Digital IDs, surveillance capitalism, deplatforming, internet shutdowns, social credit systems. The centralized internet is becoming a liability. This guide shows you how to build a completely self-contained, portable, internet-independent network for your family, community, or organization.
Goals:
- ✅ No internet dependency
- ✅ Portable and self-contained
- ✅ Open source everything
- ✅ Reliable and resilient
- ✅ Private and secure
┌─────────────────────────────────────────────────┐
│ Your Private Network │
├─────────────────────────────────────────────────┤
│ Layer 1: Physical Infrastructure │
│ - Server (Pi/Laptop/Desktop) │
│ - Router/Switch/AP (OpenWRT) │
│ - Mesh Network (Meshtastic/LoRa) │
│ - Optional: Private 4G/5G (SDR) │
├─────────────────────────────────────────────────┤
│ Layer 2: Core Services │
│ - DNS (Unbound) │
│ - File Storage (NAS/Jellyfin) │
│ - Communication (BitChat/MeshChat) │
│ - Knowledge (Kiwix - Offline Wikipedia) │
├─────────────────────────────────────────────────┤
│ Layer 3: Management & Security │
│ - Container Management (Portainer) │
│ - Password Manager (KeePass) │
│ - VPN (WireGuard) │
│ - Backups (Automated) │
└─────────────────────────────────────────────────┘
- Server: Raspberry Pi 4 (8GB) or used laptop
- Storage: 2TB external HDD + USB flash drives
- Network: Basic router + ethernet cables
- Power: UPS (uninterruptible power supply)
- Server: Mini PC (Intel NUC) or desktop with Proxmox
- Storage: NAS with multiple HDDs (RAID for redundancy)
- Network: OpenWRT router + managed switch + wireless AP
- Mesh: Meshtastic nodes (2-3 minimum)
- Power: UPS with surge protection + solar option
- Server: Rack-mounted server or powerful desktop
- Storage: Enterprise NAS (Synology/TrueNAS) + offsite backup
- Network: Enterprise gear + mesh network + SDR equipment
- Comms: Private 4G/5G network (experimental)
- Power: Whole-home UPS + solar + battery bank
- Extras: 3D printer for parts, radio equipment
Option A: Proxmox (Recommended for servers)
- Free, open-source virtualization platform
- Run multiple isolated services in containers
- Easy backups and snapshots
- Install: https://www.proxmox.com/
Option B: Bare Metal Linux
- Ubuntu Server or Debian for simplicity
- Docker/Podman for containerization
- More lightweight, less features
Portainer - Web UI for Docker containers
docker run -d \
-p 9000:9000 \
--name=portainer \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data \
portainer/portainer-ceAccess: http://your-server:9000
OpenWRT Router
- Replaces stock router firmware
- Full control over your network
- No telemetry, no backdoors
- Install: https://openwrt.org/
- Key features: VLANs, QoS, VPN server, ad-blocking
Unbound DNS Server (Self-hosted DNS)
# Install on your server
apt install unbound
# Configure to block trackers/ads
curl -o /var/lib/unbound/adblock.conf \
https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh- No more Google/Cloudflare DNS tracking
- Cache responses for speed
- Block ads/trackers at DNS level
Jellyfin (Open-source Netflix alternative)
docker run -d \
--name=jellyfin \
-p 8096:8096 \
-v /path/to/config:/config \
-v /path/to/media:/media \
--restart=unless-stopped \
jellyfin/jellyfin- No licensing restrictions (unlike Plex)
- No phone-home telemetry
- Works 100% offline
Kiwix (Offline Wikipedia + more)
docker run -d \
--name=kiwix \
-p 8080:80 \
-v /path/to/content:/data \
kiwix/kiwix-serve \
/data/*.zim- Download entire Wikipedia (90GB)
- Medical encyclopedias, how-to guides
- Educational content
- Download content: https://library.kiwix.org/
Recommended archives:
- Wikipedia (all languages or just English)
- Stack Overflow archive
- Project Gutenberg (60,000+ free books)
- Khan Academy videos
- Survival/medical guides
Meshtastic (Long-range mesh messaging)
- ESP32-based radios (LoRa)
- 5-10km range per node
- No internet required
- Encrypted by default
- Hardware: ~$30-60 per node
- Setup: https://meshtastic.org/
Reticulum MeshChat (IP-based mesh)
git clone https://github.com/liamcottle/reticulum-meshchat
cd reticulum-meshchat
# Follow setup instructions- Text chat over mesh network
- Works with radio/serial/WiFi/LoRa
BitChat (Private chat app)
git clone https://github.com/permissionlesstech/bitchat
# Self-hosted encrypted chatKeePass (Password Manager)
- Offline password database
- No cloud sync (sync via USB/local network)
- Download: https://keepass.info/
- Mobile: KeePassDX (Android), Strongbox (iOS)
WireGuard VPN
# Install on your server
apt install wireguard
# Generate keys
wg genkey | tee privatekey | wg pubkey > publickey
# Configure /etc/wireguard/wg0.conf
# Allows secure remote access to your intranetVaultwarden (Self-hosted Bitwarden)
docker run -d \
--name=vaultwarden \
-p 8000:80 \
-v /path/to/data:/data \
vaultwarden/server:latest- Alternative to KeePass if you want web access
WARNING: This requires radio licenses in most countries. Know your local laws.
