Resources

The Self-Hosting Manual

Building the Mothership: Syncthing, Vaultwarden, and Matrix Setup.

The Strategy

Most self-hosting tutorials are too complex. They require you to manually manage Docker, Nginx, and SSL. Tebian's "Mothership Mode" provides a pre-configured, hardened stack for the three essential pillars of digital sovereignty. This guide explains how to deploy and manage them with our one-click "Control Center."

We use **Podman** for rootless, daemonless container execution, ensuring your host OS (Debian) remains 100% clean and secure.

1. File Sync (Syncthing)

Syncthing is a P2P folder synchronization tool. It doesn't use a central server; it connects your devices directly using a secure, encrypted mesh. In Tebian, we pre-configure the local discovery and file-watching daemons.

  • P2P Mesh: Direct communication between PC, Phone, and Tablet.
  • Encryption: All data is encrypted in transit using TLS 1.3.
  • Versioning: Keep "trash" backups of deleted or modified files for 30 days.

2. Secrets (Vaultwarden)

Vaultwarden is a lightweight implementation of Bitwarden written in Rust. It is 100% compatible with official Bitwarden apps but uses 95% less RAM. It's the perfect "Mothership" service.

  • Rust-Powered: Zero-cost abstraction, high-performance security.
  • API Compatible: Works with official Bitwarden browser extensions and mobile apps.
  • Zero-Knowledge: Only you have the master key. Even if your server is stolen, your vault is safe.

3. Communication (Matrix)

Matrix is an open protocol for secure, decentralized chat. Tebian includes a pre-configured Synapse server (or the lighter Conduit written in Rust) and the Element web client.

  • Decentralized: Federation with other Matrix servers (like Mozilla or KDE).
  • End-to-End Encryption: All chats and calls are private by default.
  • Bridges: Connect your Matrix account to Telegram, WhatsApp, and Discord using mautrix bridges.

4. Reverse Proxy (Caddy)

To access your services securely over the internet, Tebian uses Caddy. It's a modern, C-based web server that handles SSL certificates (Let's Encrypt) automatically. No manual configuration required.

  • Automatic HTTPS: Caddy fetches and renews SSL certs for your domain.
  • Modern Defaults: HTTP/3 and TLS 1.3 by default.
  • Simple Config: Our one-click setup handles the Caddyfile for you.

Why Self-Host on Tebian?

Tebian's stability (Debian Stable base) makes it the perfect host for a "Mothership." Your server won't break on an update, and our Podman-based isolation ensures your apps are secure. You get a "Cloud" experience with the security of a fortress. One ISO. One menu. One Mothership.