CLI agents make self-hosting on a home server easier and fun

Posted by websku 1/11/2026

CLI agents make self-hosting on a home server easier and fun(fulghum.io)

775 points | 549 commentspage 10

jaime-ez 1/12/2026|

has any one experience using cloudflare tunnels in a (small scale - 5000 user/day) self hosted web service? I just got 2 dynabook XJ-40 (32 gb ram, 512 gb ssd) for 200 usd each and I'm going to replace my DO droplets with them (usd150+ per month). I plan to use cloudflare tunnel to make the service available to the internet without exposing my home network. Any downsides ? (besides that cloudflare will be MITM for the service but it is not a privacy focused business)

WiSaGaN 1/12/2026||

I have a similar experience when I found out that claude code can use ssh to conect to remote server and diagnose any sysadmin issue there. It just feels really empowered.

RicoElectrico 1/11/2026||

I just use Proxmox on Optiplex 3060 micro. On it, a Wireguard tunnel for remote admin. The ease of creating and tearing down dedicated containers makes it easy to experiment.

esbeeb 1/12/2026|

I too have that same Dell Optiplex 3060 micro. I love it for experimenting also. Also use wireguard for remote access. I use incus for my Linux containers, preferring it to proxmox.

timwis 1/12/2026||

Great article! I think a paragraph on your backup strategy would make it even more complete and compelling, particularly given you put your passwords and photos in there.

jordanf 1/12/2026|

thanks. I fleshed that out a bit more. appreciate the feedback.

micw 1/12/2026||

For me the most important benefit is that the agent can keep the docs up to date. When I do a change, I let it document what is changed, how and why.

nick2k3 1/11/2026||

All fine and great with Tailscale until you company places an iOS restriction on external VPNs and your work phone is also your primary phone :(

ivanjermakov 1/11/2026||

Usually you can ask for a separate phone for work. I can't stand when personal devices are poisoned with Intune and other company crap.

jacobthesnakob 1/11/2026|||

My work WiFi blocked traffic to port 51820, the default WireGuard port. I was wondering why my VPN started failing to handshake one day. I changed my ports to 51821 that night and back in business. I checked our technology policy and there’s no “thou shalt not use a VPN” clause so no clue why someone one day decided to drop WireGuard traffic on the network.

teiferer 1/12/2026||

Restrict use of private devices?

Though just blocking particular ports for this purpose is very 90s and obviously ineffective, as you demonstrated. Anybody proficient in installing wireguard also knows how to change ports.

teiferer 1/12/2026||

> your work phone is also your primary phone :(

That's the flaw right there. Don't mix company assets with pricate use. Phone, laptop, car. Your life is already very dependent on your employer (through income), don't get yourself locked in even more by depending on them for personal tech. Plus it's a security risk to your company.

Unless you have a low paying job, which rarely anybody on HN does, you can afford your own phone and laptop. And IT won't find your messages to girlfriend or pictures you don't want others to see or browsing history.

mzhaase 1/12/2026||

Instead of the vibe-admin approach, why not have the LLM write an Ansible playbook? At least its repeatable and auditable that way.

imadierich 1/12/2026|

[dead]

fergie 1/12/2026||

I see why this is easy and fun, but is it really "self-hosting" if you are dependent on a $1200 a year AI-service to build and maintain it?

reachableceo 1/11/2026||

Cloudron makes this even easier. Well worth 1.00 a day! Handles the entire stack (backups , monitoring , dns , ssl , updates ).

mintflow 1/12/2026|

This is the reason why I am creating a Debian VM on my macOS to let Claude code in yolo mode to do some experiment:)

More comments...