- SDR (Software Defined Radio): BladeRF, HackRF, or USRP
- Compute: Powerful server (16GB+ RAM)
- Antennas: Directional or omnidirectional
- SIM cards: Programmable SIMs
- OpenBTS: https://github.com/RangeNetworks/dev
- srsRAN: https://www.srslte.com/
- Guides: https://hackers-arise.com/mobile-hacking-how-the-mexican-drug-cartels-built-their-own-cellular-infrastructure-to-avoid-surveillance/
Use cases:
- Rural areas with no coverage
- Disaster recovery
- Private business communications
- Avoiding surveillance
Legality:
- FCC (USA): Requires experimental license
- Most countries: Illegal without proper licensing
- Low power in shielded environment may be legal (check laws)
- Open-source SDR project
- Link: https://cemaxecuter.com
- Community for building private networks
Internet (Optional)
|
[Router - OpenWRT]
|
[Switch]
|
+----+----+----+
| | | |
[Server] [AP] [NAS] [Clients]
|
+-- Jellyfin
+-- Kiwix
+-- DNS (Unbound)
+-- Chat
+-- VPN
[Meshtastic Node 1] <--LoRa--> [Meshtastic Node 2]
| |
[ESP32 WiFi] [ESP32 WiFi]
| |
[Client 1] [Client 2]
| |
+---------- Mesh Chat ---------+
Internet
|
[Router - OpenWRT]
|
+------+------+
| |
[Server] [Mesh Gateway]
| |
[Local Net] [LoRa Mesh]
-
Install Proxmox on server
# Download from proxmox.com # Burn to USB # Boot and install # Access web UI: https://server-ip:8006
-
Create first container (Ubuntu/Debian)
# In Proxmox UI # Create LXC container # Allocate: 2 cores, 4GB RAM, 20GB disk
-
Install Docker in container
apt update && apt upgrade -y apt install docker.io docker-compose systemctl enable --now docker
-
Deploy Portainer
docker run -d \ -p 9000:9000 \ --name=portainer \ --restart=always \ -v /var/run/docker.sock:/var/run/docker.sock \ -v portainer_data:/data \ portainer/portainer-ce
-
Set up DNS (Unbound)
apt install unbound # Configure to block ads # Point router DHCP to use this DNS
-
Deploy Jellyfin
# Use Portainer or docker-compose # Add your media files # Create user accounts
-
Deploy Kiwix
# Download Wikipedia ZIM file # Run kiwix-serve container
-
Set up mesh network
- Buy 2-3 Meshtastic devices
- Flash firmware
- Configure channels
- Test range
-
Deploy chat service
# Install Reticulum MeshChat or BitChat # Configure for local network
-
WireGuard VPN
# Install WireGuard # Generate configs for each device # Enable remote access
-
KeePass setup
- Install on all devices
- Create master password database
- Sync via local network share
-
Backups
# Set up automated backups # Proxmox snapshots # External drive backups # Offsite backup (USB taken to friend's house)
Your intranet continues to function:
- Local chat for family coordination
- Offline Wikipedia for information
- Media library for entertainment
- Mesh network for neighborhood communication
No need to:
- Verify identity to access content
- Link accounts to government IDs
- Submit biometric data
- Use corporate platforms
- Neighborhood mesh network
- Shared knowledge base
- Local file sharing
- Private communications
- Keep operations running without internet
- Secure internal communications
- No cloud service dependencies
- Own your data
- Communication when cell towers are down
- Access to medical information offline
- Coordinate rescue efforts via mesh
- Entertainment/morale during extended outages
- Raspberry Pi 4 (8GB): $100
- 2TB External HDD: $60
- USB Flash drives (32GB x3): $30
- OpenWRT Router: $50
- Ethernet cables/switch: $40
- UPS (basic): $80
- Meshtastic nodes (x2): $120
- Total: ~$480
- Mini PC (Intel NUC): $400
- 4TB NAS (2-bay): $300
- Managed switch: $80
- OpenWRT Router: $100
- Wireless AP: $60
- UPS (1500VA): $150
- Meshtastic nodes (x3): $180
- USB drives/cables: $50
- Total: ~$1320
- Server hardware: $1000
- Enterprise NAS: $800
- Network gear: $500
- SDR equipment: $500
- Solar/battery: $400
- Misc: $300
- Total: ~$3500
- Check disk space
- Review logs for errors
- Test backups
- Update mesh network
