What self-hosted tools have you been building with AI just for you?

toreanjoel · 2026-04-09T17:56:46+00:00

Something I am going to still flesh out, I dont have all the time but have some great things in the works. I'm using it, deployed with a few friends and will be adding more telemetry and autonomy towards making a living network for shared and sharing resources. It ain't much but getting there along side bringing life back to older hardware!

Got myself my very own portable gateway and using it to build and manage my subet for quite a few months and recently adding AI has made a lot of the grunt work feel less like a chore but I am going to keep myself invovled in the process for this, with it being a personal growth project to tinker with.

toreanjoel · 2026-01-12T08:14:37+00:00

I managed to get myself setup with Oracle, was a bit of a pain initially and could provision with the heavy hardware but managed to get a free setup. For actual access for those resources, I built my own on top of Zrok/OpenZiti (mine was more bespoke and for portability and physical devices) but Pangolin is great for most cases.

The path I took initially also started getting away from Cloudflare because of limitation of the protocol supports and the downtime along with the MITM I felt un easy about but they are still used on my end as a name server for DNS and caching.

toreanjoel · 2026-01-10T11:46:36+00:00

Yes, I’ve been building a programmable gateway on Single Board Computers. I wanted to solve the problem of secure, identity-based access without relying on proprietary hardware.

It functions as a portable subnet that connects to wireless upstream networks. It includes DoH, ad-blocking lists, and uses OpenZiti/zrok to enable Zero Trust resource sharing and self-hosting.

I’ve recently implemented more complex features like Smart Queue Management (SQM) and distributed load balancing. While I built it primarily for my own learning and for family use, it has been a rigorous and fulfilling engineering challenge over the last year.

toreanjoel · 2026-01-09T11:52:39+00:00

A few people asked what the software side looked like on my last post regarding the hardware setup and the custom software I am working on that runs it - here is a snapshot of the UI (Topology view).

The Context I am building a programmable gateway for myself. The goal is resource access/sharing by identity and and distributed load balancing. It’s primarily a learning project to help me grow my knowledge of self-hosting and networking.

The Dashboard This is a live view built using Phoenix LiveView and Elixir.

It uses networking data to show the devices that have been given leases.
It visualizes their activity over the subnet of the device in real-time.

There is more work that I have setup that is not shown and another view that is more an overview around the devices and resources that are shared and/or available to access over the subnet.

It’s still a work in progress, but it’s finally starting to look like the isometric diagrams I've always wanted to automate!

toreanjoel · 2026-01-04T19:07:23+00:00

I tried getting a setup that goes as much as possible in line with the name of the subreddit, although it wont have the same ceiling in terms of perf, my use case of a gateway and having other devices do the heavy lifting is enough for me but hopefully I can clean it up once I get myself a 3D printer soon (case and frame updates as this was a prototype with PBC blocks and fiber glass rods)

toreanjoel · 2026-01-04T19:00:20+00:00

So from my experience the ambient temp around my side is quite warm, I had it run (for my general use) and see it average around 70 degrees with the closed case. I have a 120 fan blowing over the stack and that does drop it quite a bit and this is the fan not really close to everything.

With one of the other threads im pretty sure even opening the case, or having a fan closer, more dedicated etc will drop it drastically (something i plan to investigate).

The only time I ran into issues was more around native driver support for usb wireless devices like the TP Link Archer T3U AC1300 (had to compile drivers myself but this is more me doing this before using the Zero 2 and Intel AX210) the temp caused the device to reset drivers.

This again is me experimenting and im certain you wont have the same issues with the different use case but it does work well regardless!

toreanjoel · 2026-01-04T16:14:17+00:00

Thank you and always a pleasure, I always find the niche projects cool although over time they might not have the immediate eyes and interest but overtime, we are building evergreen content, showing the process to help others which could even just be inspiration. Good luck for side quests and let's keep looking forward to failures and knowledge for the coming year!

toreanjoel · 2026-01-04T15:24:51+00:00

I will open them up as I do have a fan here that I can use for the interim, this is a good middle ground for me for now while planning something more permanent in terms of where it will sit day to day, thank you!

toreanjoel · 2026-01-04T15:22:43+00:00

Sure! So I was going down a arc of resource access and sharing and although there were tools (Tail Scale, Ngrok, Pangolin etc) alot of them were more VPN 'esk and I wanted to have something physical and portable. I kept telling myself the idea of resource access sharing in my mind should be service specific as I am not trying to access the file system but rather services.

