Matteo De Venuto

Homelabbing and Self-Hosting

Fri, 06 Mar 2026 15:00:00 GMT

Last summer, well before the whole OpenClaw frenzy exploded and sent everyone scrambling for Mac Minis, I picked up a base-model M4 Mac Mini. My main goal was simple: run the iOS Simulator (which I couldn't do on Linux) and use it to work on the iOS version of my mobile position size calculator app, Forexizer.

At home, my main desktop already handles everything else, running Omarchy (I’ll write a full post about that setup eventually). That left the Mac Mini gathering dust most of the time. Instead of letting it sit idle, I decided to turn it into the starting point for my homelab adventure.

{% twitter https://twitter.com/matteodevenuto/status/1966878941525766567 %}

I’ve been into open-source software and privacy-focused tools for years. Self-hosting felt like the natural next step, especially since I love tinkering with computers.

I kicked things off with a media server using Jellyfin, which I’ve been running for a while now. Honestly, it’s absolutely fantastic. The interface is clean, playback is reliable across devices.

Over time, I experimented with different setups: various reverse proxies, domain configurations, the usual self-hosting rabbit hole. But I never loved the idea of exposing everything directly to the open internet. Security concerns always nagged at me.

Recently, I integrated Tailscale, and it's a game-changer. It instantly made everything more secure without complicated port forwarding or firewall gymnastics. Now I can access my Jellyfin library (and everything else) from anywhere, on any device, with zero exposure to the public web. The experience feels seamless and private, which is exactly what I wanted.

My next addition was a Raspberry Pi running Pi-hole. I had a Raspberry Pi Zero 2 W laying around, so I set it up to block ads and telemetry network-wide. The installation was surprisingly straightforward, just a one-liner curl command on fresh Raspberry Pi OS and within minutes, I had it acting as my DNS sinkhole. Pointing my router's DNS to the Pi's static IP was the only real config step, and boom: cleaner browsing across every device in the house, from phones and laptops to smart TVs, without installing a single browser extension. The difference is immediately noticeable, pages load faster, no more creepy trackers phoning home, and I’ve already blocked millions of queries according to the web dashboard. It pairs perfectly with Tailscale too, letting me enjoy the same ad-free experience even when I’m away from home. For something so lightweight and low-power, it’s become one of the highest-impact pieces of my homelab.

This Mac Mini experiment has been a lot of fun so far, and it’s only the beginning. I’m already eyeing more services to add and if you’re on the fence about turning an old/new Mac into a homelab server, I’d say go for it. Especially with tools like Tailscale, the security side is way easier than it used to be, tinkering is always fun, and you definitely will learn something.

Privacy & Security 2025: Two Years Later, New Tools, and a Linux Leap

Mon, 10 Mar 2025 13:00:00 GMT

It’s been a little over two years since my last blog post about my privacy and digital security journey, which you can find here. A lot has changed and evolved in that time, so I figured it’s time for an update.

Hardware Updates

Starting with hardware, I’m still using an iPhone as my primary mobile device, but that’s likely not going to last much longer. I’ll dive into the details in a future blog post once I make the switch. As I mentioned in my previous post, a Google Pixel running GrapheneOS remains the gold standard for privacy-focused mobile setups, and that’s where I’m headed in the near future. Good tutorial here if you are interested.

On the iPhone front, there are a couple of updates worth noting. Last time, I mentioned that Advanced Data Protection wasn’t available in my region yet. It is now, and I enabled it as soon as it rolled out—highly recommend turning it on if you’re an Apple user. Another tweak I’ve made is disabling Siri completely. If you still want to use Siri, I’d suggest turning off the “Listen for ‘Hey Siri’” option (which stops your phone from constantly listening for the wake phrase) and sticking to “Press Side Button for Siri” instead. Personally, I’ve ditched it entirely—timers were the only thing I used it for, and setting those manually is quick enough.

For my laptop, I’m still limping along with my 2017 MacBook Pro. It’s definitely showing its age and becoming borderline useless—especially since Apple won’t let me run the iOS 18 simulator for app development without updating to the latest macOS, which my mine can’t support. It’s frustrating, to say the least, and it’s clear an upgrade is on the horizon. I’ll dive into the full story in a dedicated post soon, but for now, the Framework Laptop 13 running a Linux distro is looking like the frontrunner for me.

I’m drawn to the Framework for its repairability and upgradability. I’ve also heard good reviews from people who’ve been using it. Pairing it with Linux feels like the perfect setup for me. More on that once I make the switch!

