<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Self-Hosting on Thyago Seugling</title><link>https://thyago.link/tags/self-hosting/</link><description>Recent content in Self-Hosting on Thyago Seugling</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sun, 15 Mar 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://thyago.link/tags/self-hosting/index.xml" rel="self" type="application/rss+xml"/><item><title>Deploying a Zero-Trust Network with Tailscale and Nginx Proxy Manager</title><link>https://thyago.link/blog/zero-trust/</link><pubDate>Sun, 15 Mar 2026 00:00:00 +0000</pubDate><guid>https://thyago.link/blog/zero-trust/</guid><description>&lt;p&gt;For years, my home lab ran on a patchwork of port forwards, dynamic DNS, and good intentions. It worked — mostly — but every exposed port was a liability, and I knew it. This is the story of how I tore it all down and rebuilt on a &lt;strong&gt;zero-trust foundation&lt;/strong&gt;.&lt;/p&gt;
&lt;h2 id="why-zero-trust"&gt;Why Zero Trust?&lt;/h2&gt;
&lt;p&gt;The traditional model assumes that anything inside your network is safe. Zero trust flips that entirely: &lt;em&gt;verify everything, trust nothing&lt;/em&gt;. Every request is authenticated, every connection is encrypted, and no service is reachable unless explicitly permitted.&lt;/p&gt;</description></item><item><title>The Art of the Minimal Docker Compose Stack</title><link>https://thyago.link/blog/docker-compose/</link><pubDate>Sun, 08 Feb 2026 00:00:00 +0000</pubDate><guid>https://thyago.link/blog/docker-compose/</guid><description>&lt;p&gt;I&amp;rsquo;ve seen compose files that span three hundred lines, define seventeen networks, and require a dedicated README just to explain the environment variables. I&amp;rsquo;ve also written a few of them. That era is over. Every stack I deploy now follows a small set of principles that I&amp;rsquo;ve refined through a lot of painful rollbacks.&lt;/p&gt;
&lt;h2 id="the-problem-with-bloat"&gt;The Problem with Bloat&lt;/h2&gt;
&lt;p&gt;Configuration drift is silent and cumulative. A commented-out service here, an undocumented environment variable there — and six months later, no one (including you) knows what&amp;rsquo;s load-bearing and what&amp;rsquo;s vestigial. The compose file stops being documentation and becomes archaeology.&lt;/p&gt;</description></item><item><title>ZFS on Linux: Why I Made the Switch and Never Looked Back</title><link>https://thyago.link/blog/zfs/</link><pubDate>Thu, 22 Jan 2026 00:00:00 +0000</pubDate><guid>https://thyago.link/blog/zfs/</guid><description>&lt;p&gt;I lost data once. Not catastrophically — a single ext4 volume quietly developing bad sectors while I assumed everything was fine, because nothing was loudly failing. By the time I noticed, the damage was done. That experience sent me down a rabbit hole that ended at &lt;strong&gt;ZFS&lt;/strong&gt;, and I haven&amp;rsquo;t looked at another filesystem for storage since.&lt;/p&gt;
&lt;h2 id="why-zfs"&gt;Why ZFS?&lt;/h2&gt;
&lt;p&gt;Most filesystems trust that the data written to disk is the data you&amp;rsquo;ll read back. ZFS doesn&amp;rsquo;t. It checksums every block, every read, and every write. Silent data corruption — the kind that accumulates invisibly over years — is caught and, with redundancy, corrected automatically. For a home lab storing years of photos, documents, and media, this matters.&lt;/p&gt;</description></item></channel></rss>