Forem: kusunoki

I Didn’t Build an AI System — I Built an Organization

kusunoki — Wed, 08 Apr 2026 13:22:45 +0000

I Didn’t Build an AI System — I Built an Organization

Self-Hosted AI Infrastructure for Small Businesses — Part 5 of 5 (Final)

Free series. All open. No DevOps background required.

Most people stop at infrastructure.

They build servers.

They deploy AI.

They automate workflows.

And then everything slowly breaks.

Real systems don’t fail because of technology.

They fail because no one knows what to do next.

What This Final Part Does

This is not about building anything new.

This is about making everything actually usable in the real world:

What employees actually do every day
What rules prevent mistakes
What happens when something breaks
How the system survives without you

The Missing Layer: Operations

By Part 4, you already have:

AI models (OpenAI, Claude, Gemini, Perplexity)
Private cloud (Nextcloud + Collabora)
Remote access (Guacamole)
Monitoring + backups

That is infrastructure.

But infrastructure alone is not a system.

A system exists only when:

👉 Someone else can use it without asking you anything

What I Added (And Why It Matters)

I created three layers:

1. Runbooks (for failure)

What to do when the server stops
What to do when access fails
What to do when API keys leak

👉 No guessing. No panic.

2. Checklists (for maintenance)

Monthly system checks
Annual rotation (keys, passwords, audits)
Backup verification

👉 Systems don’t decay silently anymore

3. Human Manuals (for employees)

This is the part most engineers skip.

And it’s the reason most systems fail.

The Employee Operations Manual

I didn’t just build infrastructure.

I wrote a non-technical manual anyone can follow.

👉 Example:

8:50 Turn WARP ON
8:55 Press Start (attendance)
9:05 Check AI morning briefing
9:30 Co-edit documents
10:30 Convert email into task

This is not documentation.

This is behavior design.

Why This Changes Everything

Without a manual:

Systems depend on memory
Knowledge stays with one person
Errors repeat

With a manual:

Anyone can operate
Training cost disappears
Mistakes become predictable

The Policy Layer (The Real Safety Net)

Infrastructure enforces access.

Policies enforce behavior.

I created a full remote work + AI governance policy:

Zero Trust rules
AI usage restrictions
Data protection requirements
Audit and monitoring rules

Example principle:

AI is allowed to assist, but never to decide.

The Most Important Rule

If you remember only one thing from this entire series:

A system that depends on a specific person is already broken.

This Is No Longer Infrastructure

At this point, this is no longer:

A VPS
A tool stack
A self-hosted setup

It is:

👉 A self-contained organization system

Infrastructure
Automation
Governance
Human operations

Why Not GitHub?

Let’s be honest.

GitHub is excellent for code.

But this is not code.

This is operations.

Employees don’t read repositories
Policies don’t live in pull requests
Manuals are not markdown files buried in folders

GitHub is for builders.

Notion is for operators.

GitHub stores logic.

Notion runs organizations.

Download (Full Operational Package)

These are ready-to-use operational documents based on real-world implementation:

👉 https://destiny-passbook-e01.notion.site/Self-Hosted-AI-Operations-Package-33ca188be27c80099356cdd05cc4d8d3

Includes:

Runbook
Security Policy (Zero Trust)
Employee Operations Manual

What You Can Do Next

Expand AI workflows
Integrate accounting systems (freee / MF Cloud APIs)
Add compliance logging
Automate onboarding
Build client-facing portals

Final Thought

Anyone can build a system.

Very few people build something that survives without them.

This was never about servers.

It was about independence.

📚 Series: Your Own AI Secretary, Butler & IT Team for ~$15/Month


Part 1 — The Blueprint	What you're building & why
Part 2 — Laying the Foundation: Zero-Trust Server	Vultr + Cloudflare
Part 3 — Private Cloud + 4 AI Assistants	Nextcloud + AI Portal
Part 4 — Monitoring, Remote Access & Backups	Reliability layer
✅ Part 5 — The Operations Manual	You are here

Thank you for reading the full series. Questions belong in the comments — every one gets read.

— Kusunoki

I Made My Self-Hosted AI System Actually Reliable (Monitoring, Remote Access, Backups)

kusunoki — Wed, 08 Apr 2026 09:55:41 +0000

Self-Hosted AI Infrastructure for Small Businesses — Part 4 of 5

Free series. All open-source. No DevOps background required. Estimated hands-on time: 60–90 minutes.

Most systems don’t fail when you build them.

They fail when you stop watching them.