On the desktop side, I’ve already made a big shift—I switched to Arch Linux a few weeks ago and haven’t booted into Windows since. The transition took some effort to get everything configured just right, but once it’s dialed in, it’s fantastic. No bloat, fully customizable, runs like a dream, and also thanks to Proton—Valve’s compatibility layer—and Steam Deck’s Linux gaming advancements, now most games work flawlessly.

Password Management

On the password manager front, there’s a new player in my setup. Since Proton released Proton Pass, I’ve been using it and absolutely love it. The integration with SimpleLogin for email aliases is a game-changer—it saves me so much time while keeping my inbox private. That said, I still stand by Bitwarden as an excellent option if you’re not in the Proton ecosystem. For those who prefer an offline solution, KeePassXC remains a solid choice.

Two-Factor Authentication (2FA)

Last time, I mentioned I was waiting for my YubiKey, which finally arrived. I’ve been using it ever since, and it’s been a fantastic addition—definitely worth considering if you’re serious about security. For an authenticator app alternative, I’d recommend Aegis (open-source and Android-friendly), though I’ve phased out authenticator apps myself. For my most sensitive accounts, I use my YubiKey for both hardware-based security and OTP (one-time passwords) when a site doesn’t support security keys directly. For less critical accounts, I store 2FA codes in my password manager for seamless autofill.

AI Tools

On the AI side, I’ve been mostly using Grok. For now, I’m not too worried about privacy implications since I don’t share sensitive info with it. If you’re looking for a more private alternative, running Ollama with your favorite model locally is a great option.

What’s Stayed the Same

The rest of my setup has largely stayed consistent—at least until I switch phones. Once that happens, I expect a cascade of changes, and I’ll write a dedicated post about the new phone setup when the time comes. If you’re interested in the rest please read my previous blog post from 2 years ago here.

New Resources

One book I’ve recently started digging into is This Is How They Tell Me the World Ends by Nicole Perlroth. It’s a fascinating read that dives into zero-day brokers, cybersecurity, and some wild stories from the frontlines of the digital world—highly recommended.

I’m also obsessed with the Darknet Diaries podcast by Jack Rhysider. If you’re into tech and privacy, it’s a must-listen. There’s even an episode featuring Nicole Perlroth that talks about the zero-day brokers—check it out here.

My Privacy and Digital Security Journey... So Far !

Fri, 13 Jan 2023 13:00:00 GMT

In today's digital age, protecting our personal information and digital security is more important than ever. As we rely more and more on technology for our daily tasks and communication, it's crucial to take steps to safeguard our information from potential threats. In this post, I'll be sharing my journey towards improving my privacy and digital security and the various components that I've incorporated.

First, let's start with the hardware components. The devices we use on a daily basis such as our phones and computers are the foundation of our digital lives. I use an iPhone with iOS as my primary phone, and I have turned off all the iCloud functions except Find My. If I would still be using iCloud features, I would recommend turning on Advanced Data Protection (which is the new end-to-end encrypted feature for some iCloud services), unfortunately it is not yet available in my region The more I dive deep into privacy, the more I want to move to a Google Pixel with GrapheneOS, as it is a more secure and open-source option. GrapheneOS is built on top of the Android Open Source Project, with additional privacy and security features such as the ability to run apps in a sandboxed environment, and the ability to easily and quickly wipe the device of all personal data.

My computer is a Mac at the moment, but in the future, I am looking for something Linux-based like Pop!_OS and a System76 laptop, as Linux is known for its security features and open-source nature. Linux-based operating systems, in general, are considered more secure than Windows or macOS, as they are less susceptible to malware and viruses, and they are more customizable to the user's needs.

Next, let's talk about browsers and search engines. The browser is the gateway to the internet, and it's essential to use a secure browser that encrypts your data and blocks potential threats. I use Brave as my main browser, mainly for websites where I need to log in, with Brave Search as my search engine. Brave is built on top of the Chromium open-source project, and it blocks third-party cookies and ads by default, and it also has a feature called Tor which allows you to browse the internet anonymously, I personally do not use it within the Brave browser, if necessary I would use the Tor application but very rarely require it, for people wiht different threat models that might be of interest to you. I also use Firefox with hardened settings for added security, I use that for random searches.

