full free software, I wanted to use my 10 years old windows desktop to run trueNAS (it was already running jellyfin in docker desktop, useless for the process but is a fun starter to dip a toe in to get a feel). I bought on eBay a couple hard drives (ended up buying very cheap enterprise SAS, I recommend, mind you you'll need a daughterboard)(you'll see that different OS require different RAM, SSD, HDD ratios to run smoothly so recycling old hardware often requires upgrades) I completely failed to make trueNAS work correctly and since it's enterprise first it has very... unfriendly conceptions about flexibility and user friendliness (brutal on the kind of budget and time I had).

After abandoning the project for a couple of months (due to exams mainly, and the fact I couldn't repress myself from spending nights on unresolved issues) I decided to go the Unraid route (which is paid, yikes, but truly hasn't let me down once, the community is huge and the software is rock solid and really helps you not fuck everything up (which trueNAS will happily let you do), I truly recommend that investment, they have a generous trial period, it's really really great).

After that it's just more setup for hours on end, transferring files to Immich, re-setting all the AI knowledge about faces (also for me a lot of metadata correction for very old family photos), letting disks and parity initialize, moving old backups from old drives into the new system, including the clean disks into the array, setting up prowlarr, radarr, sonarr, jellyfin.

Then comes the other hard question : how to do you access remotely ? (By now you already have a better idea about how docker and local network works and how important it is to secure it properly; and you're about to learn how little your ISP cares about you)

I tried boilerplate wireguard, it's wonderful but a very MANUAL setup with a DDNS. But honestly (even though I really did not want to spend another penny) the cloud flared tunnel with your own domain is kind of what you want (because they have neat zero trust features, for exemple to access any of the services I host that do not have to have in-app access (Immich, jellyfin, that have authentication built-in) are behind 2FA based on a short whitelist of email addresses which reduces immensely how much protection I have to care about.

After that you can go on to nextcloud (requires remote access on a domain) and all the rest of the fun stuff.

Now the thing is (like every hobby) there is a perfect solution, it's at least tens of thousands of euros and you need a guy to manage it, but it's bulletproof and will survive any attack.

You are not that person, you try stuff that is on your level, you don't assume perfect functionality in one weekend and you take time to learn on every step of the way. In my quick little summary you can already feel (as I am a noob as well) that it's a very iterative process, often you'll half-ass something to move on, then come back to upgrade it when needed. You are very much building a machine, first from the hardware side, then mainly from the inside.

At some point you'll have people around you start finding out how useful and interesting all this is, and it's a very rewarding feeling to see what you assembled (because you haven't typed a single command line in the terminal thus far) starting to get some use.

Hope this helps as a little piece of motivation, and if you are to start now I hope you have some old RAM laying around, in any case, start small and build up :)

[–] ifmu@lemmy.world 7 points 23 hours ago

Just start. Even the most tech savvy of us started not knowing any of this. More importantly do what you’re interested in and that benefits you. You don’t have to have some grand implementation. Start simple and the rest follows.

load more comments (1 replies)
[–] batman0730@lemmy.world 19 points 1 day ago (3 children)

100%

I do find it funny that I offer so many friends and family access to these services, and they generally just take the accounts and never use them.

load more comments (3 replies)
[–] plyth@feddit.org 15 points 1 day ago* (last edited 1 day ago) (1 children)

The Connection: Use Tailscale.

Be prepared that this can be shut down.

There is no way around talking with politicians and other citizens to make sure that human rights and democracy is not further abandoned.

[–] irmadlad@lemmy.world 2 points 17 hours ago

Be prepared that this can be shut down.

Everything can be shut down. Just because you don't see it happen much in the US, doesn't mean it's not on some official directive.

[–] marighost@piefed.social 124 points 1 day ago (9 children)

I agree with your post 100% I think. Removing oneself from big tech/data services like Google and Microsoft is resisting the regime. It's especially useful for folks that may not be able to get out and protest, meet with their representatives, etc.

As for me, I'm running my *arr/media stack for myself and my close friends and family. Fuck Disney, Netflix, and Paramount. For our household, HomeAssistant keeps the lights on and SyncThing backs up our files to the NAS.

[–] h333d@lemmy.world 31 points 1 day ago (5 children)

Spot on. Self-hosting is the most effective form of quiet, material protest we have. Every time your family uses Syncthing instead of OneDrive, you’re starving the machine of the telemetry it needs to function.

Running that stack for your inner circle is essentially building a "digital mutual aid" node. You're taking the burden of surveillance off their backs and putting it on your own hardware where you can actually defend it. That's the work.

load more comments (5 replies)
load more comments (8 replies)
[–] morto@piefed.social 43 points 1 day ago

Don't stop at self-hosting. We need all forms of community building, from organizing like-minded people to gardening, off-grid energy, etc.

[–] tjoa@feddit.org 7 points 22 hours ago (2 children)

I think we should have a system to find and join self-hosted instances from other people. Most of us probably dont mind a few more users since our servers are idling most of the time. And this would not require grandma From Facebook to docker compose….

