DEV Community: kusunoki

I Built a Private Cloud + 4 AI Assistants on One Server (No DevOps Required)

kusunoki — Sun, 12 Apr 2026 14:13:09 +0000

Most discussions around AI systems begin and end with technology.

Models, frameworks, and infrastructure are assembled with precision, and for a brief moment, everything appears complete.

Yet, in practice, such systems rarely endure.

They do not fail because of inadequate tools, but because they lack structure—structure that governs how they are operated, maintained, and trusted over time.

This series was written to address that gap.

Across five articles published on DEV, I documented not only how to construct a self-hosted AI environment, but how to transform it into something that can function beyond initial deployment.

Replacing recurring SaaS dependencies with a minimal, self-hosted stack
Establishing a zero-trust architecture with a strictly controlled attack surface
Building a private cloud environment under full ownership
Introducing reliability through monitoring, backups, and remote access
And finally, organizing the system into an operational framework that can be sustained

Each part was necessary.

Taken together, they describe a single idea:

A system is not defined by what it can do, but by how it is sustained.

To complement these articles, I consolidated the operational layer into a structured package, documented and maintained separately.

Notion serves here not merely as a documentation tool, but as a medium for operational clarity—housing runbooks, policies, and decision frameworks that extend beyond code.

This distinction is intentional.

Infrastructure can be reproduced.

Operations must be understood.

The transition from building systems to operating them introduces a different set of responsibilities.

Questions emerge that are not technical in nature:

Who takes action when the system deviates from expected behavior?
How are decisions made under uncertainty?
What ensures continuity when knowledge is no longer centralized in a single individual?

Without explicit answers, even well-designed systems remain fragile.

In SaaS environments, these questions are often abstracted away.

Responsibility is externalized, processes are hidden, and operational boundaries are defined by vendors.

Convenience is achieved, but at the cost of visibility and control.

A self-hosted approach reverses this relationship.

Control is restored, but so too is responsibility.

Every configuration implies a decision.
Every failure demands interpretation.
Every recovery requires preparation.

This is where most systems quietly break.

Not at the level of infrastructure, but at the level of operation.

The purpose of this work is therefore not limited to demonstrating what can be built.

It is to establish how such systems can be sustained—independently, reliably, and with clarity of responsibility.

To move from isolated technical success to a form of continuity that does not depend on constant intervention.

Most people build systems.

Fewer build environments.

Very few build operations.

That distinction defines whether a system remains an experiment or becomes something that can be relied upon in the real world.

Kusunoki
Certified Tax Accountant (Japan)

Designing independent, self-hosted systems beyond SaaS.
From infrastructure to operations.

The Operations Manual for a System You Actually Own — Building Your Private AI Infrastructure [5/5]

kusunoki — Wed, 08 Apr 2026 13:22:45 +0000

Free series. All open-source. The complete operations manual for everything you built.

You built this. Not a vendor. Not a consultant. Not a managed service provider who will send you an invoice next month for the privilege of using what was always supposed to be yours. You opened a terminal, followed a guide, made decisions, fixed the things that broke, and kept going. The system running on your server right now — the eight security layers, the four AI assistants, the private cloud, the monitoring, the backups — exists because you decided it should exist and then made it real.

That matters more than the cost savings. More than the features. More than the security architecture. What you built in these four parts is not just infrastructure. It is proof that the tools which were once reserved for enterprises with six-figure IT budgets are now accessible to anyone willing to invest two weekends and follow a guide. The promise of personal computing — that individuals would own their own capability — took forty years to arrive. It arrived in the form of open-source software, commodity cloud servers, and a free-tier security layer that would have cost a fortune five years ago.

This final part is the operations manual. It does not add features. It ensures that what you built continues to run, continues to be maintained, and continues to serve you for months and years to come. Building a system is an act of engineering. Maintaining a system is an act of responsibility. Both are yours now.

The Cardinal Rule: The Human Decides

Before anything else in this operations manual, one principle must be stated clearly enough that it cannot be forgotten or rationalized away:

Every initial data entry, every final verification, every irreversible action — a human performs it. Not AI. Not automation. Not a scheduled script running at 3 AM. You.

AI drafts your email. You read it before you send it. OpenClaw organizes your files. You check the result before you archive it. The backup script runs nightly. You verify it monthly. The accounting integration queries your books. You review the answer before you act on it.

This is not a limitation on the technology. It is the condition under which the technology operates safely. AI is an extraordinarily capable instrument. The quality of its output depends entirely on the judgment directing it.

The system you built is powerful. The responsibility for what it does is yours. That responsibility does not transfer to any software, any algorithm, or any automation. It remains with the human who gives the instruction, reviews the output, and authorizes the action. This is not a disclaimer. It is the operating principle that makes everything else in this guide trustworthy.

The Full LLM Proxy Application

The proxy makes all four AI models accessible through one authenticated endpoint.

mkdir -p ~/llm-proxy && cd ~/llm-proxy
nano app.js

Paste the complete application:

const express = require('express');
const axios = require('axios');
require('dotenv').config();

const app = express();
app.use(express.json());

const authenticate = (req, res, next) => {
  const token = req.headers['authorization']?.replace('Bearer ', '');
  if (token !== process.env.AUTH_TOKEN) {
    return res.status(401).json({ error: 'Unauthorized' });
  }
  next();
};

app.get('/health', (req, res) => {
  res.json({
    status: 'ok',
    timestamp: new Date().toISOString(),
    models: ['openai', 'anthropic', 'google', 'perplexity']
  });
});

app.post('/v1/chat', authenticate, async (req, res) => {
  const { model = 'openai', messages, max_tokens = 2000, temperature = 0.7 } = req.body;
  try {
    let response;

    if (model === 'openai') {
      response = await axios.post(
        'https://api.openai.com/v1/chat/completions',
        { model: 'gpt-4o', messages, max_tokens, temperature },
        { headers: { 'Authorization': `Bearer ${process.env.OPENAI_API_KEY}`, 'Content-Type': 'application/json' } }
      );
      return res.json({ content: response.data.choices[0].message.content, model: 'gpt-4o', provider: 'openai' });
    }

    if (model === 'anthropic') {
      response = await axios.post(
        'https://api.anthropic.com/v1/messages',
        { model: 'claude-sonnet-4-5', messages, max_tokens },
        { headers: { 'x-api-key': process.env.ANTHROPIC_API_KEY, 'anthropic-version': '2023-06-01', 'Content-Type': 'application/json' } }
      );
      return res.json({ content: response.data.content[0].text, model: 'claude-sonnet-4-5', provider: 'anthropic' });
    }

    if (model === 'google') {
      const gm = messages.map(m => ({ role: m.role === 'assistant' ? 'model' : 'user', parts: [{ text: m.content }] }));
      response = await axios.post(
        `https://generativelanguage.googleapis.com/v1beta/models/gemini-1.5-flash:generateContent?key=${process.env.GOOGLE_API_KEY}`,
        { contents: gm, generationConfig: { maxOutputTokens: max_tokens, temperature } }
      );
      return res.json({ content: response.data.candidates[0].content.parts[0].text, model: 'gemini-1.5-flash', provider: 'google' });
    }

    if (model === 'perplexity') {
      response = await axios.post(
        'https://api.perplexity.ai/chat/completions',
        { model: 'sonar', messages, max_tokens, temperature },
        { headers: { 'Authorization': `Bearer ${process.env.PERPLEXITY_API_KEY}`, 'Content-Type': 'application/json' } }
      );
      return res.json({ content: response.data.choices[0].message.content, model: 'sonar', provider: 'perplexity' });
    }

    return res.status(400).json({ error: `Unknown model: ${model}` });
  } catch (error) {
    console.error(`[${new Date().toISOString()}] Error with ${model}:`, error.response?.data || error.message);
    return res.status(500).json({ error: 'AI provider error', provider: model, detail: error.response?.data?.error?.message || error.message });
  }
});

app.get('/usage-report', authenticate, async (req, res) => {
  res.json({
    timestamp: new Date().toISOString(),
    providers: {
      openai: { configured: !!process.env.OPENAI_API_KEY },
      anthropic: { configured: !!process.env.ANTHROPIC_API_KEY },
      google: { configured: !!process.env.GOOGLE_API_KEY },
      perplexity: { configured: !!process.env.PERPLEXITY_API_KEY }
    }
  });
});

const PORT = process.env.PORT || 8000;
app.listen(PORT, '127.0.0.1', () => {
  console.log(`[${new Date().toISOString()}] LLM Proxy running on port ${PORT}`);
});

Install and start:

npm init -y
npm install express axios dotenv
node app.js &
curl -s http://localhost:8000/health

Test a model:

curl -s -X POST http://localhost:8000/v1/chat \
  -H "Authorization: Bearer YOUR_AUTH_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"model":"anthropic","messages":[{"role":"user","content":"Reply with: proxy confirmed."}]}'

Systemd service (run permanently):

sudo nano /etc/systemd/system/llm-proxy.service

[Unit]
Description=LLM Proxy Service
After=network.target

[Service]
Type=simple
User=myadmin
WorkingDirectory=/home/myadmin/llm-proxy
ExecStart=/usr/bin/node app.js
Restart=always
RestartSec=5
EnvironmentFile=/home/myadmin/llm-proxy/.env

[Install]
WantedBy=multi-user.target

sudo systemctl enable --now llm-proxy
sudo systemctl status llm-proxy

OpenClaw Configuration Templates

Place in ~/.openclaw/workflows/. Plain text. Read at startup.

morning-briefing.txt

SCHEDULE: weekdays 07:30
DELIVER_TO: primary_chat

Pull the following and format as a briefing:
1. Unread email count from primary Gmail. Flag any from known client domains.
2. Today's events from Nextcloud Calendar (all calendars).
3. Tasks due today or overdue.
4. Count of tasks due this week.
5. One-line server status: curl http://localhost:8000/health.

Format: plain text, no markdown. Under 200 words.

email-to-task.txt

TRIGGER: message contains "create task" OR "add task" OR "log task"
ACTION: extract task details, create in Nextcloud Tasks
REQUIRED_FIELDS: title, due_date
OPTIONAL_FIELDS: list_name, priority, notes
CONFIRM: always confirm before creating

weekly-summary.txt

SCHEDULE: friday 17:00
DELIVER_TO: primary_chat

1. Tasks completed this week.
2. Tasks due this week still open.
3. Tasks due next week (count + titles).
4. One observation about completion rate.

Format: plain text. Under 150 words.

standing-rules.txt

EMAIL_DEFAULT: draft_only
# OpenClaw must never send email autonomously.
# All email actions produce a draft for human review.
# This rule cannot be overridden by any other instruction.

openclaw reload-workflows
openclaw status

The Monthly Maintenance Checklist

First of each month. ~30 minutes. Thirteen items.

# 1. Firewall
sudo ufw status verbose

# 2. Listening ports
sudo ss -tlnp

# 3. Docker health
docker ps --format 'table {{.Names}}\t{{.Status}}'

# 4. Disk usage
df -h / && du -sh ~/backups/ ~/db-backups/ 2>/dev/null

# 5. Backup timestamps
ls -lht ~/backups/ | head -5

# 6. System updates
sudo apt update && sudo apt upgrade -y

# 7. OpenClaw
openclaw status

# 8. LLM proxy
curl -s http://localhost:8000/health

9. Grafana: review 30-day trends at https://grafana.yourdomain.com.

10. Cloudflare: review access logs at dash.cloudflare.com → Zero Trust → Logs.

# 11. Docker image updates
cd ~/nextcloud && docker-compose pull && docker-compose up -d
cd ~/guacamole && docker-compose pull && docker-compose up -d

# 12. Post-update verification
docker ps --format 'table {{.Names}}\t{{.Status}}'
curl -s http://localhost:8000/health

13. AI spending audit (see dedicated section below).

The Annual Maintenance Checklist

Once per year. ~90 minutes. Eight items.