What This Part Does

By the end of this part:

You can access any machine remotely from a browser
You know when something breaks before it matters
Your data is backed up and recoverable
Your system can survive failure
Step 1: Remote Desktop (Apache Guacamole)

Create:

mkdir -p ~/guacamole && cd ~/guacamole
nano docker-compose.yml

Paste:

version: '3'
services:

guacd:
image: guacamole/guacd
restart: always

db:
image: postgres:15
restart: always
environment:
- POSTGRES_DB=guacamole_db
- POSTGRES_USER=guacamole_user
- POSTGRES_PASSWORD=YOUR_PASSWORD

guacamole:
image: guacamole/guacamole
restart: always
depends_on:
- guacd
- db
environment:
- GUACD_HOSTNAME=guacd
- POSTGRESQL_HOSTNAME=db
- POSTGRESQL_DATABASE=guacamole_db
- POSTGRESQL_USER=guacamole_user
- POSTGRESQL_PASSWORD=YOUR_PASSWORD
ports:
- "127.0.0.1:8888:8080"

Run:

docker-compose up -d

Open:

👉 https://remote.yourdomain.com

Step 2: Connect Your Machine
Enable RDP (Windows)
Assign static IP
Configure router

👉 Access your office PC from anywhere

Step 3: Time Tracking

Enable in Nextcloud:

👉 TimeTracker

Use:

Start / Stop
Tag sessions

👉 Export CSV

Step 4: Tasks & Projects
Tasks
This Week
Client Work
Finance
Deck (Kanban)
Backlog
In Progress
Waiting
Done

👉 One system, no duplication

Step 5: Monitoring (Prometheus + Grafana)

Install:

sudo apt install -y prometheus prometheus-node-exporter grafana

Start:

sudo systemctl enable --now grafana-server

Open:

👉 https://grafana.yourdomain.com

👉 Live metrics

Step 6: Alerts

Configure Alertmanager:

👉 Email alerts when:

CPU high
Memory high
Disk low

👉 You know before failure

Step 7: Encrypted Backup

Create:

nano ~/backup.sh

Schedule:

crontab -e

👉 Weekly backup

What You Just Built
System Status
Remote access ✓
Monitoring ✓
Alerts ✓
Backup ✓

👉 This is now production-ready

Why This Matters

Most people stop at:

“It works”

You now have:

“It keeps working”
What Part 5 Covers
Maintenance
Failure recovery
Operations

👉 Final layer

Final Thought

Building a system is easy.

Keeping it running is what makes it real.

Part 5 is next.

📚 Series: Your Own AI Secretary, Butler & IT Team for ~$15/Month


Part 1 — The Blueprint	What you're building & why
Part 2 — Laying the Foundation: Zero-Trust Server	Vultr + Cloudflare
Part 3 — Private Cloud + 4 AI Assistants	Nextcloud + AI Portal
✅ Part 4 — Monitoring, Remote Access & Backups	You are here
Part 5 — The Operations Manual	Running it long-term

All five parts are free. Follow me on DEV to get future updates.

— Kusunoki

I Built My Own Private Cloud + 4 AI Assistants on One Server (No SaaS, Full Control)

kusunoki — Wed, 08 Apr 2026 09:49:02 +0000

Self-Hosted AI Infrastructure for Small Businesses — Part 3 of 5

Free series. All open-source. No DevOps background required. Estimated hands-on time: 60–90 minutes.

You now have a server no one can see.

In this part, you turn it into something people actually use.

What You Will Complete in This Part

By the end of this part:

Your private cloud is live (cloud.yourdomain.com)
Documents open and sync in real time
Four AI models run behind a single interface
An AI agent executes tasks autonomously
Backups run automatically
Your entire system is usable from any browser
Before You Start: One Rule About AI

Before sending a single request:

👉 Set a hard monthly spending cap on every provider

AI APIs do not stop automatically.

Step 1: Install Docker
sudo apt install -y docker.io docker-compose
sudo systemctl enable --now docker
sudo usermod -aG docker myadmin

Logout and login again.

Verify:

docker --version
docker ps
Step 2: Deploy Your Private Cloud (Nextcloud)

Create environment:

mkdir -p ~/nextcloud && cd ~/nextcloud
nano docker-compose.yml

Paste:

version: '3'
services:

db:
image: postgres:15
restart: always
environment:
- POSTGRES_DB=nextcloud_db
- POSTGRES_USER=nextcloud_user
- POSTGRES_PASSWORD=YOUR_PASSWORD
volumes:
- nextcloud_db_data:/var/lib/postgresql/data

app:
image: nextcloud:latest
restart: always
depends_on:
- db
ports:
- "127.0.0.1:8080:80"
environment:
- POSTGRES_HOST=db
- POSTGRES_DB=nextcloud_db
- POSTGRES_USER=nextcloud_user
- POSTGRES_PASSWORD=YOUR_PASSWORD
volumes:
- nextcloud_data:/var/www/html

collabora:
image: collabora/code
restart: always
environment:
- aliasgroup1=https://cloud.yourdomain.com:443
ports:
- "127.0.0.1:9980:9980"

volumes:
nextcloud_db_data:
nextcloud_data:

Run:

docker-compose up -d

Open:

👉 https://cloud.yourdomain.com

Your private cloud is now live.