[–] i_am_tired_boss@lemmy.world 5 points 21 hours ago

"Grandma From Facebook to Docker Compose". Sounds like a punk band in Silicon Valley.

load more comments (1 replies)
[–] WorldsDumbestMan@lemmy.today 17 points 1 day ago (1 children)

Here we go. The war has started, whether you like it or not. No more pussy talk, now it's time for us to act in whatever antagonistic way we can to the current regimes.

[–] h333d@lemmy.world 10 points 1 day ago (1 children)

It’s hard to call it anything else when you see the actual human cost on the street. But the most "antagonistic" thing we can do right now isn't just venting, it's making surveillance models obsolete.

[–] WorldsDumbestMan@lemmy.today 9 points 1 day ago

It's creating an entire ecosystem for ourselves, and locking the monsters out.

[–] Bob_Robertson_IX@discuss.tchncs.de 21 points 1 day ago (4 children)

Great points, and there's some amazing discussions going on here!

One thing I'd like to add is EVERYONE needs to start setting up some meshtastic nodes. It's really easy to setup (just hook up a USB cable from your computer to a esp32 board, visit a website to get the configuration, and that's pretty much it), it's cheap (as little as $30) and it is secure. Build 2 nodes (one to leave at home, and another for your backpack). This way you'll be able to communicate should the Internet become unavailable or unsafe. You can also use this at a protest so that you still have a means of communication without needing to bring your phone that the Feds will be able to track.

load more comments (4 replies)
[–] null@piefed.nullspace.lol 58 points 1 day ago

Hell yeah! I'd argue it's even true of 2026!

[–] Bonifratz@piefed.zip 38 points 1 day ago* (last edited 22 hours ago) (18 children)

What’s stopping people you know from taking this step?

I'm a noob when it comes to IT. (Even though in my family I'm the one people ask when they have computer issues lol.) I would really like to get into self-hosting and all that, and I think if I found some good guides I would probably be able to make things work, but it still sounds very daunting to me. Like, I imagine days if not weeks of sifting through online resources to fix a thousand little errors and issues that would come up. (Maybe I'm mistaken, maybe it's all really easy even for noobs. Just trying to explain my feelings on the matter.)

Edit: Woke up to 10 replies lol. Thanks for everybody's input and helpful links. I think this might become a future project for me, but not before winter 26/27 (for life reasons).

[–] EncryptKeeper@lemmy.world 28 points 1 day ago (1 children)

It is a skill much like maintaining a car yourself, or your own lawn/garden.

It’s pretty easy to get started, and there are certain ways of doing things that keep it pretty simple forever, at the cost of some flexibility.

But no matter how you do it, there will be a non-zero amount of work involved indefinitely. Just like you need your cars oil changed, your garden mulched and weeded, or your server patched and cleaned up once in awhile.

load more comments (1 replies)
load more comments (17 replies)
[–] motruck@lemmy.zip 10 points 1 day ago (19 children)

Are all these long form posts written with the help of AI? The length of posts here seem abnormally long for this type of forum. I'm not saying I don't like it but I'm immediately skeptical when I see a giant post nowadays.

[–] h333d@lemmy.world 28 points 1 day ago (7 children)

I’m definitely a human, just a concerned poster who actually gives a damn about what’s happening to our digital privacy.

I’ll take the "AI" comments as a compliment to my grammar, I guess, but it's a bit sad that we’ve reached a point where structured thoughts and bullet points make people suspicious. I use the dashes and lists because I want this info to be readable, not because I’m a bot running on a server somewhere.

I’ve spent enough time working in tech and volunteering with seniors to know that if you don't lay things out clearly, the message gets lost. I’m just someone trying to help people get their tech privacy back. No LLM required. Just a lot of caffeine and a genuine annoyance with where Big Tech is heading.

load more comments (7 replies)
[–] BoycottTwitter@lemmy.zip 12 points 1 day ago (1 children)

For what it's worth I read the whole thing in what felt like one or two minutes and I don't think I'm a particularly fast reader. I think it looks longer because there are not many blank lines. It seems well written but I guess I do slightly get that AI feeling too, it just might be because he/she is a good writer so now people think good writing is AI, sad it's coming down to this.

load more comments (1 replies)
load more comments (17 replies)
[–] q7mJI7tk1@lemmy.world 29 points 1 day ago (1 children)

I was just thinking this week, that those who self host (and more importantly, those who program the code we self host), are at the front line of the modern digital resistance: in the sense that the world is burning due to the greed of the tech bros that run our daily lives. Convienience for the masses is what gives them power over us, and any one who rejects their systems is helping to fight back.

Voting with your wallet helps, so not giving them your money is the first step. Then managing and keeping your own data private is the next one.

load more comments (1 replies)
[–] Blip6338@lemmy.ca 17 points 1 day ago* (last edited 1 day ago)

For those of you who are interested in this but don't know where to start I think https://www.freedombox.org/ may be a good starting point. It's been around for a long time, provides easy enough installation and a nice web interface for management. Its based on Debian and you can give it a try on their demo.

Also the vision for the project aligns pretty much with what op is saying https://wiki.debian.org/FreedomBox/Vision

load more comments
view more: ‹ prev next ›