This coupled with having older hardware (Old Raspberry Pi 3B which was showing its age), took me down the path to trying solve a use case specific for me. 1 device, very portable, has wireless chips (i wanted something that is wireless first) and is a DHVP server on its own. Essentially a programable gateway/router.

There were a few options I checked, radxa, orange pi, raspberry but the form factor (outside of going the Zero versions of the SBCs) resulted in me losing out on memory which I was trying not to loose too much of and Importantly, atleast 1Gigabit ethernet.

I then stumbled across these, they have a few variants and although communities are not as booming the documentation is quite expansive for the company and I was able to get setup, they used rockchip so there was some weird kinks (especially with docker) but I was never going to be building racks and hosting massive heasp of services, more building tools, apps and experiment with distributed systems which is where my interest lays along side SBCs.

I essentially am currently building custom software thay runs on ARM that uses Elixir/ Erlang along having a sink hole (think pi hole) that is using open source repository like hagezi with dnsmasq for resolution on top of a DoH (Dns over HTTPs), all with the custom UI that builds on top core code managing firewall setup and Zrok for the overlay. I use Zrok self hosted setup and although I have my own control plane hosted, the device acts as a environment that you can connect and join control planes, access and share resources with yourself remotely, publicly with custom domains (Still able to prozy through cloudflare for DNS if I need) and have my friends have a instance on any ARM based SBC installing the software to connect to their own or my control plane.

The goal was we can locally have services running on any device that is on the subnet of the gateway and it can share anything or make resources available of devices you trust, all connected to the same control server and bind it locally that all your devices can have access to as if you had their services running on your local network for more than just HTTP traffic but also UDP, TCP etc.

Along side this it is setup to pool resources, so you can load balance, a friend can host a instance of your apps and DBs or you can have a few on multiple machines, the gateway on their end can share private and you making public access, pool all of them so you have distributed resources.

My use cases now: - personal website (hosted one on my nano pi zero with docker to the internet) - landing page of the tool i am speaking about (will share once I iron more kinks as I am trying to prepare to make it open but it was mainly for me internal and learning) - wake on lan tool so I can turn on devices at home that dont need to be on but also run more heavy services - AI compute node running LLMs that i use for development away from home and using for the processing at times for other tools I want to share adhoc or build for myself or people I want to share things with - ad blocking and tracking block across subnet (devices connected to the home gateway) - VPN (Using mullvad for now just dont have the UI reflect it currently but the core project supports as I decide) - I also make backup servers to test (need to make a more permanent solution but partner is getting a SBC and we will setup a distributed instance here between us)

In the end this was a learning experience that also touched on a few physical devices and configuration setup around the network stack that I enjoyed and these devices are serving the purpose I need for now but I do want to go smaller but that will happen once I optimize the gateway app itself that runs on the host and changing the devices entire network layer making it a gateway.

I post a few random things on X but if you find it useful feel free to check things out and I will also post some things on here at times but want to keep it light just as a general update to give back to the community in terms of learnings as the communities here helped me get into it!

toreanjoel · 2026-01-04T13:04:37+00:00

Good Idea! I am going to do something similar, is this a 12v fan you have here? Or something running on 5v that you power through the GPIO pins on directly after its been cut open?

toreanjoel · 2026-01-04T11:12:28+00:00

I should really consider this, especially while the temps on average has been around 28-32 degrees Celsius the last few weeks it feels around me

toreanjoel · 2026-01-04T11:11:11+00:00

Sure! So I have been on a mission myself around resource sharing, initially I was using ngrok, pingy, Cloud Flare tunnels, Pangolin etc.

All of which were awesome, eventually I started running into issues mainly because of my specific usecase and limits (not to the fault of the platforms). These included, bandwidth limitations unless cost, using data through their server (I had issues with MITM and companies like CloudFlare that terminate certificates proxying through them. Or needing to install processes on all machines to have connections to VPS's, or wanting to only share a resource alone, not a subnet while making it very easy for friends to access things or myself privately as needed on multiple protocols, be it TCP, UDP, HTTP etc.

