2024 selbst Live

Cloud-Exit Stack — own photo, drive and mail server

Lived exit from US cloud services: Immich instead of Google Photos, Nextcloud instead of Dropbox, Matrix instead of WhatsApp, own Postfix mailserver instead of Gmail. In daily personal use.

Year: 2024
Duration: In daily production use since 2024
Role: Concept, setup, operation (solo, AI-augmented)
Sector: selbst

Key metrics

Savings: ~78 %
Downtime: 0 s
p95 latency: −18 ms
Rollback: < 4 min

Tech stack

ImmichNextcloudMatrix SynapsePostfix + Dovecot (own mailserver)Workshop server (Deutschland)Docker ComposeNginx + Let's Encryptrestic + Storage-Box

▸ forge.tsok

What is this?

Not a client project — my personal, daily-used cloud-exit stack. I built it because I no longer wanted my data to land in US clouds as training material and ad-profile fodder. Today it is also the proof of concept that I can set up exactly the same for you.

What’s in the stack?

Domain	Cloud standard (out)	Sovereign (in)
Photos & videos	Google Photos, iCloud	Immich (Open Source)
Files & sync	Dropbox, Google Drive, OneDrive	Nextcloud (Open Source)
Calendar, contacts, tasks	Google Calendar, iCloud	Nextcloud (CalDAV/CardDAV)
Messenger	WhatsApp, iMessage, Telegram	Matrix
Email	Gmail, Outlook	Own Postfix/Dovecot (alternative: mailbox.org)
Backup	Time Machine, OneDrive	restic + Storage-Box
AI chat	ChatGPT, Gemini	Mistral Small 3.1 local
Banking aggregation	commercial finance apps	Own PSD2 solution
Transport layer / VPN	NordVPN, ExpressVPN, Surfshark	Own WireGuard (see VPN offering)

What does such a setup cost?

Central server: Workshop-M (4 dedicated vCPU / 8 GB / 80 GB NVMe) — €29/month, including stacks-panel, setup, updates, backup config. Comfortably enough for family + 5-15 people.
Additional storage: Storage-S (1 TB) €12/month.
Software licenses: open source — no recurring license costs.
Domain + TLS: €10-15/year domain. TLS via Let’s Encrypt for free.

→ Total: ~€30-40/month for a stack that quickly costs €50-200/month with US clouds.

Why I do this

Because I find it absurd how matter-of-factly personal data is given away today — geo locations, relationship networks, payment behaviour, photo content, calendars, even sleep data. This data increasingly trains AI models. And AI models make decisions about us: insurance rates, credit scores, perhaps tomorrow job applications.

Whoever shares data today hands over decision power tomorrow.

That’s not conspiracy theory — it’s the current industry direction. My approach: stop participating where I can prevent it. And offer exactly these solutions to others.

Transport layer: my own WireGuard VPN

Cloud-exit protects where the data lives — the VPN protects which network it travels through. My smartphone, laptop and home router all sit permanently in a WireGuard tunnel to the workshop server. Reasons I don’t want to give this up:

Public Wi-Fi (café, hotel, airport, train) — the Wi-Fi operator only sees encrypted traffic, not which services I’m talking to.
Consistent IP footprint — banking, government portals and 2FA services always see the same German IP, even when I’m abroad. No more “unusual location” lockouts.
No third party in the line — unlike commercial VPN providers (repeatedly bought by ad conglomerates) I know nothing is logged, because the server is mine.
Full-tunnel on the road — accessing Nextcloud, Immich, Matrix looks to the server like it comes from my desk.

The whole setup is available as a standalone offering: VPN — WireGuard without a third party in the line. Three scopes (road-warrior, site-to-site, full-tunnel), available as an add-on to the workshop server with no extra monthly cost.

What I offer to clients

See the dedicated service Cloud-Exit & Data Sovereignty — three packages from family photo server to complete law-firm stack.

Status

In daily production use since 2024. No relevant outages, no data loss. Continuously extended.

Live at cloud.stackschmiede.de — the Nextcloud front of the stack.
Demo landing for visitors: demo.stackschmiede.de — shows all components in action.

Outcomes

Full personal exit from Google Photos, Drive, Gmail and WhatsApp
Own photo server (Immich) with smart search but no AI tracking
Own drive (Nextcloud) with calendar/contacts sync for the family
Own messenger (Matrix) with bridges to contacts not yet convinced
Daily restic backups on a separate Storage-Box
Own WireGuard VPN on every device — smartphone, laptop, home router permanently in the tunnel
Documented experience: effort, costs, pitfalls — for client projects

Live

For your organisation

Cloud-exit for your organisation?

From family photo server to a complete stack for law firms: in a free 2h kickoff we define your exit plan with migration paths and a fixed price. Concrete steps, not cloud-rhetoric.

Request a kickoff