1. Ubuntu lifecycle

ubuntu-support-status
lsb_release -a

24.04 LTS: standard support through April 2029.

2. SSH key rotation

ssh-keygen -t ed25519 -C "annual-rotation-$(date +%Y)" -f ~/.ssh/id_ed25519_new
cat ~/.ssh/id_ed25519_new.pub >> ~/.ssh/authorized_keys
# Test login with new key before removing old

3. cloudflared update

sudo apt update && sudo apt install --only-upgrade cloudflared
sudo systemctl restart cloudflared
sudo systemctl status cloudflared

4. OpenClaw update

npm update -g openclaw
openclaw status

5. Password rotation

Rotate: Nextcloud admin, Guacamole admin, Grafana admin, PostgreSQL, LLM proxy auth token. Update .env, restart affected services.

6. Access policy audit

Cloudflare Zero Trust → Access → Applications. Remove departed users. Confirm remaining access is appropriate.

7. Backup restoration test

CRITICAL: an untested backup is not a backup. This item cannot be deferred.

mkdir -p /tmp/restore-test

gpg --decrypt --batch --passphrase-file ~/.backup-passphrase \
  ~/backups/$(ls -t ~/backups/*vps-config*.gpg | head -1 | xargs basename) \
  > /tmp/restore-test/config-test.tar.gz

tar tzf /tmp/restore-test/config-test.tar.gz | head -20

psql "$SUPABASE_CONNECTION_STRING" -c "\dt" 2>/dev/null | head -10

rm -rf /tmp/restore-test

Archive lists without errors + Supabase tables visible = pass.

8. Documentation review

Confirm all credentials in Bitwarden are current. Confirm emergency runbook is accessible offline.

Emergency Response Runbook

Keep this accessible offline — printed copy, Bitwarden note, or phone file.

Cloudflare Tunnel down

Symptom: all services unreachable.

sudo systemctl status cloudflared
sudo systemctl restart cloudflared
sudo systemctl status cloudflared

If restart fails:

sudo journalctl -u cloudflared -n 50

Common: update needed or API token expired.

Docker container down

docker ps -a
cd ~/nextcloud && docker-compose restart
cd ~/guacamole && docker-compose restart
sudo systemctl restart prometheus grafana-server prometheus-alertmanager

Disk full

df -h /
sudo journalctl --vacuum-size=200M
docker system prune -f
du -sh ~/backups/* | sort -rh | head -10

API key compromised

Provider dashboard → revoke immediately → generate new key → update .env:

sudo systemctl restart llm-proxy
curl -s http://localhost:8000/health

Device lost or stolen

Cloudflare Zero Trust → Devices → revoke. Change Nextcloud + Guacamole passwords. Review Access logs.

OpenClaw acting unexpectedly

openclaw stop
openclaw logs --tail 100

Do not restart until root cause is understood.

Complete server loss (~2–3 hours)

1. New Vultr server, Ubuntu 24.04 LTS.

2. Rebuild: UFW, fail2ban, Node.js, Docker (Part 2).

3. Restore DB from Supabase:

pg_dump "$SUPABASE_CONNECTION_STRING" > /tmp/nextcloud-db-restore.sql
psql -h localhost -U nextcloud_user -d nextcloud_db < /tmp/nextcloud-db-restore.sql

4. Restore system config:

gpg --decrypt --batch --passphrase-file ~/.backup-passphrase \
  latest-vps-config.gpg > /tmp/restore-config.tar.gz
sudo tar xzf /tmp/restore-config.tar.gz -C /

5. Restore Nextcloud files:

gpg --decrypt --batch --passphrase-file ~/.backup-passphrase \
  latest-nextcloud-files.gpg > /tmp/restore-files.tar.gz
docker run --rm -v nextcloud_nextcloud_data:/data -v /tmp:/backup \
  alpine tar xzf /backup/restore-files.tar.gz -C /data

6. Restart all:

cd ~/nextcloud && docker-compose up -d
cd ~/guacamole && docker-compose up -d
sudo systemctl restart prometheus grafana-server prometheus-alertmanager nginx cloudflared llm-proxy

7. Run Part 4 verification checklist.

The AI Spending Audit

Monthly. Five minutes.

OpenAI: platform.openai.com → Billing → Usage. GPT-4o is highest cost. Consider GPT-4o mini for routine tasks.

Anthropic: console.anthropic.com → Billing. Sonnet handles most business writing at lower cost than Opus.

Google: aistudio.google.com → Dashboard. Flash for routine, Pro for synthesis.

Perplexity: perplexity.ai → Settings → API Usage. Sonar for most factual research.

curl -s -H "Authorization: Bearer YOUR_AUTH_TOKEN" \
  http://localhost:8000/usage-report

If any provider approaches cap with 10+ days remaining: raise cap or reduce workflow frequency.

What to Build Next

1. Multi-location remote desktop. Add a second Guacamole connection for a different workstation.

2. AI-powered document OCR. Tesseract + OpenClaw to classify scanned receipts and invoices.

3. Multi-user access control. Onboard colleagues with role-specific Nextcloud permissions and Cloudflare Access policies.

4. Static business website. Nginx serving public pages from the same server.

5. Contract and invoice generation. OpenClaw populates Collabora templates from structured data.

Final Cost Statement

Component	Monthly
Vultr VPS (Recommended)	~$24
Domain (amortized)	~$1
Cloudflare Zero Trust	$0
Supabase (free tier)	$0
All software (open-source)	$0
AI usage (3 users, moderate)	$15–$35
Total (3–8 person team)	~$35–$50

Equivalent SaaS for 3 users: $240/month AI alone, $400+ total.

This infrastructure costs less, does more, and belongs to you.

The Complete Series

Part	What It Covers
Part 1 — Architecture Overview	Stack, costs, security model
Part 2 — Zero-Trust Server	Vultr, Cloudflare, UFW, fail2ban
Part 3 — The Intelligence Layer	Docker, Nextcloud, Collabora, AI proxy, OpenClaw
Part 4 — Operations & Monitoring	Guacamole, Prometheus, Grafana, backups
Part 5 — The Operations Manual (you are here)	Maintenance, audits, runbook, proxy code

All five parts published and free.

A Final Word: The System Is Yours. The Responsibility Is Yours.

You built a system that monitors itself, backs itself up, and deploys four AI assistants to work on your behalf. That sentence would have been science fiction ten years ago and enterprise-only five years ago. Today it runs on a $24 server and you configured every line of it.

But the system does not think. It does not exercise judgment. It does not know when a draft email will offend a client, when a file has been misclassified in a way that matters legally, or when a financial query has returned a number that is technically correct and practically misleading. Those determinations require a human mind — your mind.

AI does not replace your judgment. It amplifies your capacity. The difference is everything. A tool that amplifies good judgment produces extraordinary results. A tool that amplifies absent judgment produces extraordinary damage.

Consult qualified professionals before acting on AI-generated legal, financial, tax, or medical information. Review every draft before it leaves your control. Verify every automated action. Test your backups. Read your alerts. Maintain your system.

This is self-responsibility. Not as a disclaimer — as a principle. The sovereignty you gained by building this infrastructure comes with the obligation to operate it with care.

What you hold now is not a collection of software. It is a new way of working.

Your data lives on your server. Your security is under your control. Your AI assistants answer to you, not to a subscription tier. SaaS was the bridge. You are no longer renting capability from someone else's servers under someone else's terms. You built your own.

That is not an optimization. That is a revolution.

The age of system sovereignty has arrived. You are already in it. Not because someone sold it to you, but because you built it yourself, one command at a time.

Welcome to the other side.

Legal Disclaimer

The information provided in this series is for educational and informational purposes only. It does not constitute legal, financial, tax, accounting, cybersecurity, or professional advice. All use is at the sole risk of the user. To the maximum extent permitted by applicable law, including the laws of the State of California (Cal. Civ. Code §§1668, 3513) and the State of New York (N.Y. GOL §5-323), the author disclaims all liability for any damages arising from use of this content. References to all third-party products are for informational purposes only. The author has no commercial relationship with any provider mentioned. Non-commercial sharing and attribution are permitted. Commercial reproduction requires explicit written consent.

Questions, corrections, configuration issues: comments. Every one gets read. This is the final installment, but the conversation continues.

Reference Materials
https://www.notion.so/Self-Hosted-AI-Operations-Package-33ca188be27c80099356cdd05cc4d8d3

— Kusunoki
International Tax Specialist & Systems Builder
Sapporo, Japan | @kusunoki

"Fast. Light. Visible."

I Made My Self-Hosted AI System Actually Reliable — Building Your Private AI Infrastructure [4/5]

kusunoki — Wed, 08 Apr 2026 09:55:41 +0000

Free series. All open-source. No DevOps background required. Estimated hands-on time: 60–90 minutes.

There is a moment in every serious build when you realize it is no longer a project. It is infrastructure. You have Nextcloud running. Collabora is live. Four AI models are answering requests through your private proxy. OpenClaw is taking instructions from your phone. The stack works. It does real things. People could depend on this tomorrow.

This part is where a weekend project becomes a production system. Not because the features were missing — Parts 1 through 3 already deliver a working environment — but because production means you can walk away from it on a Friday evening and trust that it will still be running, still be monitored, and still be backed up when you return on Monday morning. That trust is what this part builds.

When you finish today, you will have something that most engineers talk about building and never quite do: a self-hosted, zero-trust, AI-augmented infrastructure that monitors itself, alerts you before failures, backs itself up on three independent schedules, and lets you reach your office workstation from any browser on earth through five layers of authentication. For $35 to $50 a month.

And the thing about building it yourself, one command at a time, is that you understand every piece of it. There is no vendor abstraction you cannot look behind. There is no configuration you cannot change. There is no outage you cannot diagnose because you built the system that is running. That understanding — not the cost savings, not the features — is what changes how you work.

What You Will Complete

Prerequisites: Parts 1–3 complete, all services running. A Gmail account for alerts.

Seven capabilities are added in this part:

1. Apache Guacamole — browser-based RDP gateway. Access any machine on your LAN from any browser, anywhere, through Cloudflare Access.

2. TimeTracker — one-click billable hour logging with CSV export. IRS §6001 contemporaneous records.

3. Calendar/Tasks/Deck — cross-device sync via CalDAV. Single source of truth for all commitments.

4. Accounting API integration — QuickBooks Online, Xero, FreshBooks OAuth 2.0 connections for plain-English financial queries through OpenClaw.

5. Advanced OpenClaw workflows — morning briefings, task-from-email, weekly summaries.

6. Prometheus + Grafana + Alertmanager — metric collection, live dashboard, email alerts before thresholds become incidents.

