PSW - Self-Hosted Solution#

What Is Self-Hosting?#

Every day, you rely on services that someone else controls. Netflix streams your movies. Google stores your photos. Dropbox holds your files. Chrome or LastPass remembers your passwords. Multiple corporations run your smart home. You pay monthly fees, accept their terms, and hope they don’t raise prices, shut down, or get hacked.

Self-hosting means running those same services yourself – on hardware you own, in your own home. Instead of Netflix, you run your own media server. Instead of Google Photos, your own photo library. Instead of LastPass, your own password vault. Your data stays yours. No subscriptions, no lock-in, no one mining your data.

Here’s a taste of what becomes possible:

• Stream your entire movie, TV, and music collection to any device in your house – or from anywhere in the world
• Manage your passwords in a vault only you control, accessible from all your devices
• Automate your home – lights, sensors, locks, climate – without relying on Amazon, Google, or Apple clouds
• Monitor everything with dashboards that show the health of all your services in real time
• Back up everything automatically – your apps, your data, your configs – so nothing is ever lost
• Run local AI models privately on your own hardware
• Request movies and TV shows from a slick interface and have them automatically found, downloaded, and organized
• Get notifications on your phone when backups complete, apps go down, or your favorite show is ready
• Access it all from anywhere – same apps, same URLs, whether you’re on your couch or in a coffee shop on the other side of the world
• Share it with your family – everyone gets their own account, one login for everything

The catch? Setting all this up is usually a nightmare.

The Problem PSW Solves#

Self-hosting sounds great until you actually try it. You buy a server, install an operating system, then spend days (or weeks) installing apps one by one, editing config files, looking up tutorials, fixing things that break, and trying to make everything talk to each other.

Three months later, you can’t remember what you changed. Six months later, something breaks and you can’t figure out why. A year later, the server dies and you realize you have no way to rebuild what you had.

This is the homelab experience – fun for tinkerers, exhausting for everyone else.

PSW takes a fundamentally different approach. It’s not a homelab tool for experimenting. It’s a self-hosted solution – built for reliability, built to last, and built so that your entire setup can be rebuilt from scratch with a single command.

How PSW Works#

From Bare Metal to Running – A Guided Wizard#

The first time you use PSW, you open the installer UI in your browser:

psw wizard

A project launcher appears where you can create a new project or open an existing one. Pick “New Project”, choose a folder, and the Setup Wizard takes over — five screens that walk you from an empty box in the corner of the room to a live platform. On the Start screen you enter your domain, SSH key, router credentials (OPNsense if you have one, otherwise PSW takes over local DNS itself with AdGuard Home ), and Cloudflare token — one form, and the wizard initializes the whole user project , encrypts your secrets, and walks you through backing up the master encryption key. Already know what you want? Pass the same answers in a single JSON file to skip the form. From there it builds a bootable USB and discovers your hardware , lets you plan your deployment and storage — you paste the prompt into whatever AI you already use (ChatGPT, Claude.ai, Gemini, a local LLM…) and it returns a deployment plan sized to your actual hardware — installs Proxmox unattended and carves your targets , and finishes with a one-click Launch that deploys the foundation your apps run on. You don’t memorize commands or edit YAML by hand. Quit halfway, come back tomorrow — the wizard picks up exactly where you left off .

Your Setup Lives in a Folder#

Everything about your self-hosted solution is described in a simple folder on your computer called a user project . Which apps you want, where they run, how your network looks – it’s all just text files. This folder is version-controlled, meaning every change you make is recorded like a timeline you can scroll through and undo.

This folder is your safety net. If your server burns down tomorrow, you can rebuild everything from this folder alone.

One Command to Build the Foundation#

At the end of the wizard (or from the CLI if you prefer), PSW runs a one-time setup called bootstrap that turns your bare server into a complete platform. It installs the foundation everything else is built on:

• A shared database for all your apps
• An in-memory cache for fast session handling
• Automatic HTTPS (the padlock in your browser) for every app
• A single login that works across everything
• A web dashboard to see what’s running at a glance
• A git server that triggers deployments when you push
• An automation engine that watches for changes and applies them
• A documentation site at https://docs.<your-domain>/ so the manual lives on your platform too — searchable, offline-friendly, no GitHub round-trip

After bootstrap, your platform is live and the dashboard switches into operations mode – same UI, now talking to your deployed setup at https://dashboard.<your-domain>.

Add Apps in Seconds#

Want a media server? From the dashboard or the terminal:

psw app add jellyfin --target media

That’s the whole process. PSW takes it from there – generating passwords, setting up secure access, creating a web address like jellyfin.yourdomain.ca, configuring login, and connecting it to your monitoring and backup systems. All automatically , based on what each app needs as described in its metadata .

Don’t want to add apps one by one? Use a stack – a ready-made bundle:

psw app add @media --target media

One command, and you get a complete media experience: streaming, TV management, movie management, subtitle fetching, music library, download automation – 7+ apps, all connected and working together out of the box.