- Security updates (apt update && apt upgrade)
- Backup rotation (swap offsite drives)
- Test disaster recovery procedure
- Add new content to Kiwix/media
- Review and update passwords
- Test all services
- Physical inspection of equipment
- Update documentation
Symptoms: Filesystem corruption, read-only errors Cause: Thin pool with no physical free space Solution: Leave 10-15% physical volume unallocated See: [My other guide on this disaster]
Symptoms: System crashes during power blips Solution:
- UPS with 30+ minutes runtime
- Automatic shutdown scripts
- Solar backup for extended outages
Symptoms: Nodes can't communicate Solutions:
- Add relay nodes between endpoints
- Use directional antennas
- Increase transmit power (within legal limits)
- Mount antennas higher
Symptoms: Services crash, can't add media Solutions:
- Monitor disk usage (set up alerts at 80%)
- Implement quotas per service
- Archive old content to external drives
- Add more storage
✅ Running your own DNS server ✅ Self-hosting media (that you own) ✅ Mesh networks on ISM bands (WiFi, LoRa) ✅ VPN for privacy ✅ Offline knowledge archives
❌ Jamming signals ❌ Interfering with emergency communications ❌ Unauthorized cellular base stations (most countries) ❌ Distributing pirated content
Disclaimer: Research your local laws. This guide is educational. You are responsible for compliance.
- Proxmox: https://www.proxmox.com
- Portainer: https://portainer.io
- OpenWRT: https://openwrt.org
- Jellyfin: https://jellyfin.org
- Kiwix: https://kiwix.org
- Meshtastic: https://meshtastic.org
- Unbound DNS: https://nlnetlabs.nl/projects/unbound/
- KeePass: https://keepass.info
- WireGuard: https://www.wireguard.com
- Mini PCs: System76, Intel NUC, Beelink
- Mesh Radios: RAK Wireless, Heltec, LILYGO
- SDR: NooElec, Great Scott Gadgets, Ettus Research
- r/selfhosted (Reddit)
- r/Proxmox
- r/OpenWRT
- r/Meshtastic
- Meshtastic Discord
- Self-Hosted Podcast
- NetworkChuck (YouTube) - Networking basics
- Techno Tim (YouTube) - Homelab setups
- Lawrence Systems (YouTube) - Enterprise homelab
- Hak5 - Security & privacy tools
- Start Small: Get a Raspberry Pi and OpenWRT router
- Learn Docker: Deploy one service at a time
- Add Storage: External drive with media
- Go Offline: Download Wikipedia ZIM files
- Add Mesh: Get 2 Meshtastic devices
- Expand: Add more services as you learn
- Share: Help others build their networks
The internet is centralizing. A few corporations control:
- Your identity (Google, Apple, Microsoft accounts)
- Your communication (WhatsApp, Discord, email providers)
- Your knowledge (Google Search, Wikipedia via CloudFlare)
- Your entertainment (Netflix, YouTube, Spotify)
Problems with this:
- Single point of failure (outages, shutdowns)
- Surveillance (everything is logged, tracked, sold)
- Censorship (deplatforming, content removal)
- Digital IDs (linking identity to internet access)
- Social credit (behavior tracking, scoring)
The Solution: Own your digital infrastructure.
Build systems that:
- Work when the internet doesn't
- Don't require corporate permission
- Can't be shut down remotely
- Preserve knowledge and culture
- Enable free communication
This isn't paranoia. This is resilience.
You don't need the internet to:
- Communicate with your community
- Access human knowledge
- Watch movies with your family
- Store and share files
- Run a business
What you need is:
- $500-1500 in hardware
- A few weekends to set it up
- The willingness to learn
- A community to support
The centralized internet is optional. Your freedom isn't.
Start building today.
"The future is decentralized. It's just not evenly distributed yet."
Next Guide: LVM Thin Pool Lessons Learned - Don't make my mistakes.
Found this helpful? Have improvements? Fork and PR. Running into issues? Open a discussion.
License: CC0 (Public Domain) - Copy freely, no attribution required.