7. AES-256 encrypted backup — weekly full-system archive. 30-day retention. Documented 2-hour restore.

Step 1: Apache Guacamole

Guacamole is a clientless RDP gateway. It translates Remote Desktop Protocol into browser-renderable HTML5 output. Your Windows desktop appears in a tab, authenticated through five independent security layers:

Browser → WARP encryption → Cloudflare Access OTP → Tunnel → Guacamole on Vultr → your office workstation

mkdir -p ~/guacamole && cd ~/guacamole
nano docker-compose.yml

Paste:

version: '3'
services:
  guacd:
    image: guacamole/guacd
    container_name: guacd
    restart: always

  guacamole-db:
    image: postgres:15
    container_name: guacamole-db
    restart: always
    environment:
      - POSTGRES_DB=guacamole_db
      - POSTGRES_USER=guacamole_user
      - POSTGRES_PASSWORD=REPLACE_WITH_STRONG_PASSWORD
    volumes:
      - guacamole_db_data:/var/lib/postgresql/data

  guacamole:
    image: guacamole/guacamole
    container_name: guacamole
    restart: always
    depends_on:
      - guacd
      - guacamole-db
    environment:
      - GUACD_HOSTNAME=guacd
      - POSTGRESQL_HOSTNAME=guacamole-db
      - POSTGRESQL_DATABASE=guacamole_db
      - POSTGRESQL_USER=guacamole_user
      - POSTGRESQL_PASSWORD=REPLACE_WITH_SAME_PASSWORD
    ports:
      - "127.0.0.1:8888:8080"

volumes:
  guacamole_db_data:

Replace REPLACE_WITH_STRONG_PASSWORD in both locations. Store in Bitwarden.

docker-compose up -d
docker ps

Three containers Up: guacd, guacamole-db, guacamole.

Browse to https://remote.yourdomain.com. Default: guacadmin / guacadmin. Change immediately: username → Settings → Change Password.

Step 2: Preparing the Windows Machine

On the Windows workstation (not your VPS):

Enable Remote Desktop: Settings → System → Remote Desktop → On. (Windows Home: upgrade to Pro ~$100, or install RustDesk as free drop-in.)

Static local IP: Settings → Network → Edit → Manual:

IP: 192.168.1.100   Subnet: 255.255.255.0
Gateway: 192.168.1.1   DNS: 1.1.1.1 / 8.8.8.8

Router port forwarding: forward TCP 3389 to 192.168.1.100. Restrict source to your Vultr IP. Do not set source to "any."

External IP: whatismyip.com. Dynamic IP? Request static from ISP (~$10–15/mo) or use No-IP DDNS (free).

Register in Guacamole: Settings → Connections → New Connection → enter workstation IP/hostname, port 3389, Windows credentials → Save.

Session discipline: Ctrl+Alt+Shift → Disconnect when finished. Closing the tab without disconnecting leaves your desktop unlocked.

Step 3: Time Tracking

Nextcloud → Apps → "TimeTracker" → Enable.

Usage: ▶ Start / ⏸ Pause / ■ Stop. Tag every session. Export CSV monthly.

The IRS requires contemporaneous records under 26 U.S.C. §6001. A tagged time log maintained in real time is materially stronger at audit than a reconstruction from memory. Your future self — and your accountant — will thank you.

Step 4: Calendar, Tasks, and Deck

Already installed in your Nextcloud deployment. No additional installation needed.

Calendar

Create color-coded calendars: Company, Client, Personal, Finance. Pre-populate Finance with the four federal estimated tax dates (Apr 15, Jun 16, Sep 15, Jan 15). Share via three-dot menu → Sharing.

Tasks

Apps → "Tasks" → Enable. Recommended lists: This Week / In Progress / Awaiting Response / Backlog. Syncs to iPhone Reminders and Android OpenTasks via CalDAV.

Deck (Kanban)

Apps → "Deck" → Enable. One board per project. Columns: To Do / In Progress / Review / Done. Due dates auto-appear in Calendar.

Step 5: Accounting API Integration

Standing rule: AI generates drafts. Humans approve. No transaction is committed on AI output alone.

QuickBooks Online

developer.intuit.com → Create App → QBO. Redirect: https://ai.yourdomain.com/callback/qbo. Copy Client ID + Secret.

Append to ~/llm-proxy/.env:

QBO_CLIENT_ID=your-client-id
QBO_CLIENT_SECRET=your-client-secret
QBO_REDIRECT_URI=https://ai.yourdomain.com/callback/qbo
QBO_ENVIRONMENT=production

Auth URL (paste in browser):

https://appcenter.intuit.com/connect/oauth2?client_id=YOUR_CLIENT_ID&redirect_uri=https://ai.yourdomain.com/callback/qbo&response_type=code&scope=com.intuit.quickbooks.accounting&state=secure_random_state

curl -X POST https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer \
  -H "Accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -u "YOUR_CLIENT_ID:YOUR_CLIENT_SECRET" \
  -d "grant_type=authorization_code&code=YOUR_AUTH_CODE&redirect_uri=https://ai.yourdomain.com/callback/qbo"

Add access_token, refresh_token, realmId to .env. Verify:

curl -s -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Accept: application/json" \
  "https://quickbooks.api.intuit.com/v3/company/YOUR_REALM_ID/companyinfo/YOUR_REALM_ID"

Expected: JSON with company name.

Xero

developer.xero.com → New App (Web). Redirect: https://ai.yourdomain.com/callback/xero. Same pattern: .env → auth URL → exchange → verify via /Organisation endpoint.

FreshBooks

developer.freshbooks.com → Create Application. Redirect: https://ai.yourdomain.com/callback/freshbooks. Same pattern: .env → auth URL → exchange → verify via /users/me.

Wave

No developer API. Two paths: (1) OpenClaw generates import-ready CSV → review → Wave import, or (2) operate Wave directly through Guacamole remote desktop.

Step 6: Advanced OpenClaw Workflows

With accounting connected and calendar/tasks active, three workflows are immediately practical.

Morning Briefing

Send once to OpenClaw:

"Every weekday 7:30 AM: unread email count + action items, today's calendar, tasks due today, tasks due this week, overdue invoices from [your accounting platform], one-line server status. Deliver to this chat."

Registers and executes daily without further input.

Task from Email

"[Client] requested a revised proposal by April 18. Create task 'Deliver revised proposal' in Client Work, due April 16. Add calendar event."

The obligation moves from inbox to task system. The inbox clears.

Weekly Summary

"Every Friday 5 PM: completed tasks, incomplete tasks due this week, next week's due items, invoices sent/paid, open invoice total, one observation."

Standing rule: EMAIL_DEFAULT = draft_only. OpenClaw drafts email. It never sends autonomously. Configure this before using any email-related workflow.

Step 7: Prometheus + Grafana

sudo apt install -y prometheus prometheus-node-exporter
sudo apt install -y apt-transport-https software-properties-common
wget -q -O - https://apt.grafana.com/gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/grafana-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/grafana-archive-keyring.gpg] https://apt.grafana.com stable main" | sudo tee /etc/apt/sources.list.d/grafana.list
sudo apt update && sudo apt install -y grafana

Configure:

sudo nano /etc/grafana/grafana.ini

Find and update:

[server]
http_addr = 127.0.0.1

[security]
admin_password = REPLACE_WITH_STRONG_PASSWORD

[users]
allow_sign_up = false

[auth.anonymous]
enabled = false

sudo systemctl enable --now grafana-server

Browser: https://grafana.yourdomain.com. Connections → Data Sources → Prometheus → URL: http://localhost:9090 → Save & Test. Dashboards → Import → ID 1860 → Load.

Live metrics: CPU, memory, disk, network. Updating in real time. This is the moment your server stops being something you hope is running and becomes something you know is running.

Step 8: Alertmanager

Gmail app password: myaccount.google.com → Security → 2-Step → App passwords → "Alertmanager" → copy 16-char password.

sudo apt install -y prometheus-alertmanager
sudo nano /etc/prometheus/alertmanager.yml

Paste (4 substitutions):

global:
  resolve_timeout: 5m
  smtp_smarthost: 'smtp.gmail.com:587'
  smtp_require_tls: true
  smtp_auth_username: 'youremail@gmail.com'
  smtp_auth_password: '16-char-app-password'
  smtp_from: 'youremail@gmail.com'

route:
  group_by: ['alertname']
  group_wait: 30s
  group_interval: 5m
  repeat_interval: 4h
  receiver: 'email-alert'

receivers:
  - name: 'email-alert'
    email_configs:
      - to: 'youremail@gmail.com'
        send_resolved: true

sudo chmod 600 /etc/prometheus/alertmanager.yml

Alert rules:

sudo nano /etc/prometheus/alert.rules.yml

groups:
  - name: server-alerts
    rules:
      - alert: CloudflaredDown
        expr: up{job="cloudflared"} == 0
        for: 5m
        labels: { severity: critical }
        annotations: { summary: "Cloudflare Tunnel is down" }

      - alert: HighCPU
        expr: 100 - (avg by(instance)(irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 85
        for: 10m
        labels: { severity: warning }
        annotations: { summary: "CPU above 85% for 10 minutes" }

      - alert: HighMemory
        expr: (1 - node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes) * 100 > 85
        for: 10m
        labels: { severity: warning }
        annotations: { summary: "Memory above 85% for 10 minutes" }

      - alert: DiskSpaceLow
        expr: (1 - node_filesystem_avail_bytes{mountpoint="/"} / node_filesystem_size_bytes{mountpoint="/"}) * 100 > 80
        for: 15m
        labels: { severity: warning }
        annotations: { summary: "Disk above 80%" }

sudo systemctl restart prometheus
sudo systemctl enable --now prometheus-alertmanager

Test:

curl -X POST http://localhost:9093/api/v1/alerts \
  -H "Content-Type: application/json" \
  -d '[{"labels":{"alertname":"TestAlert","severity":"warning"},"annotations":{"summary":"Email alert test — system working"}}]'

Email with subject "TestAlert" arrives within minutes. When it does, monitoring is operational.

Step 9: AES-256 Encrypted Backup

python3 -c "import secrets; print(secrets.token_urlsafe(48))" > ~/.backup-passphrase
chmod 600 ~/.backup-passphrase

This passphrase is irreplaceable. Lost = encrypted backups permanently unrecoverable. Copy to Bitwarden immediately.

nano ~/backup.sh

Paste (change myadmin if your user differs):

#!/bin/bash
set -euo pipefail
BACKUP_DIR="/home/myadmin/backups"
DATE=$(date +%Y%m%d_%H%M%S)
ARCHIVE="${BACKUP_DIR}/vps-config-${DATE}.tar.gz"
mkdir -p "$BACKUP_DIR"
echo "[$(date)] Encrypted backup started"

sudo tar czf "$ARCHIVE" \
  /home/myadmin/.cloudflared/ \
  /etc/prometheus/ \
  /etc/grafana/grafana.ini \
  /etc/nginx/ \
  /home/myadmin/llm-proxy/.env \
  /home/myadmin/nextcloud/ \
  /home/myadmin/guacamole/ \
  /home/myadmin/.supabase-backup.conf \
  /etc/ssh/sshd_config \
  /etc/ufw/ \
  /etc/fail2ban/ \
  /etc/sysctl.d/99-security.conf \
  /etc/ssl/cloudflare/ \
  2>/dev/null || true

docker run --rm \
  -v nextcloud_nextcloud_data:/data:ro \
  -v "$BACKUP_DIR":/backup \
  alpine tar czf /backup/nextcloud-files-${DATE}.tar.gz -C /data .

gpg --symmetric --cipher-algo AES256 --batch --yes \
  --passphrase-file /home/myadmin/.backup-passphrase "$ARCHIVE"

gpg --symmetric --cipher-algo AES256 --batch --yes \
  --passphrase-file /home/myadmin/.backup-passphrase "${BACKUP_DIR}/nextcloud-files-${DATE}.tar.gz"

rm -f "$ARCHIVE" "${BACKUP_DIR}/nextcloud-files-${DATE}.tar.gz"
find "$BACKUP_DIR" -name "*.gpg" -mtime +30 -delete

echo "[$(date)] Encrypted backup complete"

chmod 700 ~/backup.sh
~/backup.sh
ls -lh ~/backups/

Expected: two .gpg files — system config + Nextcloud data.