Step 3: Real-Time Documents (Collabora)
Install “Nextcloud Office”
Connect:

👉 https://office.yourdomain.com

Test:

Open a document
Edit from another device

👉 Changes sync instantly

Step 4: Your 4-AI Interface

Create environment:

mkdir -p ~/llm-proxy && cd ~/llm-proxy
python3 -m venv venv
source venv/bin/activate
pip install fastapi uvicorn httpx python-dotenv

Add keys:

nano .env
OPENAI_API_KEY=...
ANTHROPIC_API_KEY=...
GOOGLE_API_KEY=...
PERPLEXITY_API_KEY=...

Verify:

curl http://localhost:8000/health

👉 One interface
👉 Four models

Step 5: AI Agent (OpenClaw)
npm install -g openclaw
openclaw onboard --install-daemon

Test:

openclaw status

👉 “Gateway: running”

Step 6: Calendar Sync
iPhone / Android / PC
CalDAV

👉 Same calendar everywhere

Step 7: Custom Email

Create:

👉 yourname@yourdomain.com

Add:

DKIM
SPF
DMARC

👉 Professional + secure

Step 8: Automatic Backup

Create script:

nano ~/backup.sh

Schedule:

crontab -e

👉 Daily backup runs automatically

What You Just Built
Component Status
Private cloud ✓
Real-time docs ✓
AI system ✓
AI agent ✓
Backup ✓

👉 This is no longer infrastructure
👉 This is a working system

Why This Changes Everything

Instead of:

SaaS subscriptions
Fragmented tools
External data storage

You now have:

One system
Full control
Predictable cost
What Part 4 Adds
Remote desktop (browser-based)
Monitoring (Prometheus + Grafana)

👉 Production-ready infrastructure

Final Thought

Most people never build systems like this.

Not because it’s difficult —
but because they never see it done step by step.

Part 4 is next.

📚 Series: Your Own AI Secretary, Butler & IT Team for ~$15/Month


Part 1 — The Blueprint	What you're building & why
Part 2 — Laying the Foundation: Zero-Trust Server	Vultr + Cloudflare
✅ Part 3 — Private Cloud + 4 AI Assistants	You are here
Part 4 — Monitoring, Remote Access & Backups	Reliability layer
Part 5 — The Operations Manual	Running it long-term

All five parts are free. Follow me on DEV to get future updates.

— Kusunoki

I Built a Zero-Trust Server With Only 2 Open Ports (No VPN, No Exposed SSH)

kusunoki — Wed, 08 Apr 2026 09:40:15 +0000

Self-Hosted AI Infrastructure for Small Businesses — Part 2 of 5

Free series. All open-source. No DevOps background required. Estimated hands-on time: 45–90 minutes.

Most servers are insecure not because people don’t care — but because they expose things they don’t even realize are visible.

In this part, we eliminate that entirely.

What You Will Complete in This Part
A VPS you fully control
A domain routed through Cloudflare
A Zero Trust layer with identity-based access
A server with only two open ports (80/443)
Five independent security layers active
The Principle: Nothing Should Be Public by Default

Most setups start like this:

Open port 22 for SSH
Add services
Try to secure later

This guide does the opposite.

👉 Nothing is exposed unless explicitly required

Step 1: Provision Your VPS (Vultr)

Choose:

Ubuntu 24.04 LTS
2 vCPU / 4GB RAM (~$24/month recommended)

This is your private machine in the cloud.

👉 Think of it as your own server — not rented SaaS.

Step 2: Domain + Cloudflare

You need a domain for clean routing:

cloud.yourdomain.com
ai.yourdomain.com
remote.yourdomain.com

Route everything through Cloudflare.

👉 This becomes your security perimeter

Step 3: Zero Trust (Core of the Architecture)

Instead of exposing ports:

👉 The server connects outward to Cloudflare

This creates:

No exposed SSH port
No exposed admin interface
Identity-based access only

Users authenticate via email OTP.

👉 No passwords. No VPN.

Step 4: Lock Down the Server

We apply layered security:

Firewall (UFW)
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

👉 Only 2 ports open.