In terms of email, I use ProtonMail, which offers end-to-end encryption for added security. I have 2 of my domains connected to ProtonMail and have completely abandoned the Google Suite. For messaging, I use Signal, which also offers end-to-end encryption. Signal is considered one of the most secure messaging apps out there, this is because it uses the open-source Signal Protocol for end-to-end encryption, which has been independently audited and is considered to be very secure. I still keep WhatsApp since many people still use it, but if possible I would try to switch to Signal completely.

In terms of VPN, I use ProtonVPN, which offers a high level of security and privacy. ProtonVPN is a zero-log VPN, this means that they do not track or store any information about your browsing habits. I have it on constantly on my computer and phone when connected to WiFi, I don't see the use of having it on my phone when using cellular data, but either way if I'm connecting to public Wi-Fi at airports, hotels etc... I would absolutely have it on.

For my password manager, I use Bitwarden and is the one I would recommend for most people. I used LastPass previously (given the recent events I would not recommend it), but switched a while back to Bitwarden as it's open-source and much cheaper, for most people the free option is more than enough, but having ordered a security key the subscription is necessary (only $10 per year), and you can also self-host it. For people with higher threat models/or that want to keep the passwords completely offline (no sync to multiple devices unless you do it some other way) I would recommendKeePassXC.

For my 2FA app I use Raivo currently, but I have a YubiKey on order, so I will be implementing that as soon as it arrives. YubiKey is a small hardware device that you can use as an additional form of authentication, it is considered to be more secure than using SMS or an authenticator app.

For storage, I have been using Proton Drive, which is an encrypted cloud storage service offered by ProtonMail. I also use encrypted USB drives with VeraCrypt for some backups, and I am looking to build my own home server soon, maybe with Nextcloud to sync pictures and other files. This way, I would have control over my data and where it is stored, and I can ensure that it is properly encrypted and secure.

In terms of other FOSS (Free and Open-Source Software) apps, I use Standard Notes for my encrypted note-taking, Obsidian (not encrypted, and I sync it using GitHub) for working on other projects such as these blog posts, Proton Calendar as my calendar of choice, Pocket Casts for listening to podcasts without needing to make an account, and Vienna as my Mac RSS feed reader.

In conclusion, my privacy and digital security journey has been a process of continually researching and implementing new tools and techniques. It is important to note that there is no such thing as a fail-proof system when it comes to digital security, but by taking a step-by-step approach and constantly updating and improving our security measures, we can greatly reduce the risk of our personal information being compromised. By using secure hardware and operating systems, secure browsers and search engines, encrypted email and messaging, a VPN, a password manager and 2FA, and utilizing FOSS apps, we can take control of our digital lives and protect ourselves from potential threats.

It's important to remember that this is a journey, and not a destination. As technology and threats evolve, so should our security measures. Staying informed about new developments and staying vigilant is the key to maintaining a high level of digital security. The most important thing is to make sure that your security is better than the average person, as it's not always possible to protect against every threat, but by making it more difficult for attackers to access your information, you reduce the risk of being a target.

In summary, my privacy and digital security journey has been an ongoing process, but by taking a step-by-step approach and constantly researching and implementing new tools and techniques, I am able to take control of my digital life and protect myself from potential threats.

Resources

In addition to the steps and tools I have discussed in this blog post, there are also a number of resources available for those who are interested in learning more about privacy and digital security.

One such resource is "Why Privacy Matters" by Glenn Greenwald. This article/video provides a comprehensive overview of the importance of privacy in today's digital age and the various ways in which our personal information is being collected and used without our knowledge or consent.

Another great resource is "Extreme Privacy" by Michael Bazzell. This book provides a detailed and practical guide to protecting your personal information and maintaining your privacy in the digital age. It covers various topics such as encryption, VPNs, password managers, and more.

For those who are interested in learning more about the impact of surveillance on privacy, the Snowden documents and the movie "Citizenfour" offer a deep dive into the inner workings of government surveillance programs and their impact on individual privacy. As well as the "Snowden" film by Oliver Stone.

"Beginner's Introduction to Privacy" by Naomi Brockwell is a great resource for those who are new to the topic and want to learn more about privacy in the digital age and how to get started.

"The Art of Invisibility" by Kevin Mitnick is a great resource for those who want to learn more about the techniques and tools used by experts to maintain their privacy and security in the digital age.

"Privacy, Security & OSINT" podcast with Michael Bazzell is a great resource for those $ho are interested in learning more about the intersection of privacy, security, and OSINT (Open-Source Intelligence). It's one of my favorite podcasts at the moment.