Schedule weekly. Your crontab should now have both:

crontab -e

# Daily 2 AM — Supabase DB backup (Part 3)
0 2 * * * /home/myadmin/db-backup-to-supabase.sh >> /home/myadmin/db-backup.log 2>&1

# Weekly Sunday 3 AM — encrypted file backup (Part 4)
0 3 * * 0 /home/myadmin/backup.sh >> /home/myadmin/backup.log 2>&1

Recovery from total server loss:

# Restore config
gpg --decrypt --batch --passphrase-file ~/.backup-passphrase \
  ~/backups/latest-vps-config.gpg > /tmp/restore-config.tar.gz
sudo tar xzf /tmp/restore-config.tar.gz -C /

# Restore Nextcloud files
gpg --decrypt --batch --passphrase-file ~/.backup-passphrase \
  ~/backups/latest-nextcloud-files.gpg > /tmp/restore-files.tar.gz
docker run --rm -v nextcloud_nextcloud_data:/data -v /tmp:/backup \
  alpine tar xzf /backup/restore-files.tar.gz -C /data

# Restart
cd ~/nextcloud && docker-compose restart
cd ~/guacamole && docker-compose restart
sudo systemctl restart prometheus grafana-server prometheus-alertmanager nginx cloudflared

Bare server to fully operational: approximately two hours.

Verification Checklist

docker ps

All containers Up (Nextcloud stack + Guacamole stack).

https://remote.yourdomain.com → Guacamole loads. Click connection → Windows desktop appears.

TimeTracker: Start → 30s → Stop. Session logged. Task with tomorrow's due date → appears on phone. Deck card with due date → appears in Calendar.

Accounting: curl verify returns JSON with company data.

https://grafana.yourdomain.com → live CPU/memory/disk/network.

Alertmanager test email arrives in Gmail.

~/backup.sh && ls -lh ~/backups/

Two .gpg files with current timestamp.

crontab -l

Both cron entries visible.

All checked: Part 4 is complete. The build is finished.

What You Have Built — and What It Changes

Four parts. Two weekends. One stack.

A Vultr server ($12–$48/month) behind eight zero-trust security layers, invisible to the public internet except through Cloudflare's authenticated access. A private file cloud with collaborative editing. Four AI assistants through one portal. An agentic butler that organizes your files, drafts your correspondence, and delivers your briefings while you sleep. Browser-based remote desktop from anywhere on earth. Real-time monitoring with email alerts. Triple-redundant backup with a documented two-hour full recovery.

Total: ~$35–$50/month for a 3–8 person team. The equivalent SaaS stack: $300–$400/month per team — with your data on someone else's servers, under terms that change without notice.

How Your Work Changes

Monday morning: your phone buzzes at 7:30 AM with a briefing you did not write — unread emails categorized, overdue invoices flagged, calendar summarized, tasks prioritized. You scan it in 90 seconds over coffee. Your week is already organized before you sit down.

A client emergency at 2 PM: they need a file from the machine sitting in your office, 30 minutes away. You open a browser tab, authenticate through Cloudflare, and your office desktop materializes on your screen. You send the file. Your client assumes you were at your desk. Total elapsed time: four minutes.

Friday evening: your weekly summary arrives. Tasks completed: 14. Overdue: 0. Open invoices: two, both under 15 days. Server status: all green. Backup completed at 3 AM as scheduled. You close the laptop. The system runs through the weekend without you.

The tax preparer in April: you hand them a CSV of tagged, timestamped billable hours, a Nextcloud folder of YYYYMMDD-named receipts with full version history, and a PostgreSQL audit trail that satisfies 26 U.S.C. §6001. They ask where you found a bookkeeper this organized. You didn't. You built a system.

How Your Business Changes

You stop paying $131–$175 per user per month for tools you do not own, storing data on servers you cannot inspect, under terms you did not negotiate.

You stop wondering whether your VPN is the weakest link in your security — because you eliminated the VPN entirely and replaced it with eight independent layers that follow NIST SP 800-207.

You stop choosing between AI providers — because you have all four, at API pricing, through one portal, matched to each task.

You gain something that SaaS cannot sell you: the knowledge that your data is on your server, your security is under your control, and your infrastructure continues running whether or not any particular vendor survives next quarter.

That is not a feature. That is sovereignty.

What Part 5 Covers

The system is built. Part 5 is the operations manual: monthly and annual maintenance checklists, the complete LLM proxy application code, OpenClaw configuration templates, the emergency response runbook, device loss procedures, and the monthly AI cost audit.

When Part 5 is complete, the series is complete.

Series: Building Your Private AI Infrastructure

Part	What It Covers
Part 1 — Architecture Overview	Stack, costs, security model
Part 2 — Zero-Trust Server	Vultr, Cloudflare, UFW, fail2ban
Part 3 — The Intelligence Layer	Docker, Nextcloud, Collabora, AI proxy, OpenClaw
Part 4 — Operations & Monitoring (you are here)	Guacamole, Prometheus, Grafana, encrypted backups
Part 5 — The Operations Manual	Maintenance, audits, cost optimization, runbook

All five parts are published and free. No paywall, no signup, no follow-up sequence.

Legal Disclaimer

Part 5 — the final installment — is next. Questions, errors, configuration issues: comments. Every one gets read. Technical ones get detailed answers.

— Kusunoki
International Tax Specialist & Systems Builder
Sapporo, Japan | @kusunoki

Tags: devops, linux, security, selfhosted

I Built My Own Private Cloud + 4 AI Assistants on One Server — Building Your Private AI Infrastructure [3/5]

kusunoki — Wed, 08 Apr 2026 09:49:02 +0000

Free series. All open-source. No DevOps background required. Estimated hands-on time: 60–90 minutes.

You have a hardened VPS, two open ports, and a Cloudflare tunnel that makes your server invisible to the public internet. The walls are up. Now let's put something worth protecting inside them.

This part installs Docker, PostgreSQL, Nextcloud, Collabora Online, a unified 4-model AI proxy, and OpenClaw — your agentic butler — plus CalDAV calendar sync, custom domain email, and nightly backups to Supabase. By the end, the system is operational for daily use.

Every step follows the same pattern as Part 2: paste the command, observe the result, verify before proceeding. If something breaks, you know exactly where and how to fix it.

What You Will Complete in This Part

Read time: ~20 min. Hands-on: ~60–90 min. Prerequisites: Parts 1–2 completed. Four API keys gathered. Password manager open.

When this part is complete, eleven things will be true:

Docker installed and running
PostgreSQL containerized, holding Nextcloud data
Nextcloud live at cloud.yourdomain.com, behind Cloudflare Access
Collabora integrated — .docx/.xlsx open in-browser for real-time co-editing
LLM proxy at ai.yourdomain.com, routing to 4 AI providers, keys in isolated .env
OpenClaw installed, systemd-sandboxed, connected to your messaging app
CalDAV sync active on all devices
Custom domain email configured with DKIM/SPF/DMARC
Supabase backup running nightly at 2 AM
All 8 security layers active
Monthly cost fully understood — no line surprises

Before You Build: Four API Keys

Collect all keys before touching the terminal:

OPENAI_API_KEY=sk-[your key]
ANTHROPIC_API_KEY=sk-ant-[your key]
GOOGLE_API_KEY=AIza-[your key]
PERPLEXITY_API_KEY=pplx-[your key]

Spending rule: set a hard $20/month cap per provider before your first API request. Total exposure: $80. Realistic spend for a 3-person team: $15–$35/month.

OpenAI — platform.openai.com. Broad reasoning, coding, general analysis. Anthropic — console.anthropic.com. Nuanced prose, contracts, editorial. Google — aistudio.google.com. Structured data, Workspace integration. Perplexity — perplexity.ai. Source-cited real-time research.

Step 1: Docker and PostgreSQL

sudo apt install -y docker.io docker-compose
sudo systemctl enable --now docker
sudo usermod -aG docker myadmin

Restart session: exit, log back in. Not optional — Docker commands fail without the group reload.

docker --version
docker ps

docker --version: 24.x.x+. docker ps: empty table (correct — no containers yet).

Step 2: The Compose Blueprint

Docker Compose manages the entire stack from one YAML file.

mkdir -p ~/nextcloud && cd ~/nextcloud
nano docker-compose.yml

Paste exactly. Three substitutions required:

version: '3'
services:
  db:
    image: postgres:15
    restart: always
    environment:
      - POSTGRES_DB=nextcloud_db
      - POSTGRES_USER=nextcloud_user
      - POSTGRES_PASSWORD=REPLACE_WITH_STRONG_PASSWORD
    volumes:
      - nextcloud_db_data:/var/lib/postgresql/data

  app:
    image: nextcloud:latest
    restart: always
    depends_on:
      - db
    ports:
      - "127.0.0.1:8080:80"
    environment:
      - POSTGRES_HOST=db
      - POSTGRES_DB=nextcloud_db
      - POSTGRES_USER=nextcloud_user
      - POSTGRES_PASSWORD=REPLACE_WITH_SAME_PASSWORD
    volumes:
      - nextcloud_data:/var/www/html

  collabora:
    image: collabora/code:latest
    restart: always
    environment:
      - aliasgroup1=https://cloud.REPLACE_WITH_YOUR_DOMAIN:443
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true
    ports:
      - "127.0.0.1:9980:9980"

volumes:
  nextcloud_db_data:
  nextcloud_data:

Substitutions: (1) REPLACE_WITH_STRONG_PASSWORD — same 20+ char password in both locations. (2) REPLACE_WITH_YOUR_DOMAIN — your actual domain.

Save: Ctrl+O → Enter → Ctrl+X.

docker-compose up -d

First run pulls all images (~5–10 min). Verify:

docker ps

Three containers with Up status: PostgreSQL, Nextcloud, Collabora.

Browse to https://cloud.yourdomain.com. Cloudflare OTP → Nextcloud setup screen. Create admin account. Store credentials.

When the dashboard loads, your private cloud is operational.

Step 3: Collabora Online

Nextcloud → user icon → Apps → search "Nextcloud Office" → Install.

User icon → Administration Settings → Nextcloud Office → Use your own server → URL: https://office.yourdomain.com → Save.

Verify: + button → New Document → editor opens in browser. Open from second device → both cursors visible, edits sync in real time.

Step 4: The 4-Model AI Proxy

Runs at localhost:8000, routed to ai.yourdomain.com via Cloudflare Tunnel. Keys never reach the browser.

mkdir -p ~/llm-proxy && cd ~/llm-proxy
python3 -m venv venv
source venv/bin/activate
pip install fastapi uvicorn httpx python-dotenv

nano ~/llm-proxy/.env

Paste with your actual keys:

OPENAI_API_KEY=sk-your-openai-key
ANTHROPIC_API_KEY=sk-ant-your-anthropic-key
GOOGLE_API_KEY=AIza-your-google-key
PERPLEXITY_API_KEY=pplx-your-perplexity-key
PROXY_AUTH_TOKEN=REPLACE_WITH_RANDOM_TOKEN

Generate auth token:

python3 -c "import secrets; print(secrets.token_urlsafe(32))"

Paste output as PROXY_AUTH_TOKEN value. Save.

chmod 600 ~/llm-proxy/.env

Full proxy application code is in the Part 5 operations file. Verify:

curl -s http://localhost:8000/health

Expected: {"status":"ok"}. Confirm at https://ai.yourdomain.com/health.

Model allocation: Claude for contracts/editorial. Perplexity for cited research. ChatGPT for general reasoning. Gemini for structured data. One portal, right model per task.

Step 5: OpenClaw — Full Install

A chatbot answers and waits. An agent acts and completes.

CVE-2026-25253 (CVSS 8.8, High) and the ClawJacked class were addressed in Part 1. The security posture from Part 2 — localhost binding, Cloudflare tunnel auth, UFW port restriction — neutralizes both structurally. This install specifies OpenClaw 2026.1.29 or later (patched).

npm install -g openclaw@latest
openclaw onboard --install-daemon

Interactive flow: select AI model (Claude/ChatGPT), configure working dirs, connect messaging app (Slack/Discord/Telegram).

