pocket-homeserver v1.0.0 — the first stable release.
A complete, opt-in personal cloud on a single unrooted Android phone: Matrix chat, a Cloudflare-tunnelled Caddy edge, and ~30 optional services — files & sync, productivity, calendar & passwords, media, a git forge, DNS-over-HTTPS, a mesh VPN, and more. Every web service is loopback-bound behind the tunnel, every embedded database lives on ext4, every module is OFF by default, and every pinned artifact is sha256-verified fail-closed.
The full feature history (v0.4.0 → v0.9.1) is in the changelog. This release closes the pre-1.0 audit's remaining coverage gaps. From here, breaking changes follow SemVer.
What landed for 1.0
- Universal loopback backstop. Beyond each service's config/env loopback assert, a post-start
sswildcard check now refuses to leave any service listening on a non-loopback address — extended from Forgejo + AdGuard to every Go/Node/Rust web listener (Navidrome, Vikunja, Kavita, Trilium, Audiobookshelf, Pingvin, Gatus, the Syncthing GUI, Vaultwarden, Dufs). It's a shared, port-scoped helper inscripts/lib/common.sh. This closes the raw-SYS_BINDclass — the reason Photoview was dropped — for the whole stack. Validated on arm64 against a real Go binary (loopback passes; a forced wildcard is detected, stopped, and its port freed). - Every pin re-verified. All 16 sha256-pinned artifacts were re-checked against current upstream bytes — every one matches.
- Honest dependency accounting. Pingvin builds from
smp46/pingvin-share-xbecause canonical upstream is archived and that fork is the maintained successor; audited at the pinned tag (no npm lifecycle hooks, stock dependencies, loopback patch intact).
Notes
- Two upstream-imposed residuals remain documented (injection-safe, Android-mitigated): FreshRSS
create-user.phpand the maddy per-user-IMAP password are--password-only on the command line. - All optional modules ship OFF; enable what you want via
setup.sh/ the in-panel app catalog.
🐧 See docs/SETUP.md for the zero-to-running walkthrough.