this post was submitted on 09 Jan 2026

1377 points (98.9% liked)

Selfhosted

54413 readers

847 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

1377

Self-hosting in 2026 isn't about privacy anymore - it's about building resistance infrastructure (lemmy.world)

submitted 1 day ago* (last edited 18 hours ago) by h333d@lemmy.world to c/selfhosted@lemmy.world

241 comments fedilink hide all child comments

I used to self-host because I liked tinkering. I worked tech support for a municipal fiber network, I ran Arch, I enjoyed the control. The privacy stuff was a nice bonus but honestly it was mostly about having my own playground. That changed this week when I watched ICE murder a woman sitting in her car. Before you roll your eyes about this getting political - stay with me, because this is directly about the infrastructure we're all running in our homelabs. Here's what happened: A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed. And that system? Built on infrastructure provided by the same tech companies most of us used to rely on before we started self-hosting. Every service you don't self-host is a data point feeding the machine. Google knows your location history, your contacts, your communications. Microsoft has your documents and your calendar. Apple has your photos and your biometrics. And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over. They have to. It's baked into the infrastructure. Individual privacy is a losing game. You can't opt-out of surveillance when participation in society requires using their platforms. But here's what you can do: build parallel infrastructure that doesn't feed their systems at all. When you run Nextcloud, you're not just protecting your files from Google - you're creating a node in a network they can't access. When you run Vaultwarden, your passwords aren't sitting in a database that can be subpoenaed. When you run Jellyfin, your viewing habits aren't being sold to data brokers who sell to ICE. I watched my local municipal fiber network get acquired by TELUS. I watched a piece of community infrastructure get absorbed into the corporate extraction machine. That's when I realized: we can't rely on existing institutions to protect us. We have to build our own. This isn't about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles:

Communication that can't be shut down: Matrix, Mastodon, email servers you control

File storage that can't be subpoenaed: Nextcloud, Syncthing

Passwords that aren't in corporate databases: Vaultwarden, KeePass

Media that doesn't feed recommendation algorithms: Jellyfin, Navidrome

Code repositories not owned by Microsoft: Forgejo, Gitea

Every service you self-host is one less data point they have. But more importantly: every service you self-host is infrastructure that can be shared, that can support others, that makes the parallel network stronger. Where to start if you're new:

Passwords first - Vaultwarden. This is your foundation. Files second - Nextcloud. Get your documents out of Google/Microsoft. Communication third - Matrix server, or join an existing instance you trust. Media fourth - Jellyfin for your music/movies, Navidrome for music.

If you're already self-hosting:

Document your setup. Write guides. Make it easier for the next person. Run services for friends and family, not just yourself. Contribute to projects that build this infrastructure. Support municipal and community network alternatives.

The goal isn't purity. You're probably still going to use some corporate services. That's fine. The goal is building enough parallel infrastructure that people have actual choices, and that there's a network that can't be dismantled by a single executive order. I'm working on consulting services to help small businesses and community organizations migrate to self-hosted alternatives. Not because I think it'll be profitable, but because I've realized this is the actual material work of resistance in 2025. Infrastructure is how you fight infrastructure. We're not just hobbyists anymore. Whether we wanted to be or not, we're building the resistance network. Every Raspberry Pi running services, every old laptop turned into a home server, every person who learns to self-host and teaches someone else - that's a node in a system they can't control. They want us to be data points. Let's refuse.

What are you running? What do you wish more people would self-host? What's stopping people you know from taking this step?

EDIT: Appreciate the massive response here. To the folks in the comments debating whether I’m an AI: I’m flattered by the grammar check, but I'm just a guy in his moms basement with too much coffee and a background in municipal networking. If you think "rule of three" sentences are exclusive to LLMs, wait until you hear a tech support vet explain why your DNS is broken for the fourth time today.

More importantly, a few people asked about a "0 to 100" guide - or even just "0 to 50" for those who don't want to become full time sysadmins. After reading the suggestions, I want to update my "Where to start" list. If you want the absolute fastest, most user-friendly path to getting your data off the cloud this weekend, do this:

The Core: Install CasaOS, or the newly released (to me) ZimaOS. It gives you a smartphone style dashboard for your server. It’s the single best tool I’ve found for bridging the technical gap. It's appstore ecosystem is lovely to use and you can import docker compose files really easily.