Three mandatory configs before production:

Set OpenClaw's internal spending cap (separate from provider caps).
Restrict filesystem access — exclude dirs containing passwords, keys, financial records.
No third-party skills without review — community extensions are unaudited.

openclaw status

Expected: "Gateway: running." Test via messaging app.

Step 6: CalDAV Calendar Sync

iPhone: Settings → Calendar → Accounts → Add → Other → CalDAV. Server: https://cloud.yourdomain.com/remote.php/dav.

Android: DAVx⁵ (free, Play Store). Same server + credentials.

Mac/PC: Apple Calendar or Thunderbird — CalDAV natively supported.

Test: create event in Nextcloud → appears on phone within minutes.

Step 7: Custom Domain Email

Cloudflare Email Routing: Email → Email Routing → Enable. Forward yourname@yourdomain.com to your existing inbox.

Send-as config: Gmail → Settings → Accounts and Import → Add another address. Apple Mail → Preferences → Accounts → alias.

DMARC: Cloudflare DNS → TXT record:

Name: _dmarc
Content: v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com

Verify at mail-tester.com. Score ≥8 = reliable inbox delivery.

Step 8: Supabase Nightly Backup

Create project at supabase.com. Region: US East. Copy connection string.

nano ~/.supabase-backup.conf

SUPABASE_URI="postgresql://postgres.[project-id]:[password]@aws-0-us-east-1.pooler.supabase.com:6543/postgres"
LOCAL_DB_NAME="nextcloud_db"
LOCAL_DB_USER="nextcloud_user"
LOCAL_DB_CONTAINER="nextcloud_db_1"

chmod 600 ~/.supabase-backup.conf

nano ~/db-backup-to-supabase.sh

Paste (change myadmin if your username differs):

#!/bin/bash
set -euo pipefail
source /home/myadmin/.supabase-backup.conf
DATE=$(date +%Y%m%d_%H%M%S)
DUMP_DIR="/home/myadmin/db-backups"
DUMP_FILE="${DUMP_DIR}/nextcloud_db_${DATE}.sql"
mkdir -p "$DUMP_DIR"
echo "[$(date)] Backup started"
docker exec "$LOCAL_DB_CONTAINER" pg_dump -U "$LOCAL_DB_USER" "$LOCAL_DB_NAME" > "$DUMP_FILE"
echo "[$(date)] Local dump complete: $DUMP_FILE"
PGPASSWORD=$(echo "$SUPABASE_URI" | grep -oP '(?<=:)[^@]+(?=@)')
psql "$SUPABASE_URI" -c "DROP SCHEMA IF EXISTS nextcloud_backup CASCADE; CREATE SCHEMA nextcloud_backup;"
psql "$SUPABASE_URI" --set search_path=nextcloud_backup < "$DUMP_FILE" 2>/dev/null || true
echo "[$(date)] Transfer to Supabase complete"
find "$DUMP_DIR" -name "*.sql" -mtime +14 -delete
echo "[$(date)] Backup complete"

chmod 700 ~/db-backup-to-supabase.sh
~/db-backup-to-supabase.sh

Confirm in Supabase: Table Editor → nextcloud_backup schema exists.

crontab -e

Add:

0 2 * * * /home/myadmin/db-backup-to-supabase.sh >> /home/myadmin/db-backup.log 2>&1

Recovery (total server loss):

pg_dump "your-supabase-uri" --schema=nextcloud_backup > /tmp/restore.sql
docker exec -i nextcloud_db_1 psql -U nextcloud_user nextcloud_db < /tmp/restore.sql

Three Rules of AI Use

1. No PII in prompts. Names, SSNs, financial accounts, medical data — none of it belongs in an AI prompt. Use initials or pseudonyms. CCPA and HIPAA don't distinguish accidental from intentional disclosure.

2. No credentials in chat. Keys are in .env. Passwords are in Bitwarden. They never need to appear in a message.

3. Review every output before it acts. Claude writes excellent email. Read it first. OpenClaw organizes files as instructed. Check the result. The irreversible consequences of automated action belong to the human who gave the instruction.

Verification Checklist

docker ps

Expected: 3 containers Up.

Browser: https://cloud.yourdomain.com → Nextcloud loads. Open .docx → Collabora editor.

curl -s http://localhost:8000/health

{"status":"ok"} — also at https://ai.yourdomain.com/health.

openclaw status

"Gateway: running." Message via app → response arrives.

Calendar event in Nextcloud → phone. Email to custom domain → forwarding inbox. Reply → sender shows custom address.

sudo ufw status verbose

Active, 80+443 only.

sudo systemctl status fail2ban cloudflared

Both active.

~/db-backup-to-supabase.sh

Completes. Supabase shows data.

All twelve checked: system is fully operational for daily use.

Monthly Cost

VPS: $12–$48. Domain: ~$1. Cloudflare: $0. Supabase: $0. Software: $0. AI: $15–$35 (moderate, 3 users).

Total (3–8 person team): ~$35–$50/month. Equivalent SaaS for 3 users: $240/month AI alone, plus storage, monitoring, remote desktop — $400+ total.

What Part 4 Builds

Apache Guacamole — browser-based remote desktop. Prometheus + Grafana + Alertmanager — real-time monitoring with email alerts. AES-256 encrypted weekly backups — the third layer of defense.

When Part 4 is complete, the build is finished.

Series: Building Your Private AI Infrastructure

Part	What It Covers
Part 1 — Architecture Overview	Stack, costs, security model
Part 2 — Zero-Trust Server	Vultr, Cloudflare, UFW, fail2ban
Part 3 — The Intelligence Layer (you are here)	Docker, Nextcloud, Collabora, AI proxy, OpenClaw
Part 4 — Operations & Monitoring	Guacamole, Prometheus, Grafana, encrypted backups
Part 5 — The Operations Manual	Maintenance, audits, cost optimization, runbook

All five parts are published and free.

Legal Disclaimer

Part 4 is next. Questions, errors, environment-specific issues: comments. Every one gets read. Technical ones get detailed answers.

— Kusunoki
International Tax Specialist & Systems Builder
Sapporo, Japan | @kusunoki

I Built a Zero-Trust Server With Only 2 Open Ports — Building Your Private AI Infrastructure [2/5]

kusunoki — Wed, 08 Apr 2026 09:40:15 +0000

Free series. All open-source. No DevOps background required. Estimated hands-on time: 45–90 minutes.

You have set up a server before. You know what a terminal looks like. You have also watched someone paste a curl command from a random blog post and immediately regret it. This guide is not that. Every command in this part has a stated purpose, a predictable output, and a clean recovery path. If something breaks — and the instructions are written to prevent this — you log into Vultr, click Reinstall, and start fresh in under two minutes.
What makes this part worth your time is not the individual steps — you could figure out each one alone. It is the specific combination of decisions, the order in which they are applied, and the security posture that results. By the end of this article, your server will have zero publicly accessible ports beyond two, an administrative interface that is invisible to port scanners, and five independent security layers verified and operational. That is not a weekend project you abandon. That is a foundation you build on.
Let’s build it.

What You Will Complete in This Part
Five things will be true when this part is done:

A Vultr VPS running Ubuntu 24.04 LTS — your isolated machine in a global data center, owned entirely by you.
A custom domain pointing to Cloudflare’s network — the address your team uses to reach every service.
Cloudflare Zero Trust deployed and active — DDoS mitigation, WAF, and authenticated access control, all at zero cost for up to 50 users.
Server-level defenses configured — UFW, fail2ban, unattended-upgrades, and hardened sysctl parameters.
Node.js 24 LTS installed and the OpenClaw foundation ready for Part 3. Five security layers active and verified. The remaining three are completed in Part 3. Read time: ~15 min. Hands-on: ~45–90 min. Prerequisites: Part 1 read. A credit card for Vultr (hourly billing, cancel anytime). An email address you control.

Step 1: Provisioning Your Vultr Server
Vultr is a global cloud provider with DCs across NA, EU, and APAC. You are provisioning a Cloud Compute instance — dedicated vCPU, dedicated RAM, dedicated SSD, isolated from other tenants.
Navigate to vultr.com. Create an account. Vultr charges by the hour and bills monthly. No contract. Destroy the server and billing stops.
Click Deploy → Cloud Compute — Shared CPU.
Select a DC closest to your users (US: ATL/CHI/DAL/LA/MIA/NY/SEA).
Server Image: Ubuntu 24.04 LTS. Canonical commits to security patches through April 2029.
Server Size:
Plan vCPU RAM SSD $/mo Use case
Starter 1 2 GB 55 GB ~$12 Single user / evaluation
Recommended 2 4 GB 80 GB ~$24 3–8 users (used in this guide)
Growth 4 8 GB 160 GB ~$48 8–30 users

Additional Features: enable IPv6 (free, needed for some Part 3 services). Hostname: anything meaningful (visible only in your dashboard).
Root Password: 20+ characters, randomly generated, stored in a password manager. Bitwarden is free and recommended. If you don’t use a password manager yet, start now — you will generate several credentials during this build.
Click Deploy Now. Server provisions in ~60 seconds. Note the IP address — you need it in Step 3.

Step 2: Registering Your Domain
Your domain is the address for every service in the stack:
cloud.yourdomain.com → Nextcloud ai.yourdomain.com → AI proxy remote.yourdomain.com → Guacamole grafana.yourdomain.com → Grafana ssh.yourdomain.com → SSH (tunnel only)
Cloudflare Registrar (cloudflare.com/products/registrar) is recommended — consolidates domain + security in one dashboard. .com domains ~$10.44/year. Other registrars work fine.
Choose something short, professional, easy to say aloud. Complete the registration.

Step 3: Deploying Cloudflare Zero Trust
Cloudflare routes ~20% of global web traffic. The Zero Trust free tier (≤50 users) provides WAF, DDoS mitigation, and Access authentication — capabilities that cost tens of thousands/year commercially.
Account Setup
If you used Cloudflare Registrar, your account exists. Otherwise: dash.cloudflare.com → free account.
Immediately enable 2FA. My Profile → Authentication → Two-Factor Authentication. This is not optional. A compromised Cloudflare account compromises your entire security layer.
If using an external registrar: Add a Site → Free plan → update nameservers to the two Cloudflare provides. Propagation: minutes to 24 hours.
Zero Trust Setup
Click Zero Trust in the left panel. Choose a team name (e.g., mybase). Select the Free plan.
Creating the Tunnel
The Cloudflare Tunnel inverts the conventional model. Instead of opening ports for inbound connections (which creates attack surface), your server initiates an outbound connection to Cloudflare and maintains it. All inbound access routes through this tunnel. Your server’s IP is never directly exposed. Nothing for a port scanner to find.
Zero Trust dashboard → Networks → Tunnels → Create a tunnel → Cloudflared → name it (e.g., mybase-tunnel). Select Debian/Ubuntu. Cloudflare displays a curl command. Copy it.
Open your server console: Vultr dashboard → your server → Console. Log in as root (password won’t display as you type — intentional security behavior). Paste the Cloudflare command. ~30 seconds. Tunnel status shows Healthy.
Tunnel Routing
Public Hostname tab. Add these entries (replace yourdomain.com):
Subdomain Routes to Service
cloud.yourdomain.com http://localhost:8080 Nextcloud
office.yourdomain.com http://localhost:9980 Collabora Online
ai.yourdomain.com http://localhost:8000 AI proxy
remote.yourdomain.com http://localhost:8888 Guacamole
grafana.yourdomain.com http://localhost:3000 Grafana
ssh.yourdomain.com ssh://localhost:50922 SSH admin (tunnel only)

localhost = this server. The port number = which service. Traffic arrives through the tunnel and gets routed to the right process. The service never talks directly to the public internet.
Access Policies
Access → Applications. For each subdomain: Self-hosted Application. Authentication: One-time PIN (email OTP).
Flow: user navigates to cloud.yourdomain.com → Cloudflare intercepts → email prompt → six-digit code sent → code entered → access granted for configurable session duration. No password to manage. No identity provider to configure. The email address is the credential.
Under Include: add authorized email addresses. Changes take effect immediately. Adding a colleague: one email address added to one list.

