Self-hosted Infrastructure

Complete sovereignty over personal data.

A deliberate effort to stop depending on services that treat data as a product. Every personal and household service runs on owned hardware, with no third-party cloud storage for anything sensitive.

Hardware

  • Powerhouse. An Intel N100 mini PC running 24/7 in a cupboard in Banbury. Quiet, low-power, surprisingly capable. Runs all services as Docker containers on Debian Linux.
  • Networking. OPNsense firewall for network segmentation. Two Omada access points for WiFi. External access goes through Cloudflare Tunnels — no ports exposed to the internet.

Services

  • Nextcloud. File sync, calendars, contacts. Drop-in replacement for Google Drive and Google Calendar.
  • Vaultwarden. Bitwarden-compatible password manager. Self-hosted vault, no subscription required.
  • Immich. Photo library with ML-powered face recognition and search. Full Google Photos replacement.
  • Paperless-ngx. Document management with OCR. Every piece of paper that comes through the door gets scanned, tagged, and searchable.
  • Uptime Kuma. Service monitoring with status page. If something goes down, I know before I need it.

Tech stack

Docker Debian Linux Caddy Cloudflare Tunnels OPNsense Restic Backblaze B2 Uptime Kuma

Backups

  • Restic + Backblaze B2. Daily encrypted backups of all service data and configs. Offsite, versioned, tested. The stack can be rebuilt from scratch in under an hour.