Intrusion Protection
sudo apt install -y fail2ban
Automatic Security Updates
sudo apt install -y unattended-upgrades
Kernel Hardening

Disable:

redirects
source routing
unnecessary forwarding

👉 Reduce attack surface at OS level

Hardware Firewall (Vultr)

Add:

Allow: 80 / 443
Block: everything else

👉 Double-layer firewall

Step 5: Prepare for AI Layer

Install Node.js:

curl -fsSL https://deb.nodesource.com/setup_24.x | sudo -E bash -
sudo apt install -y nodejs

👉 Required for Part 3

Security State (What You Just Built)
Layer Status
Cloudflare WAF ✓
Identity Access (OTP) ✓
Hardware Firewall ✓
UFW Firewall ✓
fail2ban ✓

👉 No public SSH
👉 No exposed admin panel

Why This Matters

Typical SaaS stack:

Expensive
Data external
Limited control

This system:

Low cost
Fully controlled
Security-first
What Comes Next (Part 3)

We install the actual working system:

Nextcloud (private cloud)
Collabora (documents)
Unified AI interface
OpenClaw (AI agent system)

👉 This is where it becomes usable

Final Thought

Security is not something you add later.

It is something you design first — or you don’t have it at all.

Part 3 is next.

📚 Series: Your Own AI Secretary, Butler & IT Team for ~$15/Month


Part 1 — The Blueprint	What you're building & why
✅ Part 2 — Laying the Foundation: Zero-Trust Server	You are here
Part 3 — Private Cloud + 4 AI Assistants	Nextcloud + AI Portal
Part 4 — Monitoring, Remote Access & Backups	Reliability layer
Part 5 — The Operations Manual	Running it long-term

All five parts are free. Follow me on DEV to get future updates.

— Kusunoki

I Replaced $150/Month SaaS With a $15 Self-Hosted AI Stack (Zero Trust, Full Control)

kusunoki — Wed, 08 Apr 2026 09:33:09 +0000

Building a Zero-Trust, Self-Hosted AI Environment for Small Businesses [Part 1 of 5]

Free series. No DevOps background required. All open-source. Total cost: ~$15–50/month depending on team size.

Most small businesses aren’t failing because of bad ideas — they’re failing because of invisible infrastructure costs they don’t even notice.

The Weekend I Got Tired of Paying for My Own Data

I am a tax specialist, not a developer by trade. But I have been building systems since the 1980s, and at some point last year I sat down with a spreadsheet and added up what my practice was paying for tools that stored our client data on someone else's server.

The number was $163 per month. Per user.

That spreadsheet is why this series exists.

What I built over two weekends — a zero-trust, self-hosted private cloud with AI assistants, automation, document collaboration, and monitoring — costs between $18 and $50 per month and runs entirely on a $24 VPS using open-source software.

Every byte of data stays on hardware I control.

Who This Is For
Developers building solutions for non-technical clients
Founders who want enterprise-grade infrastructure without enterprise cost
Small business owners who want control without complexity
What This Stack Does
Private cloud (Nextcloud)
Multi-AI interface (ChatGPT, Claude, Gemini, Perplexity)
Agentic automation
Collaborative documents
Remote desktop
Monitoring + alerts
Encrypted backups

Everything is built step by step in this series.

Cost Breakdown
Component Cost
VPS $12–48
Domain ~$1
Software Free
Cloudflare Free (≤50 users)
AI usage $3–50

Total: ~$18–79/month

Security Model

This is not “security by hope.”

This system uses a zero-trust architecture:

No open ports
Identity-based access
Layered defense
No public admin surface

Every request is verified. Every session is isolated.

Why This Matters

Traditional SaaS:

Expensive
Vendor-controlled
Data not yours

This approach:

Cheap
Fully controlled
Privacy-first
What Changes

Your infrastructure becomes:

Invisible
Stable
Predictable

You stop thinking about tools and start focusing on work.

Series Structure
Part Content
Part 1 Overview (this article)
Part 2 Server + Zero Trust
Part 3 AI + Apps
Part 4 Monitoring + Backup
Part 5 Operations
Final Thought

AI can assist.

It cannot decide.

You remain responsible for judgment.

That does not change — no matter how powerful the tools become.

Part 2 is next.

📚 Series: Your Own AI Secretary, Butler & IT Team for ~$15/Month


✅ Part 1 — The Blueprint	You are here
Part 2 — Laying the Foundation: Zero-Trust Server	Vultr + Cloudflare
Part 3 — Private Cloud + 4 AI Assistants	Nextcloud + AI Portal
Part 4 — Monitoring, Remote Access & Backups	Reliability layer
Part 5 — The Operations Manual	Running it long-term

All five parts are free. Follow me on DEV to get future updates.

— Kusunoki
International Tax Specialist & Systems Builder