Step 4: Hardening the Server
Cloudflare is the outer wall. The server needs independent defenses — defense in depth means no single layer’s failure compromises everything.
Commands are executed one at a time. Paste, Enter, wait for prompt, proceed.
Administrative User
Root has unrestricted access. A typo operating as root can cause irreversible damage without confirmation. Create a dedicated admin user:
adduser myadmin
Set a strong 20+ char password (different from root, stored in password manager). Skip the Full Name prompts.
usermod -aG sudo myadmin
myadmin is a placeholder. Use whatever name you prefer throughout.
UFW Firewall
sudo apt update && sudo apt install -y ufw sudo ufw allow 80/tcp comment "HTTP" sudo ufw allow 443/tcp comment "HTTPS" sudo ufw enable
Confirm with y when prompted.
Note what is absent: port 22 is not opened. SSH is routed through the Cloudflare Tunnel — no public SSH port exists. Two ports open. That is the entire external attack surface.
fail2ban
sudo apt install -y fail2ban sudo systemctl enable --now fail2ban
Verify:
sudo systemctl status fail2ban
Expected: active (running).
Automatic Security Updates
sudo apt install -y unattended-upgrades apt-listchanges sudo dpkg-reconfigure -plow unattended-upgrades
Select Yes. Security patches now apply automatically during off-hours.
Kernel Network Hardening
sudo nano /etc/sysctl.d/99-security.conf
Paste:
net.ipv4.tcp_syncookies = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.ip_forward = 0
Save: Ctrl+O → Enter → Ctrl+X. Apply:
sudo sysctl --system
Note on ip_forward = 0: VPN setups require this enabled for packet routing. This architecture uses Cloudflare Tunnel for all external routing — IP forwarding is unnecessary and therefore disabled. Capability not needed is capability that cannot be exploited.
Vultr Hardware Firewall
Vultr dashboard → your server → Firewall. Create a firewall group:
Accept TCP 80 from any Accept TCP 443 from any Drop all other inbound
Apply to your server. You now have two independent firewalls enforcing the same two-port restriction: Vultr hardware + Ubuntu UFW. Both fronted by Cloudflare authentication.

Step 5: Node.js Foundation
OpenClaw (Part 3) runs on Node.js. Install now to avoid a dependency gap:
curl -fsSL https://deb.nodesource.com/setup_24.x | sudo -E bash - sudo apt install -y nodejs node --version
Expected output: v24.x.x. If error, re-run the first two commands.

Verifying Your Security Stack
Five of eight layers active. Verify:
sudo ufw status verbose
Expected: active, ports 80 + 443 only.
sudo systemctl status fail2ban
Expected: active (running).
sudo systemctl status cloudflared
Expected: active (running).
node --version
Expected: v24.x.x.
If any check fails: re-run the relevant step. Most failures are a missed command or typo. If unresolvable, Vultr Reinstall → clean Ubuntu → restart from Step 4. Cloudflare config (Steps 2–3) is stored independently and doesn’t need redoing.

The Security Posture You Have Built
From the public internet: two open TCP ports (80/443), dual-firewalled (Vultr HW + UFW), both fronted by Cloudflare WAF + DDoS mitigation.
SSH: no public port. Routed through Cloudflare Tunnel, accessible only after email OTP authentication.
fail2ban: monitoring auth logs, auto-blocking repeated failures. unattended-upgrades: patching known CVEs during off-hours. Kernel hardening: active.
This is not security bolted on after the fact. It is the foundation. Every application installed in Parts 3 and 4 inherits this posture. No application gets a public port. No admin interface is directly internet-accessible. Every access path routes through the authenticated tunnel.

A Note on OpenClaw and CVE-2026-25253
Part 1 addressed the vulnerability (CVSS 8.8, High) and the ClawJacked class in detail. The security posture built in this part is precisely what neutralizes them.
The exploit requires an accessible WebSocket endpoint. Your server has no publicly accessible ports beyond 80/443, both behind Cloudflare Access. OpenClaw, when installed in Part 3, will bind to localhost and be accessible only through the authenticated tunnel. No credentials → no access → no exploit.
Patch: OpenClaw 2026.1.29. Specified throughout this guide.

What Part 3 Builds
The foundation is complete. Part 3 installs the intelligence:
Nextcloud — private file sync replacing Google Drive/Dropbox.
Collabora Online — browser-based collaborative editing.
Four-AI unified proxy — ChatGPT + Claude + Gemini + Perplexity through one authenticated interface. API keys never leave the server.
OpenClaw — agentic AI butler with systemd sandboxing, API key isolation, and messaging integrations.
When Part 3 is complete, the system is operational for daily use.

Series: Building Your Private AI Infrastructure
Part What It Covers
Part 1 — Architecture Overview Stack, costs, security model, daily usage
Part 2 — Zero-Trust Server (you are here) Vultr, Cloudflare, UFW, fail2ban, Node.js
Part 3 — The Intelligence Layer Docker, Nextcloud, Collabora, AI proxy, OpenClaw
Part 4 — Operations & Monitoring Guacamole, Prometheus, Grafana, encrypted backups
Part 5 — The Operations Manual Maintenance, audits, cost optimization, runbook

All five parts are published and free. No paywall, no signup, no follow-up sequence.

Legal Disclaimer
The information provided in this series is for educational and informational purposes only. It does not constitute legal, financial, tax, accounting, cybersecurity, or professional advice of any kind. No professional relationship is formed by reading or acting on this content.
All use of techniques, software, services, configurations, or commands described in this series is undertaken at the sole risk of the user. To the maximum extent permitted by applicable law, the author disclaims all liability for any damages arising from use of or reliance upon this content.
This disclaimer is enforceable to the fullest extent permitted by applicable law, including the laws of the State of California (Cal. Civ. Code §§1668, 3513) and the State of New York (N.Y. GOL §5-323), and applicable federal law. References to all third-party products are for informational purposes only. The author has no commercial relationship with any provider mentioned.

Part 3 is next. Questions, errors, or environment-specific issues belong in the comments. Every one gets read. The technical ones get detailed answers.

— Kusunoki International Tax Specialist & Systems Builder Sapporo, Japan | @kusunoki---
title: "I Built a Zero-Trust Server With Only 2 Open Ports — Building Your Private AI Infrastructure [2/5]"
published: true
tags: linux, security, selfhosted, tutorial

series: Building Your Private AI Infrastructure

Free series. All open-source. No DevOps background required. Estimated hands-on time: 45–90 minutes.

You have set up a server before. You know what a terminal looks like. You have also watched someone paste a curl command from a random blog post and immediately regret it. This guide is not that. Every command in this part has a stated purpose, a predictable output, and a clean recovery path. If something breaks — and the instructions are written to prevent this — you log into Vultr, click Reinstall, and start fresh in under two minutes.

What makes this part worth your time is not the individual steps — you could figure out each one alone. It is the specific combination of decisions, the order in which they are applied, and the security posture that results. By the end of this article, your server will have zero publicly accessible ports beyond two, an administrative interface that is invisible to port scanners, and five independent security layers verified and operational. That is not a weekend project you abandon. That is a foundation you build on.

Let's build it.

What You Will Complete in This Part

Five things will be true when this part is done:

1. A Vultr VPS running Ubuntu 24.04 LTS — your isolated machine in a global data center, owned entirely by you.

2. A custom domain pointing to Cloudflare's network — the address your team uses to reach every service.

3. Cloudflare Zero Trust deployed and active — DDoS mitigation, WAF, and authenticated access control, all at zero cost for up to 50 users.

4. Server-level defenses configured — UFW, fail2ban, unattended-upgrades, and hardened sysctl parameters.

5. Node.js 24 LTS installed and the OpenClaw foundation ready for Part 3.

Five security layers active and verified. The remaining three are completed in Part 3.

Read time: ~15 min. Hands-on: ~45–90 min. Prerequisites: Part 1 read. A credit card for Vultr (hourly billing, cancel anytime). An email address you control.

Step 1: Provisioning Your Vultr Server

Vultr is a global cloud provider with DCs across NA, EU, and APAC. You are provisioning a Cloud Compute instance — dedicated vCPU, dedicated RAM, dedicated SSD, isolated from other tenants.

Navigate to vultr.com. Create an account. Vultr charges by the hour and bills monthly. No contract. Destroy the server and billing stops.

Click Deploy → Cloud Compute — Shared CPU.

Select a DC closest to your users (US: ATL/CHI/DAL/LA/MIA/NY/SEA).

Server Image: Ubuntu 24.04 LTS. Canonical commits to security patches through April 2029.

Server Size:

Plan	vCPU	RAM	SSD	$/mo	Use case
Starter	1	2 GB	55 GB	~$12	Single user / evaluation
Recommended	2	4 GB	80 GB	~$24	3–8 users (used in this guide)
Growth	4	8 GB	160 GB	~$48	8–30 users

Additional Features: enable IPv6 (free, needed for some Part 3 services). Hostname: anything meaningful (visible only in your dashboard).

Root Password: 20+ characters, randomly generated, stored in a password manager. Bitwarden is free and recommended. If you don't use a password manager yet, start now — you will generate several credentials during this build.

Click Deploy Now. Server provisions in ~60 seconds. Note the IP address — you need it in Step 3.

Step 2: Registering Your Domain

Your domain is the address for every service in the stack:

cloud.yourdomain.com   → Nextcloud
ai.yourdomain.com      → AI proxy
remote.yourdomain.com  → Guacamole
grafana.yourdomain.com → Grafana
ssh.yourdomain.com     → SSH (tunnel only)

Cloudflare Registrar (cloudflare.com/products/registrar) is recommended — consolidates domain + security in one dashboard. .com domains ~$10.44/year. Other registrars work fine.

Choose something short, professional, easy to say aloud. Complete the registration.

Step 3: Deploying Cloudflare Zero Trust

Cloudflare routes ~20% of global web traffic. The Zero Trust free tier (≤50 users) provides WAF, DDoS mitigation, and Access authentication — capabilities that cost tens of thousands/year commercially.

Account Setup

If you used Cloudflare Registrar, your account exists. Otherwise: dash.cloudflare.com → free account.

Immediately enable 2FA. My Profile → Authentication → Two-Factor Authentication. This is not optional. A compromised Cloudflare account compromises your entire security layer.

If using an external registrar: Add a Site → Free plan → update nameservers to the two Cloudflare provides. Propagation: minutes to 24 hours.

Zero Trust Setup

Click Zero Trust in the left panel. Choose a team name (e.g., mybase). Select the Free plan.

Creating the Tunnel

The Cloudflare Tunnel inverts the conventional model. Instead of opening ports for inbound connections (which creates attack surface), your server initiates an outbound connection to Cloudflare and maintains it. All inbound access routes through this tunnel. Your server's IP is never directly exposed. Nothing for a port scanner to find.

Zero Trust dashboard → Networks → Tunnels → Create a tunnel → Cloudflared → name it (e.g., mybase-tunnel). Select Debian/Ubuntu. Cloudflare displays a curl command. Copy it.