The Photos: Use Immich. Syncthing is great for raw sync, but Immich is the first thing I’ve seen that actually feels like a near 1:1 replacement for Google Photos (AI tagging, map view, etc.) without the privacy nightmare.

The Connection: Use Tailscale. It’s a zero-config VPN that lets you access your stuff on the go without poking holes in your firewall.

I’m working on a Privacy Stack type repo that curates these one click style tools specifically to help people move fast. Infrastructure is only useful if people can actually use it. Stay safe out there.

(page 4) 50 comments

sorted by: hot top controversial new old

[–] irmadlad@lemmy.world 8 points 1 day ago* (last edited 1 day ago) (3 children)

What’s stopping people you know from taking this step?

As with any privacy, security, and anonymity efforts, it takes work. Nothing I am doing can't be accomplished by someone else once the work is put in because I possess no special skills or certs on my wall to reflect any special skills. Just reading a lot, doing, screwing it up, rinse/repeat ad nauseam. We live in a world of convenience, where 'someone else' does the work and we capitalize on their efforts, and it's this point where I see most people falling off the wagon.

Additionally, the average Joe really doesn't have a firm grasp on what happens between the time you click a link in your browser to the time it returns with your webpage. They definitely don't realize the preponderance of traffic being generated even on a PC at rest. They may see adverts taking up real estate on their computer screen, but no clue about what's going on behind the pretty graphics. To them it's akin to advertising on a billboard, which it's far more insidious.

Then there's the obligatory 'I'm not technologically inclined', especially from those in my generation of old heads who are stubborn cusses for the most part. However, for the younger, upwardly mobile, youngsters, there is the element of time. For the average family in this economy, it takes both adults working to make ends meet. They get up every morning, go to work, come home exhausted, spend a little quality time with the kids, and it's off to collapse in bed, only to do it over and over again. On the weekends, there are extracurricular activities for the kids, quality time with the family, catching up on any household chores.....and then it's Monday. They don't have the time nor the inclination to learn how to stand up a Linux server.

I've got a couple friends who bought the equipment, and I set it all up for them, and administer any thing remotely. It does become a headache sometimes. Users cause issues. Luckily it's only a couple.

my 2p

load more comments (3 replies)

[+] Appoxo@lemmy.dbzer0.com 2 points 1 day ago* (last edited 1 day ago) (1 children)

[deleted]

[–] Prior_Industry@lemmy.world 1 points 1 day ago (1 children)

The only concern I have seen written is if someone altered how the bitwarden client / extension itself works to expose / extract your vault. Not sure how feasible that would be.

[–] Appoxo@lemmy.dbzer0.com 1 points 1 day ago (1 children)

FYI as my former comment hasnt federated yet: I delete my comment because I suspected my edits wouldnt go through fast enough for everyone to see.
So i deleted it and reposted as a new comment: https://lemmy.dbzer0.com/comment/23665757

Anyway: Could you elaborate what you mean exactly?

[–] Prior_Industry@lemmy.world 1 points 1 day ago* (last edited 1 day ago) (1 children)

So say for example that someone manages to get into a position (or the Bitwarden Devs) to alter the code for the Bitwarden Chrome extension and compromise it, this code is then deployed from their update service to your device. You then use the compromised extension to login to your vault, at that point your vault contents could be extracted for a third-party to view.

I just want to say, this was something I saw another user put up as a risk on another thread a few months back, so I don't know if that's actually feasible to achieve or what protections Bitwarden have in place to stop such a thing happening.

Even so, I still use Bitwarden. If you're getting that deep into the weeds, unless you are writing all the code yourself or interrogating the code others put up before updating your system this sort of thing would always appear to be a risk.

[–] Appoxo@lemmy.dbzer0.com 1 points 1 day ago

You basically mean a supply-chain attack?
I mean...Sure that's a valid concern but on the other hand, Bitwarden is OSS, the client and AFAIK the server components.
So the threat looks to me identical for Bitwarden as it is for Keepass.

But it's probably easier to infiltrate the actual user system and wait for the unlock of the vault to happen for exfiltratration than just stealing the vault with argon2id salted hashes and trying to crack that open.
It may be of concern for a state/big corp person of interest but you and me? Probably less so.