Push a Button, Walk Away#

Made your changes? Save and push:

git commit -m "add media stack"
git push

From here, PSW’s convergence engine takes over. It checks your project every 5 minutes, sees what changed, and makes it real – creating targets, installing apps, connecting everything. You never touch a server directly. This is the GitOps approach: your project folder is the source of truth, and the system automatically brings reality in line with what you’ve described.

What Makes PSW Special#

Apps Connect Themselves#

When you add an app, PSW doesn’t just install it and leave you to figure out the rest. Its convention system automatically plugs every app into the shared infrastructure: web access, login, monitoring, backups, and your homepage dashboard.

But some apps also need to talk to each other directly. Your TV manager needs to know about your download client. Your backup system needs to know how to send notifications to your phone. PSW handles this through automatic wiring – connecting apps behind the scenes so you never have to open a settings page and paste URLs or API keys around.

Passwords Are Handled#

Every password, key, and credential your apps need is generated automatically and stored encrypted . They’re safe to keep alongside your project files because only you (and your server) can read them. You never have to come up with passwords or worry about leaking them.

Works From Anywhere#

At home, your apps respond instantly over your local network. Away from home, the same addresses work through a secure encrypted tunnel that rides on a cheap rented server (a VPS). PSW uses a clever trick called split-horizon DNS to make this seamless: you always use the same address (like jellyfin.yourdomain.ca), and the system automatically picks the fastest path based on where you are. One command opens an app to the internet, another closes it – and if the rented server ever needs to be rebuilt, PSW handles it end-to-end with your certificates preserved.

Survives Hardware Failures#

With two or more Proxmox servers and shared storage, PSW sets up high availability : if a server dies or needs maintenance, your targets automatically restart on another node within a couple of minutes. Your family keeps streaming, your passwords stay accessible, your smart home keeps working.

Self-Healing#

Everything PSW does is designed to be safely repeatable . The automation engine runs every 5 minutes. If nothing changed, nothing happens. If something drifted out of place, it gets corrected. If an app went down, it gets restarted. Your setup heals itself without you lifting a finger.

Problems Are Caught Before They Happen#

Before anything gets deployed, PSW builds a complete picture of your setup – a project graph – and checks every relationship: missing pieces, conflicting settings, broken connections. Problems are caught before deployment, not after.

Local AI That Stays Local#

If your server has a real GPU (NVIDIA or AMD ROCm), PSW deploys a private chatbot at chat.<your-domain> and a fully-local voice assistant wired into Home Assistant. Every prompt, every voice clip, every response stays inside the box — no OpenAI keys, no cloud round-trips, nothing on someone else’s GPU.

Backups That Travel#

Each app declares what’s worth saving in its metadata, and PSW packages it as a portable bundle — a Vaultwarden bundle PSW produced today restores into any Vaultwarden install tomorrow, not just another PSW. Pack once, ship anywhere: a USB stick, a friend’s NAS, an S3 bucket, an encrypted restic repo. Disaster recovery isn’t a “hopefully-the-tarball-works” prayer — it’s three independent layers (project shape from git, secrets from a one-command panic backup , application data from per-app bundles), each restored separately, all proved end-to-end in CI.

Where Your Apps Run#

PSW manages the infrastructure for you. Your apps run in lightweight, isolated environments (called targets) that PSW creates automatically on your server. You describe what resources each target needs (how much memory, how much storage ), and PSW handles the rest.

Behind the scenes, providers handle the invisible plumbing: your router assigns IP addresses and publishes internal DNS, your public domain names point to the right places, and your security certificates renew themselves. You set providers up once (in the wizard) and never think about them again.

What You Can Run#

PSW ships with a growing catalog of apps you can install with a single command:

Pre-built stacks bundle the right apps together:

Day-to-Day Life With PSW#

Once your setup is running, the operations dashboard is your home base — visit https://dashboard.<your-domain> in your browser, or launch it locally with psw dashboard --project ~/homelab. Most of the commands below are buttons there too, but if you prefer the terminal:

• Want a new app? – psw app add grafana --target monitoring
• Want a whole suite? – psw app add @media --target media
• Want to check for problems? – psw project check
• Want to preview what would change? – psw project plan
• Ready to deploy? – git commit && git push
• Want to remove something? – psw app remove grafana
• Want to access an app from outside? – psw remote expose jellyfin
• Want to see what’s exposed? – psw remote status
• Rented server acting up? – psw remote rotate-vps (wipes and rebuilds it, certificates and all)
• Want a portable backup ? – psw bundle export vaultwarden --transport=tarball --to=/tmp/vw.tar.gz
• Want to restore one? – psw bundle import vaultwarden --transport=tarball --from=/tmp/vw.tar.gz

No logging into servers. No editing config files. No crossing your fingers.

Learn More#

Every concept behind PSW is explained in plain language. Start with Philosophy if you want to understand the why; jump to a specific topic from the table below if you want the how.

The big picture

Getting set up

What you can run

How it stays glued together

The infrastructure underneath