Open your server console: Vultr dashboard → your server → Console. Log in as root (password won't display as you type — intentional security behavior). Paste the Cloudflare command. ~30 seconds. Tunnel status shows Healthy.

Tunnel Routing

Public Hostname tab. Add these entries (replace yourdomain.com):

Subdomain	Routes to	Service
cloud.yourdomain.com	http://localhost:8080	Nextcloud
office.yourdomain.com	http://localhost:9980	Collabora Online
ai.yourdomain.com	http://localhost:8000	AI proxy
remote.yourdomain.com	http://localhost:8888	Guacamole
grafana.yourdomain.com	http://localhost:3000	Grafana
ssh.yourdomain.com	ssh://localhost:50922	SSH admin (tunnel only)

localhost = this server. The port number = which service. Traffic arrives through the tunnel and gets routed to the right process. The service never talks directly to the public internet.

Access Policies

Access → Applications. For each subdomain: Self-hosted Application. Authentication: One-time PIN (email OTP).

Flow: user navigates to cloud.yourdomain.com → Cloudflare intercepts → email prompt → six-digit code sent → code entered → access granted for configurable session duration. No password to manage. No identity provider to configure. The email address is the credential.

Under Include: add authorized email addresses. Changes take effect immediately. Adding a colleague: one email address added to one list.

Step 4: Hardening the Server

Cloudflare is the outer wall. The server needs independent defenses — defense in depth means no single layer's failure compromises everything.

Commands are executed one at a time. Paste, Enter, wait for prompt, proceed.

Administrative User

Root has unrestricted access. A typo operating as root can cause irreversible damage without confirmation. Create a dedicated admin user:

adduser myadmin

Set a strong 20+ char password (different from root, stored in password manager). Skip the Full Name prompts.

usermod -aG sudo myadmin

myadmin is a placeholder. Use whatever name you prefer throughout.

UFW Firewall

sudo apt update && sudo apt install -y ufw
sudo ufw allow 80/tcp comment "HTTP"
sudo ufw allow 443/tcp comment "HTTPS"
sudo ufw enable

Confirm with y when prompted.

Note what is absent: port 22 is not opened. SSH is routed through the Cloudflare Tunnel — no public SSH port exists. Two ports open. That is the entire external attack surface.

fail2ban

sudo apt install -y fail2ban
sudo systemctl enable --now fail2ban

Verify:

sudo systemctl status fail2ban

Expected: active (running).

Automatic Security Updates

sudo apt install -y unattended-upgrades apt-listchanges
sudo dpkg-reconfigure -plow unattended-upgrades

Select Yes. Security patches now apply automatically during off-hours.

Kernel Network Hardening

sudo nano /etc/sysctl.d/99-security.conf

Paste:

net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_forward = 0

Save: Ctrl+O → Enter → Ctrl+X. Apply:

sudo sysctl --system

Note on ip_forward = 0: VPN setups require this enabled for packet routing. This architecture uses Cloudflare Tunnel for all external routing — IP forwarding is unnecessary and therefore disabled. Capability not needed is capability that cannot be exploited.

Vultr Hardware Firewall

Vultr dashboard → your server → Firewall. Create a firewall group:

Accept TCP 80 from any
Accept TCP 443 from any
Drop all other inbound

Apply to your server. You now have two independent firewalls enforcing the same two-port restriction: Vultr hardware + Ubuntu UFW. Both fronted by Cloudflare authentication.

Step 5: Node.js Foundation

OpenClaw (Part 3) runs on Node.js. Install now to avoid a dependency gap:

curl -fsSL https://deb.nodesource.com/setup_24.x | sudo -E bash -
sudo apt install -y nodejs
node --version

Expected output: v24.x.x. If error, re-run the first two commands.

Verifying Your Security Stack

Five of eight layers active. Verify:

sudo ufw status verbose

Expected: active, ports 80 + 443 only.

sudo systemctl status fail2ban

Expected: active (running).

sudo systemctl status cloudflared

Expected: active (running).

node --version

Expected: v24.x.x.

If any check fails: re-run the relevant step. Most failures are a missed command or typo. If unresolvable, Vultr Reinstall → clean Ubuntu → restart from Step 4. Cloudflare config (Steps 2–3) is stored independently and doesn't need redoing.

The Security Posture You Have Built

From the public internet: two open TCP ports (80/443), dual-firewalled (Vultr HW + UFW), both fronted by Cloudflare WAF + DDoS mitigation.

SSH: no public port. Routed through Cloudflare Tunnel, accessible only after email OTP authentication.

fail2ban: monitoring auth logs, auto-blocking repeated failures. unattended-upgrades: patching known CVEs during off-hours. Kernel hardening: active.

This is not security bolted on after the fact. It is the foundation. Every application installed in Parts 3 and 4 inherits this posture. No application gets a public port. No admin interface is directly internet-accessible. Every access path routes through the authenticated tunnel.

A Note on OpenClaw and CVE-2026-25253

Part 1 addressed the vulnerability (CVSS 8.8, High) and the ClawJacked class in detail. The security posture built in this part is precisely what neutralizes them.

The exploit requires an accessible WebSocket endpoint. Your server has no publicly accessible ports beyond 80/443, both behind Cloudflare Access. OpenClaw, when installed in Part 3, will bind to localhost and be accessible only through the authenticated tunnel. No credentials → no access → no exploit.

Patch: OpenClaw 2026.1.29. Specified throughout this guide.

What Part 3 Builds

The foundation is complete. Part 3 installs the intelligence:

Nextcloud — private file sync replacing Google Drive/Dropbox.

Collabora Online — browser-based collaborative editing.

Four-AI unified proxy — ChatGPT + Claude + Gemini + Perplexity through one authenticated interface. API keys never leave the server.

OpenClaw — agentic AI butler with systemd sandboxing, API key isolation, and messaging integrations.

When Part 3 is complete, the system is operational for daily use.

Series: Building Your Private AI Infrastructure

Part	What It Covers
Part 1 — Architecture Overview	Stack, costs, security model, daily usage
Part 2 — Zero-Trust Server (you are here)	Vultr, Cloudflare, UFW, fail2ban, Node.js
Part 3 — The Intelligence Layer	Docker, Nextcloud, Collabora, AI proxy, OpenClaw
Part 4 — Operations & Monitoring	Guacamole, Prometheus, Grafana, encrypted backups
Part 5 — The Operations Manual	Maintenance, audits, cost optimization, runbook

All five parts are published and free. No paywall, no signup, no follow-up sequence.

Legal Disclaimer

Part 3 is next. Questions, errors, or environment-specific issues belong in the comments. Every one gets read. The technical ones get detailed answers.

— Kusunoki
International Tax Specialist & Systems Builder
Sapporo, Japan | @kusunoki

I Replaced $150/Month of SaaS With a $24 VPS and a Weekend — Building Your Private AI Infrastructure [1/5]

kusunoki — Wed, 08 Apr 2026 09:33:09 +0000

uploads.s3.amazonaws.com/uploads/articles/2fwd8amj0ejx1yn4ppmd.png)---

series: Building Your Private AI Infrastructure

Free series. No DevOps background required. All open-source. Total cost: ~$15–50/month depending on team size.

There is a question that every engineer eventually asks, and then spends years not answering. You look at the SaaS invoices — $20 here for AI, $20 there for another AI, $18 for cloud storage, $15 for monitoring, $12 for a VPN you don't fully trust — and you think: I could build this. I could own this. I could run this on a single machine I control, behind a security architecture I designed, for a fraction of what I'm paying strangers to hold my data. You have the skills. You have had the thought. What you may not have had is the weekend to research every moving piece, make every configuration decision, and test each integration until it actually works. This guide is that weekend.

This is also the guide for a transition that is no longer optional. The era of trusting your data, your clients' data, and your business operations to SaaS vendors whose terms change without notice, whose security you cannot audit, and whose pricing you cannot negotiate — that era is ending. Not because self-hosting became fashionable. Because the threat landscape changed. The FBI's IC3 documented $12.5 billion in cybercrime losses in 2023, with VPN compromise and stolen credentials as the primary vectors for ransomware targeting small businesses. The perimeter model that every SaaS VPN relies on is structurally broken. Zero-trust is not an upgrade. It is the replacement. And for the first time in the history of computing, you can build it yourself, on commodity hardware, with open-source software, for less than the cost of a single SaaS subscription.

If you follow Parts 1 through 4 in order, you will finish with a production-grade, zero-trust, self-hosted AI environment running on a single $24 VPS — with eight security layers, four AI providers unified behind one portal, agentic automation, collaborative document editing, remote desktop access, live monitoring with alerting, and triple-redundant encrypted backups. Every command tested. Every decision explained. Every mistake I made flagged so you don't have to. The entire series is free.

Who This Is For

If you are a developer who has ever thought about building something like this for a non-technical client — a lawyer, an accountant, a small agency, a consultant — this guide is the deliverable you can hand them, fully documented, with every operational procedure written for someone who has never opened a terminal.

If you are a technical founder or indie hacker who wants enterprise-grade infrastructure without an enterprise budget or an enterprise IT team, this is the blueprint.

If you are a small business owner who is comfortable in a terminal but does not live there, this guide is written to be followed sequentially — every command, every configuration file, every verification step — without requiring you to fill in gaps from Stack Overflow.

The stack: Ubuntu 24.04 LTS on Vultr, Cloudflare Zero Trust (free tier), Nextcloud, Collabora Online, a unified four-AI API proxy (ChatGPT + Claude + Gemini + Perplexity), OpenClaw for agentic automation, Apache Guacamole, Prometheus + Grafana + Alertmanager, and AES-256 encrypted backup to Supabase.

Let's go through what you're actually building before we touch a single command.

What the Stack Does

This is not an overview designed to impress you and then disappoint you in the implementation. Everything listed here is fully built out in Parts 2 through 4, with every command and configuration file provided.

Your Private Cloud

Nextcloud replaces Google Drive and Dropbox. Your files live on your server. They sync across devices. They have version history and a complete audit trail. No third party can access, index, or monetize your data. Nextcloud has over 4,000 contributors and is deployed by governments, universities, and enterprises across more than 50 countries. It is not a weekend experiment. It is production infrastructure used by organizations that cannot afford data leaks.

Four AI Assistants Through One Secure Interface

A self-hosted reverse proxy routes requests to ChatGPT, Claude, Gemini, and Perplexity through a single authenticated interface at ai.yourdomain.com. API keys are stored in an isolated environment file on the server and never reach the browser.

The practical difference between the four matters in daily use. Claude handles nuanced writing, contractual analysis, and tasks requiring sustained register awareness. Perplexity provides source-cited real-time research. ChatGPT covers broad reasoning and coding tasks. Gemini integrates with Google Workspace data. One portal. Four models. Your credentials, secured on your server.

An Agentic AI Butler

OpenClaw is an open-source agentic AI framework that executes multi-step instructions autonomously — it does not answer and wait, it acts and completes. "Organize last quarter's client invoices by company name and move unpaid items to a dedicated folder" is not a prompt. It is a job order. When you return from a meeting, it will be done.

(There is a security section later in this article specifically about OpenClaw's disclosed vulnerabilities and why the architecture here neutralizes them structurally. If the headlines made you hesitate, read that section before deciding.)

Real-Time Collaborative Document Editing

Collabora Online is a self-hosted office suite — browser-based, simultaneous editing of Word and Excel files, functionally equivalent to Google Docs. One version. Always.

Browser-Based Remote Desktop

Apache Guacamole provides HTML5 remote desktop access to any designated machine through a standard browser — no client software required on the connecting device. RDP, VNC, and SSH sessions are proxied through Guacamole, authenticated through Cloudflare Access, and rendered in the browser.

