how I turned my $50 Raspi4 into my personal cloud
Moved to the Bay Area and got this Victorian room with insane lighting. My Raspberry Pi 4 bought for the 24' Berkeley AI Hack just sitting there begging to be useful.
Most people turn their Pi into yet another Plex Server. Boring. I wanted something more interesting, my own personal cloud accessible from anywhere.
The goal: SSH from Caltrain, cafe, anywhere, run Docker containers, test ROS2 stuff (since my Mac can't), host my link shortener, finance tracker, and other r/selfhosted experiments. Basically turn this tiny computer into an always-available playground.
The Old Way Sucks
Traditional remote access involves:
Port Forwarding (Fragile)
Dynamic DNS (Annoying)
SSH key juggling
Praying your ISP cooperates
Exposing services to the entire internet (Yikes)
This works until it doesn't. Router updates break everything. Move apartments? Reconfigure everything.
Tailscale: Actual Networking Wizardry
Tailscale is genuinely brilliant engineering disguised as "just another VPN tool." It's not. Thanks @shah for introducing me to it.
A Brief History Lesson: Traditional VPNs are basically digital telephone operators—everyone calls the central office, who then connects you to whoever you're trying to reach. Inefficient and fragile.
Tailscale implements Mesh Networking where your devices establish direct encrypted tunnels to each other. The magic happens in the control plane vs data plane separation:
Control Plane: Tailscale's servers handle device discovery, key exchange, and network topology. They know who wants to talk to whom.
Data Plane: Actual traffic flows directly between your devices using WireGuard tunnels. Tailscale servers never see your data.
quick WireGuard primer for the uninitiated: It's the new hotness in VPN protocols. Where OpenVPN is a 600,000-line behemoth that's been duct-taped together since 2001, WireGuard is ~4,000 lines of crystalline C code. Built by Jason Donenfeld who basically said "What if we stopped pretending cryptography is hard?" and proceeded to make IPsec look like assembly language.
The genius is in the simplicity: Only modern cryptographic primitives (Curve25519, ChaCha20Poly1305, Blake2s), no cipher negotiation circus, no certificate authority theater. Keys are just 32 bytes. That's it. Our infinite monkeys can converge to deploy this.
The real sorcery is NAT Traversal. Most home routers use network address translation, creating a layer of indirection that makes direct connections theoretically impossible. Tailscale employs sophisticated techniques:
STUN (RFC 3489) - Helps devices discover their public IP/port mappings
TURN (RFC 5766) - Relay service when direct connection fails
UDP Hole Punching - Exploiting NAT state tables to establish direct connections
Essentially, both devices "knock" on each other's NAT simultaneously, creating symmetric openings that allow direct communication. It's like two people in separate rooms knocking on the wall at exactly the same time and somehow creating a door.
Your Pi gets a 100.x.x.x IP from the RFC 6598 space that only your Tailscale devices can reach. No ports to forward, no DNS to configure. Just ssh mdvsh@100.whatever.ip and you're tunneling through the internet's infrastructure like it was designed for this.
want the full deep dive? Tailscale's Mesh Networking Explainer covers the routing algorithms and scaling considerations.
Building A Custom Dashboard
Could just SSH in and run htop, but where's the fun in that?
Built a lightweight web interface that reads directly from /proc and /sys instead of shelling out to system commands. More efficient and you get exactly the data you want.
def get_cpu_info(self):
stat1 = self.read_file('/proc/stat')
time.sleep(0.1)
stat2 = self.read_file('/proc/stat')
# calculate cpu usage from kernel stats
cpu1 = parse_cpu_line(stat1.split('\n')[0])
cpu2 = parse_cpu_line(stat2.split('\n')[0])
diff = [cpu2[i] - cpu1[i] for i in range(len(cpu1))]
total = sum(diff)
idle = diff[3]
return round(100 * (total - idle) / total, 1)Reading /proc/stat twice with a delay gives you real CPU utilization. Way cleaner than parsing top output.
The logic itself is more interesting than it looks, cpu usage isn't just "how busy is the processor right now." it's measuring what percentage of kernel time slices weren't spent in the idle task over a measurement window. the kernel maintains running counters for user time, system time, idle time, etc. by taking two snapshots and calculating the delta, you get actual utilization rather than some instantaneous meaningless number.
this is the everything-is-a-file unix philosophy in action. /proc/stat isn't a real file—it's the kernel exposing live system state through the filesystem interface. Elegant systems design from the 70s that still works flawlessly today imo.
what bloomberg terminal ?The VPN Interface Mystery
Here's something they didn't teach in my networking class; VPN interfaces show up weird in Linux.
Physical interfaces (eth0, wlan0) have clear operstate values: up or down.
Tailscale creates a tun interface that often reports operstate=unknown even when working perfectly. Tun operates at layer 3 (IP packets) while physical interfaces are layer 2 (Ethernet frames).
Solution: Check both operstate and the IFF_UP flag:
# tun interfaces need special handling
flags = int(open(f'/sys/class/net/{if_name}/flags').read(), 16)
interface_up = bool(flags & 0x1) # IFF_UP flag
is_up = operstate == 'up' or (operstate == 'unknown' and interface_up)Future Plans: Getting Serious
soon I know I'll hit storage limits on the 32GB SD card. Next upgrades:
External SSD Storage - 1TB USB 3.0 drive for:
Faster boot times (No more SD card bottleneck)
Proper databases
Nextcloud for file sync
Local Git repositories ? :think:
Robotics Dev - This is where it gets interesting. Do have a Pi camera and got a new Olive IMU from work. Plan: Mount on my mini JCB excavator for SLAM experiments. why ?
ROS2 Can't Run Natively On MacOS
Remote development = faster iteration
Real sensor data > simulation
Roadmap:
Visual SLAM with camera + IMU fusion
Real-time sensor streaming over Tailscale
RViz visualization on laptop, processing on Pi
Autonomous excavator operations (Because why not?)
Having an always-on ROS2 environment means testing algorithms continuously, collecting overnight datasets, debugging without hardware setup time. also, I always wanted to do this.
tldr
A $50 personal cloud that works. zero monthly fees, 5W power draw, accessible from literally anywhere with internet.
The stack:
tailscale for mesh networking (because NAT traversal is actual wizardry)
custom dash reading
/procdirectly (none of that htop parsing nonsense)ROS2 env for robotics dev (macos users in shambles)
systemd service with resource limits (because we're not animals)
The expectation: move apartments, plug into new wifi, everything just works. no port forwarding, no dns configuration, no existential dread about whether your services are still up.
This is barely version 1.0. ssd upgrade incoming, then it's nextcloud time and turning toy excavators into slam research platforms. Because why wouldn't you automate heavy machinery with a raspberry pi?
Sometimes the best infra is the kind you set up once and then completely forget exists until you need it at 1am from a coffee shop in another city.
