Data Sovereignty Through Self-Hosting
Built a comprehensive home infrastructure cluster using repurposed MacMini hardware to maintain complete data sovereignty and avoid cloud dependencies. This project represents a complete shift away from cloud services, with self-hosted email, DNS, and over 100 additional services.
Infrastructure Components
- Repurposed MacMini Cluster: Sustainable infrastructure using existing hardware
- Self-Hosted Email: Complete email sovereignty and control
- DNS Infrastructure: Custom DNS services for complete control
- 100+ Services: Comprehensive self-hosting ecosystem
- Data Sovereignty: Complete control over personal and business data
Hybrid Cloud Architecture
The infrastructure operates as a hybrid home cloud—combining the security and sovereignty of local hosting with the accessibility of public cloud. At its core is a highly secure controlled data vault, protected by layered security measures that keep sensitive data completely isolated from the public internet.
WireGuard Mesh Networking Innovation
To enable this hybrid architecture, I built a custom mesh networking tool inspired by Docker Swarm's join token approach. Rather than relying on Tailscale or similar services with their coordination servers and account dependencies, this tool provides the same frictionless "join token" experience while keeping all networking completely self-controlled.
The mesh enables secure ingress through a public-facing VPS server—conceptually similar to Cloudflare's Argo tunnels—allowing controlled access to home-hosted services without exposing the internal network. Traffic flows through carefully tuned paths, with the mesh automatically handling peer discovery and connection establishment.
Technical Achievements
- Join Token Simplicity: New nodes join the mesh with a single token, similar to Docker Swarm—no manual configuration of peer connections
- Zero Coordination Servers: Unlike Tailscale or ZeroTier, no third-party coordination infrastructure required
- Public Ingress, Private Core: VPS servers provide public-facing endpoints while the data vault remains completely isolated
- Quantum-Resistant: Future-proof networking with post-quantum cryptography options
Impact
This infrastructure represents a complete commitment to data sovereignty. No monthly cloud bills. No vendor lock-in. No data leaving my control. The cluster runs 100+ services autonomously—I rarely need to think about it.
The best infrastructure is the kind you forget exists. These systems just work, day after day, without demanding attention or generating support tickets.