Automated Monitoring and Alerting

Prometheus scrapes metrics — CPU, memory, disk, network, application health — and Grafana renders them in a live dashboard. Email alerts fire when any threshold is breached. You know about problems before your users do.

Triple-Redundant Encrypted Backups

Daily database dumps to Supabase. Weekly AES-256 encrypted full-system backups. Monthly off-site copies to local storage. The system backs itself up on three independent schedules without your intervention.

Custom Domain Email

yourname@yourdomain.com, configured with DKIM, SPF, and DMARC authentication records, forwarded through Cloudflare Email Routing to your existing inbox. AI-assisted drafting. Phishing resistance from proper authentication.

The Real Costs

I am going to give you every number, because the first thing that breaks trust in a guide like this is discovering a hidden cost in Part 3.

Vultr VPS

Vultr is a global infrastructure provider with data centers across North America, Europe, and Asia-Pacific. The server you provision is a Cloud Compute instance — dedicated vCPU, dedicated RAM, dedicated SSD, isolated from other tenants.

Plan	vCPU	RAM	SSD	$/mo	Use case
Starter	1	2 GB	55 GB	~$12	Single user / evaluation
Recommended	2	4 GB	80 GB	~$24	3–8 users, full stack (used in this guide)
Growth	4	8 GB	160 GB	~$48	8–30 users, heavier workloads

Domain

$10–$15/year through any registrar. Cloudflare Registrar is used in this guide because it unifies DNS and Zero Trust management in one dashboard.

Software

Zero. Nextcloud, Collabora, Guacamole, OpenClaw, Prometheus, Grafana, fail2ban, Certbot — all open-source, all actively maintained, all free.

Cloudflare Zero Trust

Zero for up to 50 users. WAF, DDoS mitigation, Access authentication, and Tunnel — enterprise-grade capabilities that would cost tens of thousands per year commercially.

AI API Costs — The Honest Part

AI providers charge per token (roughly per three-quarters of a word). There is no monthly flat fee. There is no automatic spending cap. If you build this stack and forget to set limits, you will receive a bill that reflects exactly what you used.

You will set hard monthly caps on every provider's dashboard before this stack handles a single production request. With a $20 cap per provider ($80 total), realistic usage:

Light (5–15 interactions/day): $3–$8/mo. Moderate (20–40/day): $10–$20/mo. Heavy (50+/day with automated workflows): $25–$50/mo.

Total Monthly Cost

Configuration	Monthly
Sole proprietor / Starter / Light AI	~$18–$28
Small team / Recommended / Moderate AI	~$35–$45
Growing business / Growth plan	~$64–$79
Equivalent SaaS stack (per user)	$131–$175

Your stack replaces the entire SaaS list at a fraction of the cost, and the data stays on hardware you control.

The Security Architecture

I want to explain the zero-trust architecture in detail — both because it is the most important design decision in the stack and because "zero-trust" has been co-opted by marketing to the point where the term alone communicates nothing. Here is what it actually means in this implementation.

A VPN is a perimeter model. Once you are authenticated to the tunnel, you are inside. Every resource inside is reachable. One stolen credential opens the entire castle. The FBI's IC3 documented over $12.5 billion in cybercrime losses in 2023, with VPN vulnerabilities and credential theft as the most common initial access vectors for ransomware targeting SMBs.

Zero-trust abandons the perimeter concept. Nothing inside or outside the network is trusted by default. Every access request is evaluated independently, every time.

This stack implements zero-trust through eight independent layers, each of which would need to be defeated separately for an attacker to reach any sensitive data:

Layer 1: Cloudflare WAF + DDoS mitigation: All inbound traffic filtered at Cloudflare's edge before reaching your server's IP.

Layer 2: Cloudflare Access (email OTP): Every session requires a fresh six-digit code to a verified email address.

Layer 3: Vultr hardware firewall: Permits inbound only on ports 80 and 443. Enforced before Ubuntu boots.

Layer 4: UFW software firewall: Independent OS-level enforcement of the same port restrictions.

Layer 5: fail2ban: Continuous auth log monitoring. Auto-blocks IPs after repeated failures.

Layer 6: SSH via Cloudflare Tunnel (ED25519): No public SSH port. Administrative access routed through authenticated tunnel only.

Layer 7: Application-level auth: Each service maintains independent credentials. Compromising one grants no access to others.

Layer 8: systemd sandboxing + env isolation: Each service runs as a dedicated low-privilege user. API keys exist only in process memory. No external interface can reach them.

A traditional VPN is one wall. This is eight independent checkpoints. The architecture is consistent with NIST SP 800-207, Zero Trust Architecture, translated to the budget and operational reality of an SMB.

OpenClaw Security: CVE-2026-25253 and the ClawJacked Class

This section exists because the disclosure was real, the coverage was extensive, and anyone who read it has a legitimate question about why this guide uses OpenClaw at all. I want to answer that question with the precision it deserves, because the answer matters not just for OpenClaw but for every agentic AI framework that will follow it.

CVE-2026-25253 (CVSS 8.8, High severity) allowed an attacker who could induce an authenticated user to visit a crafted URL to hijack an active OpenClaw session through its WebSocket connection, steal the auth token, and execute arbitrary commands on the host. A second class of vulnerabilities — ClawJacked — included command injection and SSRF flaws in the image processing pipeline. China's Ministry of Industry and Information Technology issued a formal advisory. SecurityScorecard identified over 42,000 internet-exposed instances, of which approximately 15,200 (~36%) were immediately exploitable.

All of that is accurate. Here is what the coverage did not distinguish.

Every one of those 42,000 vulnerable instances had OpenClaw reachable from the public internet. In this architecture, it is not.

The coverage created a narrative: OpenClaw is dangerous. That narrative is incomplete. OpenClaw exposed directly to the internet without authentication is dangerous — exactly as dangerous as any powerful tool operated without safeguards. The question is not whether the tool has risk. Every tool with real capability has risk. The question is whether the architecture contains that risk. This one does.

Security researchers at Snyk noted that even localhost-bound instances are technically reachable via CVE-2026-25253 because the victim's browser acts as the pivot — the WebSocket originates from the browser, not an external attacker. This is correct. The protection in this architecture does not rest on the localhost binding alone. It rests on what sits in front of it.

OpenClaw is installed on your Vultr server, bound to 127.0.0.1, behind Cloudflare Access with mandatory email OTP. There is no public URL at which an unauthenticated visitor can reach OpenClaw's interface. Before any request arrives, it must pass through Cloudflare Access — verified email + valid time-limited code. An attacker without your email credentials cannot start the chain. An attacker who cannot start the chain cannot reach the WebSocket. An attacker who cannot reach the WebSocket cannot execute CVE-2026-25253.

The ClawJacked SSRF vulnerability is addressed by the systemd sandboxing configuration in Part 3. OpenClaw runs as a dedicated user with no sudo, write permissions restricted to its working directory, and network egress constrained to specific API endpoints.

CVE-2026-25253 was patched in OpenClaw 2026.1.29. This guide specifies 2026.1.29 or later throughout. The patch addresses the root vulnerability. The architecture addresses the class of vulnerabilities — public exposure of agentic AI interfaces — regardless of whether future disclosures emerge in the same codebase.

The 42,000 exposed instances that made headlines were not running zero-trust architectures. They were running OpenClaw the way most people run new software: directly, on a machine with a public IP, without hardening. This guide exists specifically to prevent that.

What a Day Actually Looks Like Running This

This is the part of technical writing that usually gets skipped, which is a mistake, because the gap between "architecturally sound" and "actually useful in daily practice" is where most self-hosted projects die.

Early morning. Coffee shop. Wi-Fi you do not control or trust.

You activate Cloudflare WARP. Every byte leaving your device is encrypted in a tunnel the coffee shop's network cannot inspect. You open Nextcloud — a colleague updated a proposal at 11 PM. You open it in Collabora and begin editing simultaneously. One document. One version.

Three emails need replies. You type one instruction to the AI portal: draft professional responses — first declining a meeting, second confirming a timeline, third following up on an overdue invoice. Thirty seconds later, three drafts. You change four words in the third. Six minutes total.

A client calls needing a file from your office workstation. You open Guacamole, authenticate, and your office desktop materializes in the browser. You locate the file, send it, close the connection. Your client assumes you're at your desk.

End of day. Grafana dashboard: CPU normal, memory stable, disk 34%, two blocked IPs from fail2ban. Backup completed at 3 AM. Every indicator green.

That is what good infrastructure looks like in operation: invisible, quiet, and below the threshold of daily attention.

Your Own Machine Is Not Involved

Everything you build lives on the remote VPS. Your laptop is the browser window through which you reach it. It is not part of the structure.

If you make a configuration error, log into Vultr, click Reinstall, and the server returns to a clean Ubuntu state in under two minutes. Nothing on your laptop is affected. Nothing was ever at risk.

The only local prerequisite is a browser.

The Series

This is Part 1 of five. Each part is free, ungated, and complete.

Part	What It Covers
Part 1 — Architecture Overview (you are here)	Stack, costs, security model, daily usage
Part 2 — Zero-Trust Server	Vultr, Ubuntu, Cloudflare Tunnel, UFW, fail2ban, SSH
Part 3 — The Intelligence Layer	Docker, Nextcloud, Collabora, AI proxy, OpenClaw, CalDAV, backups
Part 4 — Operations & Monitoring	Guacamole, Prometheus, Grafana, Alertmanager, encrypted backups
Part 5 — The Operations Manual	Maintenance, security audits, cost optimization, troubleshooting, runbook

All five parts are published and free. No paywall, no signup, no follow-up sequence.

On AI and Judgment

Every AI in this stack drafts, researches, summarizes, and executes on instruction. No AI in this stack makes decisions. You review the draft before you send it. You verify the organized files before you archive them. You consult qualified professionals before acting on any AI-generated legal, financial, or medical information.

This is not a disclaimer. It is a correct description of what these tools are. They are extraordinarily capable instruments. The outcome depends entirely on the judgment directing them. That distinction matters more as the tools get better, not less.

Legal Disclaimer

The author makes no representation or warranty, express or implied, as to the accuracy, completeness, currentness, fitness for a particular purpose, or non-infringement of any information contained herein. All cost estimates, technical configurations, and third-party service descriptions are based on publicly available information as of April 2026 and are subject to change without notice.

All use of techniques, software, services, configurations, commands, or information described in this series is undertaken at the sole risk of the user. To the maximum extent permitted by applicable law, the author expressly disclaims all liability for any direct, indirect, incidental, special, consequential, exemplary, or punitive damages arising from use of or reliance upon this content.

This disclaimer is intended to be enforceable to the fullest extent permitted by applicable law, including the laws of the State of California (Cal. Civ. Code §§1668, 3513) and the State of New York (N.Y. GOL §5-323), as well as applicable federal law of the United States. Nothing herein limits liability where prohibited by law, including for gross negligence, willful misconduct, or fraud.

References to Vultr, Cloudflare, OpenAI, Anthropic, Google DeepMind, Perplexity AI, Nextcloud, Collabora Online, Apache Guacamole, OpenClaw, Prometheus, Grafana, and all other third-party products are for informational purposes only. The author has no commercial, sponsorship, affiliate, or compensated relationship with any provider mentioned. All trademarks are the property of their respective owners.

Non-commercial sharing and attribution are permitted and encouraged. Commercial reproduction requires the author's explicit written consent.

Part 2 — provisioning the server and building the zero-trust layer — is next.

Drop questions in the comments. I read every one and answer the technical ones in detail.

If this is the kind of thing you build for clients or have been meaning to build for yourself, follow along. Parts 2 through 4 get into the actual commands.

— Kusunoki
International Tax Specialist & Systems Builder
Sapporo, Japan | @kusunoki