If you’ve gotten the self-hosting bug, you know that it’s not always the most convenient way to do anything. The learning curve is steep, and trying to make things work on underpowered mini PCs or ex-enterprise hardware often leads to frustration. Then learning containerization with Docker, and then Kubernetes, is another level of expertise to absorb.
And while there are software packages and operating systems that try to make things a little easier, they’re often unbalanced, either abstracting the hands-on experience away or still being complicated, but with better instructions. I’ve been using an open source personal cloud system for the last month or so on the company’s first hardware device. While it’s not without its share of self-hosting frustrations, it’s a better middle ground for advanced container use by the average user.
Olares
See at Github
Expand Collapse
About this article: Olares provided us with the Olares One for the purposes of this article. The company had no input into its contents.
What is Olares?
This open source personal cloud OS is cute and powerful
Olares is the most polished personal cloud software I’ve used so far, and I’ve used a ton of options from both self-hosted and proprietary sources. If you ever opened up Docker and wondered why it can’t be more like an App Store experience, or looked at the apps on your phone and wondered why you need to rely on someone else’s cloud, Olares is as close to bridging those worlds as it gets.
It consists of three main components, each handling its own part of the ecosystem:
* Olares ID: A decentralized identity management system that is built to be secure and trustless, with automatic HTTPS certificates for your services.
* Olares OS: Container orchestration based on Kubernetes that offers a user-friendly way to create your own personal cloud, secured by SSO, application isolation, and more.
* LarePass: This cross-platform client handles identity management, secret management, file sync, and more while using your Olares deployments.
There is no vendor lock-in, it has advanced GPU resource management features, support for local AI models and MCP linking, and its own stack of development tools for deploying services that aren’t in the package manager or for writing your own.
It does use some blockchain technology, as your Olares ID is decentralized and can be used for credit (though it only seems to support NFTs for profile pictures right now), so if that’s a blocker, I can understand.
The more I dig around the more things I like
One thing I didn’t expect to see was the use of Tailscale and Headscale for the networking stack. This is what powers the automatic provisioning of TLS-secured subdomains when you install new services, and is the system I run in my home lab environment already.
It also enables access control lists based on user ID, so when you add new users to your Olares instance, you can easily control which services they can see and use. That keeps everyone and their data safer, and I wish more systems would be designed for security from the ground up, rather than trying to add it afterward.
Olares
See at Github
Expand Collapse
I’m running it on the Olares One
But you can set it up on any system with Ubuntu already installed
Before I get into the hardware, you should know that it’ll run on most existing hardware (except Arm-based systems). Olares is designed with deep CUDA integration, so you’ll probably want to use an Nvidia GPU, and the install script will handle everything for you. All you need to start is Ubuntu or Debian installed on your hardware, and internet access to pull the script and the resources it specifies. I had to do this even on the Olares One mini PC. I’m not sure why exactly, but it was a good idea to see how the installation script works anyway.
The script runs a precheck routine to ensure the system is ready and doesn’t have any existing packages that might cause issues, and will tell you if it finds blockers so you can handle them before they become a problem. Then there’s a long download phase while every core file, dependency, and the container images are pulled, a prep stage that gets the working environment set up, and the final installation stage where Kubernetes, KubeSphere, and the core Olares services get deployed.
It’s Kubernetes under the hood
Every app or service the user adds runs in a sandboxed container, only able to access other resources based on ACLs defining the data it needs and nothing else. Enterprise-level security isn’t just a buzzword; this is how the datacenter does things, and poking around the documentation will show you some familiar names.
Data Type
Storage Location
Leak Risk
Usage
Vault items
Includes website and
database passwords,
blockchain private
keys, etc.
Vault
Encrypted data in Olares ensures that third parties cannot view even upon logging in
Each use requires a signature from LarePass
Credentials
System access
credentials obtained
post-secure
authentication:
Tokens, Cookies, etc.
Infisical
Viewable by third parties post-authentication in Olares by following specific steps
Available to applications through an API after obtaining Provider permissions
Secret
Sensitive data used
in Pod containers,
like database
connections and
admin accounts
ETCD
Directly visible in Control Hub
Used in Helm deployment templates; secret values are injected into environment variables via valueFrom -> secretKeyRef
Olares uses Authelia for user request authentication whenever any service is accessed, not just at login. And it has multiple layers of secret management based on data type and usage scenario, keeping credentials, API keys, sensitive data, and other secrets secure and, more importantly, not in static environment files.
And if there’s something you want to run that doesn’t exist in the package manager, you can package it in Studio and install it from DevBox. The process is similar to any other containerized workflow, and the doc pages have all the info you need for the additional YAML configuration.
This mini PC has phenomenal cosmic power
The Olares One is currently crowdfunding, and I want to stress again that you don’t need this hardware to run the OS. I like that you can use your own hardware, and that it’s not limited to specific hardware configurations (bar the need for Nvidia for any CUDA applications).
But I also like that there is an option for those who want an off-the-shelf machine to run local AI and personal cloud storage. It’s essentially a gaming laptop inside a mini PC chassis, with an Intel Core Ultra 9 275HX, Nvidia GeForce RTX 5090 mobile with 24GB of VRAM, and 96GB of DDR5 system memory.
There is one thing I don’t like about the hardware, and it’s not the lack of I/O ports (because this is designed to be used headless). That’s the lack of more M.2 slots for SSD storage. The motherboard has two, which means up to 16TB of SSD, but that will fill up quickly once you start serving media files or documents, and that’s before you factor in local LLM models. I’d have liked to see four or even six M.2 slots, underneath an easily removable panel, and maybe that’s something for a future revision.
Other than that, I can’t fault the hardware. It’s expensive but on par with similarly equipped laptops or desktops, and I haven’t managed to overload it yet (and I’ve been trying).
Olares One
$2899 $3999 Save $1100
CPU Intel Core Ultra 9 275HX
Graphics NVIDIA GeForce RTX 5090 Mobile GPU (24 GB GDDR7)
Memory 96 GB DDR5 5600MHz
Storage 2TB NVMe SSD
Ports 1x Thunderbolt 5, 1x 2.5GbE, USB-A, HDMI 2.1
$2899 at Kickstarter $3999 at Official Site
Expand Collapse
My home lab is now running from one tiny box
I’ve set up similar systems from random components and done the long process of getting Kubernetes running and my efforts are nowhere near as polished and complete as Olares OS is. I’m impressed that it has robust ACLs and other security baked in, and that there is still a way to develop your own apps or run other existing containers, even if they’re not in the package manager.
I’m going to keep using this system for local AI tasks and development. Still, the usual favorites are all there too, from Jellyfin for media serving to Immich for image storage and categorization. The Olares software ecosystem is strong, built on industry-standard tools, and honestly a joy to use, which I can’t say about most containerized systems.