I'll continue paying for Bitwarden.
Not of interest having to mess with passsword safekeeping.
Same goes for email.
Yes, I could host the server at home and use an SMTP relay for sending emails from a reputable emailing IP but the email provider I currently use at the price is okay enough for me to not really care. So I don't :p

[–] umbrella@lemmy.ml 3 points 1 day ago* (last edited 1 day ago) (4 children)

pretty convenient for them prices are skyrocketing right now then.

load more comments (4 replies)

[–] InFerNo@lemmy.ml 2 points 1 day ago (2 children)

The missing link is networking. You can use VPNs all you want, but in the end you're using an uplink to your ISP who can shut it down at any moment. Some countries turn off the internet when things get rowdy, so it's already in the playbook.

Was looking into a mesh last year, but I'd be a floating island. Can't transmit long range, this angers the people in charge, too. Not sure how to overcome this part.

[–] GreenKnight23@lemmy.world 1 points 1 day ago (4 children)

I2P

load more comments (4 replies)

load more comments (1 replies)

[–] Resonosity@lemmy.dbzer0.com 4 points 1 day ago (4 children)

In the spirit of OP's post:

Do we have a good repository of good guides that can walk noobs through from 0-100?

load more comments (4 replies)

[–] Dialectical_Specialist@quokk.au 5 points 1 day ago (2 children)

Great post. I have been wondering for awhile how those of us who understand the importance of all this can best organize and ensure growth towards a movement. What reliable orgs are honestly at the front, helping get the word out about these interconnected issues?

[–] h333d@lemmy.world 4 points 1 day ago

That’s a big question because individual action only goes so far before you hit a wall, for the heavy-duty legal and policy stuff, the Electronic Frontier Foundation (EFF) is still the gold standard, and I really respect The Calyx Institute for actually providing hardware and internet access that doesn't track you. Also look at Tactical Tech, they do amazing work on digital literacy for activists, and the Matrix.org Foundation is building the actual backbone for the communication side.

But honestly, I think the most important "organizations" are the ones we haven't built yet, the local community networks where people help their neighbors get off the corporate grid. My time teaching at the library with a digital literacy program for seniors taught me that we need people who can translate this tech into something a regular person can actually use, so the movement needs to be as much about education as it is about code, we have to be the infrastructure we want to see, one node at a time.

load more comments (1 replies)

[–] paequ2@lemmy.today 5 points 1 day ago (2 children)

What about connectivity? I'm currently using Tailscale cuz it's so easy. Maybe I should look into WireGuard? Also, how does Headscale fit into this?

[–] francois@jlai.lu 4 points 1 day ago* (last edited 1 day ago)

As OP said, it's fine if you still use some corporate services, I think this one should be in the bottom of the list

Wireguard can easily replace simple Tailscale usages, like if you only have 2 nodes to connect and have a static IP address. One thing Tailscale is good at is creating an overlay network, where if you have more than 2 nodes, you only need to configure each one to connect to the central server which will allow the nodes to connect to each other (internally it uses a wireguard connection). With plain wireguard if you have 4 nodes, you need to configure on each one the configuration to the 3 other. Another thing Tailscale is good at is Nat hole punching, if your ISP provider doesn't give you a static IP address or if you don't want to open a port in the firewall of your home router, Tailscale will allow you to access services hosted on your local network (another commercial solution for this is cloudflare tunnel), wireguard doesn't provide this

When you're using tailscale, they get a lot of metadata about your hosts, but the data transfered between your nodes is encrypted (by wireguard)

By replacing the tailscale servers which are ran by the tailscale company with headscale which is the self hostable open source solution, tailscale won't be able to get the metadata of your nodes. Tailscale clients are oss and compatible with headscale, but headscale is not on par for features (like tailscale serve or funnel).

For headscale to really make sense it usually needs to run on a pubicly accessible host like a vps, and not in your home network. For other selfhosted alternative to tailscale there is netbird, or pangolin with a different approach

Hope this helps

[–] 7U5K3N@lemmy.dbzer0.com 5 points 1 day ago

Wireguard is stupid easy.

I run a docker container using docker compose. Put in my bits of info on the compose file...

Launch the container and scan a QR code with my phone app.

Done.

Openvpn was out to door when I saw how easy wireguard is

[–] FartsWithAnAccent@fedia.io 4 points 1 day ago

Wasn't resilience and control always a selling point?

load more comments