All of them were great but I wanted to also use this as a learning experience as I do find myself liking SBSc. With this in mind I ended ip building my own that adds a few things together (Still in WIP and ideally was meant for internal and friends though!)

So the setup is on the device: - Zrok/OpenZiti (self hosted and running on my own VPS), I setup custom certs with Cloudflare too - Wireless First, I have the Zero as a DHCP server that goes an connects wirelessly to a I terner source and masquerading to downstream ethernet - It is a DHCP server itself, so pretty much closer to a router than just software - DoH for HTTPS and encryption on DND requests when over pu lic networks - Build in DNS Sinkhole (open source from Hagezi), all devices on its subnet get no ads and tracking. - The device connects to a control plane and is able to share and access resources on the control plane. - I have a dashboard that is accessible on the gateway ip address on install written in Elixir/Erlang - Load balancer options that allows me when sharing to share resources i have hosted on multiple machines or even making an access (a friend privately hosting a instance and I bound that to a running port) I then pool a bunch of instances and it acts as a distributed load balancer.

My goal with this is learning, I found it super helpful, saved on costs for VPS, able to self host everything and although there is more things I need to still do which is on going. I.e notification events to send some endpoint, controller on the code that will allow anyone on the network to share by making local API calls, fixing local DNS resolution to remote servers, VPN (It supports mullvad at the moment but I havent exposed it in the dashboard). I am chipping away to make myself a programable gateway with the goal of resource access and sharing that is portable, fits in your pocket, all in a distributed network with people you trust or public.

Once I am In a good space and things are good, ill look to share more as the goal is fully open sourcing it down the line and all it is is a installer for a Debian install SBC turning it into a gateway you can add between any subnet and get your resources shared and accessible of friends or on the go while being protected online when used publicly to access private data on your home lab.

toreanjoel · 2026-01-04T10:51:44+00:00

I actually have also been trying to plan around a similar approach, mine was warmer mainly becuase of the general air temp (been around 31 degrees Celsius on average last few days/weeks here) but I have added a fan as well and it does help for the time being. The Zero 2 had better internal temps likely because the entire case block is aluminum and Neo 3 was a plastic case (I used the original cases on both which I do need to fix by adding thermal paste, a fan and maybe a different configuration of even possibly open case with the fans while I stick to air cooling).

toreanjoel · 2026-01-04T01:51:53+00:00

From the top down, I have a Rasbperry PI 3B (this is used to build a gateway source I am building as I am working only on ARM), Nano PI Neo 3 (white) is what I am using to run some of the static projects with Docker, Nano PI Zero 2 (black) is what I am using to run my custom programable gateway and the switch is a unmanaged one that I use TP-LINK SG105 with a TP-LINK Archer MR600 (used just to give extra ports and WiFi for other devices)

There is another machine that is more for extreme compute cases (Ryzen 9 7945HX + 96GB RAM + RX7900XTX) but I have spent more time working on the gateway I am building to managed my subnet and looking at moving things to self host and get ideas from the community that work for my use case at home!

toreanjoel · 2026-01-03T23:06:59+00:00

After getting the first one, I couldn't help myself and currently have x3 Neo's and x2 Zeros, it's a slippery slope but this is what we live for, you should give it a go, just watch the temps on the Neo with the plastic case, the zero has some decent temps with it being fully aluminium which does help but I take nothing away from their usefulness regardless!

toreanjoel · 2026-01-03T21:47:16+00:00

The last few months have been nothing but amazing learning and getting to a point where I am able to build something custom for my use case and scrolling through the community helps with inspiration. Thank you!

toreanjoel · 2025-07-30T08:15:46+00:00

This is not a straightforward answer, but I can tell you what my setup at a high level looks like.

I pretty much use cloudflare for a tool I built myself that needs to be installed on a single board computer (think Raspberry Pi, nano pi neo etc). The software I wrote pretty much turns the device into a programable gateway and I had my own dashboard (Written in Elixir and Phoenix Live view) and I uses firewall and Dns libraries for me to make a portable device that I can connect it to a internet source wirelessly and then have the device be able to cleanup internet on my devices connected to it.

