For a long time, my tech / home lab setup was a bit of a “Frankenstein’s monster” - it is centered around my Synology NAS. It worked, but it was held together by open ports and a prayer that my home network wouldn’t be scanned by someone looking for an easy target. To be honest, I’ve seen waves of attempts to log in the DSM but they all failed, either because of passwords or 2FA (which is very important!). That was because I wanted it to be something that can do everything I want - my personal private cloud but also as a web server hosting my blog. I wanted to build my own stack so I can access the NAS from anywhere in the world. I was thinking, how cool is that! I was basically trying to replicate whatever convenience Cloud providers gave me. So I set up my own domain to access DSM, and hosted my WordPress blog on there with ports 80/443 open. Around Thanksgiving 2025, I decided it was time for a change. My vision for the NAS has changed dramatically. My NAS will only be my secure, private personal cloud, and it wouldn’t be open to the whole Internet traffic. So, I wanted a stack that was faster, more private, and, most importantly, completely under my control. Here is the story of how I rebuilt my digital life for 2026.
This is the overview of the series for my personal tech stack refresh in 2026. Details for each of the following sections are in other parts of this series.
The Death of the Open Port: Embracing Zero Trust#
For years, my Synology NAS was my digital hub, but accessing it remotely was always a source of low-level anxiety. I had ports 5000 and 5001 forwarded on my Ubiquiti UDM Pro. While it allowed me to access everything from anywhere, it also meant my NAS was essentially shouting its existence to the entire internet. I’d look at my logs and see dozens of failed login attempts from random IPs daily.
The Transition:#
I decided to adopt a Zero Trust philosophy. The idea is simple: trust no one, even if they claim to be on your network. I turned to Tailscale, which has fundamentally changed how I view networking. Tailscale creates a “Tailnet” - a private, virtual mesh network powered by the WireGuard® protocol.
The Implementation:#
I installed Tailscale directly on my Synology and my mobile devices. Then, I did something that felt incredibly satisfying: I deleted the port forwarding rules on my UDM Pro. To add an extra layer of “security through obscurity,” I set up a reverse proxy. Now, if a stranger hits my public-facing IP, they don’t see a Synology login page; they see a dummy “Hello” landing page I built. My actual NAS interface is only reachable through the Tailscale tunnel.
The Result:#
It feels like magic. Whether I’m on my home Wi-Fi or halfway across the world, my NAS is available at the same internal IP. No more VPN “connecting…” screens, no more exposed ports, and most importantly, no more “Unauthorized Login” notifications in my logs. By the way, Tailscale has very generous free plan which allows 100 devices on the tailnet. You can literally add all your devices (probably all devices of your families) for free. And the documentation online is amazing.
From Bloat to Speed: Moving the Blog to Hugo#
My blog has always been my creative outlet for cars, cycling, and tech, but WordPress was starting to feel like a burden. It’s a dynamic system, meaning every time a reader clicks a link, a database has to be queried and a page has to be built. For a personal blog, that’s a lot of overhead, not to mention the constant stream of plugin updates and security patches. Moreover, that opens a tunnel from my NAS to the public, which is directly against my changed goal to build my NAS as a personal hub with privacy first approaches.
The Philosophy:#
I wanted to embrace the Static Site Generator (SSG) movement. The philosophy of Hugo is that the web should be fast and simple. Instead of building pages on demand, Hugo builds your entire site into static HTML files before anyone ever visits. After I finished the migration, I realized I’m so late to the game. A lot of my peers are already using Hugo for their personal blogs!
The Migration:#
The transition was a labor of love. I had to export years of content and convert it into Markdown. This was a turning point for my workflow. Now, instead of logging into a clunky web dashboard, I write my posts in a text editor and push them to GitHub. One of the pain points though was tweaking themes. Of course there’re a ton of options - I am very picky about that. The main reason is that I like to use a lot of pictures in my blogs, and I need a beautiful way to present them. So I spent a lot of time on it. After I decided to use blowfish, it was a lot more hours to build the theme to my liking.
The Implementation:#
I coupled Hugo with Cloudflare. Now, when I push a change, Cloudflare automatically builds the site and distributes it to their global edge network.
• Speed: The site now loads almost instantly—no more waiting for a database to wake up.
• Security: There is no backend to “hack.” There’s no SQL database to inject and no PHP to exploit.
• Ownership: My entire blog is now just a folder of text files and images on my machine. I truly own my content again.
Owning My Thoughts: Migrating the “Second Brain” to Obsidian#
The final piece of the puzzle was my knowledge management. I’ve been a long-time Notion user, and while it’s a beautiful app, I started to feel uneasy about how much of my “Second Brain” lived in someone else’s cloud.
The Philosophy:#
Obsidian represents a shift toward local-first data. Its philosophy is built on “durable files”—the idea that your notes should be stored in a standard, open format (Markdown) on your own hardware.
The Implementation:#
Migrating from Notion to Obsidian was more than just moving files; it was a reorganization of how I think. I set up my Obsidian Vault with a focus on bi-directional linking, allowing me to see connections between my tech projects and my car maintenance logs that I never noticed before.
The Sync Challenge:#
The biggest hurdle was syncing. I didn’t want to pay for a proprietary sync service when I already had a powerful NAS. Leveraging my new Tailscale setup, I configured a synchronization method (utilizing the NAS as the “Source of Truth”) with Syncthing that keeps my vault updated across my laptop and phone. The best thing is that it is fast, free and secure, and works on almost all platforms.
• Privacy: My personal thoughts never touch a third-party server.
• Speed: Because the files are local, searching through thousands of notes is instantaneous.
• Resilience: I can access and edit my entire vault while deep in the woods without a cell signal, and it will sync the moment I’m back on my Tailnet.
Summary#
I feel pretty good about everything I’ve done to this setup. I don’t need to ever worry about network security of my NAS. At the same time, I installed Linux on my desktop and got a ThinkPad E14 and installed Linux too. I chose Fedora. Now I’m pretty satisfied with this huge tech stack refresh, I’m sure I’ll come up with new things to play with soon :)