OperationsAutomation

Self-hosted, edge, and always-on setups

Run on a Raspberry Pi, VPS, or home Mac mini—local models, tunnels, and data that stays on infrastructure you own.

What you build

Infrastructure you control, which shoutouts describe as “not enterprise hosted,” “on my Pi,” or “always-on Mac Mini”:

  • Edge or home deployment with stable power and networking.
  • Secure ingress (for example reverse proxy or tunnel) if you need HTTPS endpoints for integrations.
  • Local or regional models when latency, cost, or policy favors Ollama-style setups.
  • Separation between “lab” and “family” or “work” networks when needed.

CoWork OS is built for teams that want ownership, not a black-box SaaS brain.

Why CoWork OS is a strong fit

  • Open-source posture and GitHub-first transparency match “hackable install” expectations.
  • Docs for self-hosting, security, and remote access (see self-hosting, remote access).
  • BYOK and local storage align with “context lives on your computer” stories.
  • Provider flexibility so you are not locked to one cloud AI vendor.

How to use

  1. Size the machine to your workload: triage chat vs heavy codegen.
  2. Harden SSH, firewall rules, and automatic security updates.
  3. Use secrets management appropriate to your threat model.
  4. Backup state and configs before you iterate recklessly.
  5. Document recovery: if the SD card dies, how do you rebuild?

Prerequisites

  • Static or dynamic DNS if you expose services.
  • Monitoring for disk, RAM, and thermal limits on small boards.
  • Time to read security guide sections for exposure.

Steps

  1. Deploy internal-only first; prove stability.
  2. Add remote access with mutual TLS or VPN before public HTTP.
  3. Layer integrations one at a time; watch failure modes.
  4. Load-test memory with realistic concurrent sessions.
  5. Revisit quarterly: unused tunnels and keys are liabilities.

Suggested prompts

  • “List attack surfaces introduced by this tunnel setup.”
  • “What logs prove the service restarted cleanly?”
  • “Propose a minimal backup that restores chat state.”

Launch readiness

  • Restore drill completed from backup at least once.
  • Alerts fire on disk full and process crash.
  • You can explain the setup to a second person without hand-waving.

Common pitfalls

  • Exposing admin ports to the public internet.
  • Underpowered hardware for the model size you chose.
  • Fragile SD cards on Pis without wear leveling or backups.
  • Forgotten tunnel or DNS entries after experiments.
← All use casesDocumentation