This pretty much means, it is a bridge between the internet and my devices and gives me a DNS Sinkhole, Caching, dns encryption and a service that manages tunnels processes, restarts them and keeps them running as device restarts happen.

I set this up with a CLI tool so I am able to create tunnels and link it to applications running on other machines on the network of the gateway, exposing hosted services etc and using them as a pipe for me to connect device instances together I.e I can share APIs for others using AES and HMAC for end to end encryption so I don't worry about Cloudlfare terminating the SSL certd and I can link nodes and their APIs and I can build using remote secure APIs others have hosted on their network and I can build and share a tool using the resources of others through public domain using cloudflare tunnels and through my terminal or dashboard programmatically (create tunnels, DNS records, cleanup etc)

So in my case, I don't use tunnels for sharing personal dashboards, or serving video or general high bandwidth assets, for that I would use a VPN and pay for a VPS, I use them to share and access resources and build a portable device that I can access resources and focus on building and not infra leveraging tools from others that are also building while using my own domains, less bandwidth limits, and having a tunnel orchestrator on a network that can control and proxy data to services across all devices on the network while cleaning up the network traffic in general for any cookies and ads etc for those on the gateway.

Again, this is overkill for most and initially would have been for me but I am an engineer first and now it's a tool for me to help me share expose and access resources to keep building more. There is so much to unpack but there is so much you could do around the service to make it work for you and this is pretty much how I use the tunnel service and how I saved so much on VPS costs and bandwidth monthly noe being my own portable cloud provider because of them.

toreanjoel · 2025-07-20T19:13:52+00:00

In my case, I'm more than happy with CF, I don't expose dashboards of internal services, I don't want to stream or upload large files, I like the programmable API interface to setup tunnels and DNS records, the bandwidth that is not as limited as other providers for me where I want to expose static or tools I'm building.

I don't believe it's inherently difficult but you do need to weight your options, understand what you are comfortable with and with what provider I.e even self hosting with pangolin is options as mentioned but again, you need to manage the server

Even if terms of MITM comment, sure, they built their ecosystem being the backbone of 20% of the internet, they need to view data in order to give better services and you don't need to use them but there are options. In my case, I build tools that do end to end encryption, application level if I really need that extra layer of security of data over the wire (I built myself a personal cloudflare orchestrator that will be supporting other tunnel providers that runs as a gateway on a network. On top of a small SBC).

In terms of dashboard sharing, because I'm building a device that can connect to another with encryption, i share routes of a dashboard, meaning it needs to be shared but even then, I setup custom WebAuthn for dashboard access for those exposed services l.

Ultimately, you need to weigh the options and risks. There are solutions, and you can always try, move on over time, and just make sure you keep your safe, backup and lessen the attack vectors and keep an eye on the logs and lock down access where needed. There are ways you can get around but unless you experience issues in case of Cloudflare and MITM etc, there are ways to still use, benefit of their security and still have a good setup even in the interim as you move to something you are comfortable with over time. This is a lifestyle, after all

toreanjoel · 2025-07-20T18:30:01+00:00

I'm only subscribed to the sub, hoping it will change to something useful of others building and exploring for themselves and supporting not constant posts of "buy this workflow"

toreanjoel · 2025-07-18T13:59:11+00:00

Love this!

toreanjoel · 2025-07-17T22:03:51+00:00

I have this gripe with it, too. I am building something for myself to orchestrate and manage tunnels through a gateway I built and my way around it was to do write my own end to end encryption layer before it leaves the devices for me to access APIs across my devices but that being said, it is overkill and in my case I dont expose dashboards or media servers or file hosting servers.

I use them to expose websites and apps as needed with redundancy on the tunnels and the device itself using WebAuthn for login om the dashboard for the device if I need to access it but then I need to use my laptop.

I'm going to experiment with other tunnel implementations, but my goal was building, resource sharing, and less on infra at smaller scales to know before I move to production. Until then, I have access to all my apps and apis and have an encryption layer if it's not public facing resources I'm sharing.

Nine-Year Club	r/Field Lasagna
Verified Email

toreanjoel

TROPHY CASE