Self-Hosted Weekly: Week 27, 2026. TrueNAS 26, Grafana RCE, Gemma 4

Self-Hosted Weekly: Week 27, 2026. TrueNAS 26, Grafana RCE, Gemma 4

Another week, another reminder that "self-hosted" and "AI agents" are quietly becoming the same conversation. This week gave us a homelab NAS that keeps eating Proxmox's lunch, two security patches you should apply before the weekend, a fresh batch of open models you can actually run yourself, and an acquisition that says a lot about where infrastructure is heading. Let's get into it.

1. TrueNAS 26 keeps closing the gap on Proxmox

TrueNAS 26 is no longer just a storage box. LXC containers, experimental for a while, are now fully supported, and you can pass NVIDIA (and other) GPUs straight into a container from the config screen. Add the shift to an annual release cadence with plain version numbers instead of fish-themed code names, and it's starting to look like a serious homelab hypervisor.

Hot take: It still isn't Proxmox, and the VM tooling has some catching up to do. But for anyone who wants storage, containers, and a couple of VMs on one box without running two platforms, the "just use TrueNAS" argument gets stronger every release. The GPU-into-LXC bit is the sleeper feature: that's local AI inference on your NAS.

2. Grafana patches a critical RCE. Patch now.

Grafana shipped a critical fix for CVE-2026-27876, a 9.1 CVSS remote code execution in SQL expressions. If the sqlExpressions feature toggle is on, an attacker who can run data source queries can overwrite a driver or write a data source config file and get full RCE. A second flaw, CVE-2026-27880 (7.5), lets an unauthenticated attacker crash the server through unbounded requests to the OpenFeature endpoints.

Hot take: "Monitoring dashboard" and "remote code execution" are two phrases you never want in the same sentence, because Grafana usually sits deep inside your network with credentials to everything. Update to the patched releases today. If you run managed Grafana on Elestio, the update path is one click.

3. PostgreSQL closes eleven security holes

The coordinated PostgreSQL update (18.4, 17.10, 16.14, 15.18, 14.23) fixes eleven vulnerabilities, several rated CVSS 8.8: an integer underflow leading to memory corruption, a symlink-following bug in pg_basebackup and pg_rewind, a stack buffer overflow allowing arbitrary code execution, and a SQL injection path.

Hot take: Postgres is the database half the self-hosted world runs on, so this one is quietly the biggest patch of the week. The scary part isn't the RCE, it's the pg_basebackup symlink bug, because that's your backup tooling. Schedule the minor-version bump. Postgres point releases are boringly reliable, which is exactly why people put off applying them.

4. Google's Gemma 4 lands under Apache 2.0

Google DeepMind released Gemma 4, a family of open models (from small on-device sizes up to a 31B dense and a 26B mixture-of-experts) built for reasoning and agentic workflows, all under the permissive Apache 2.0 license. Permissive means commercial use, derivatives, and redistribution are explicitly fine.

Hot take: The interesting story isn't the benchmark chart, it's the license. Apache 2.0 on a capable model means you can pull it into Ollama, run it on your own VM, and build a product on top without a lawyer in the room. That's the whole pitch for self-hosted AI: your model, your hardware, your rules, no per-token meter running.

5. OpenAI absorbs Ona, the startup formerly known as Gitpod

OpenAI is acquiring Ona, the German company that used to be Gitpod, the open-source cloud development environment more than 750,000 developers once used. Ona had already pivoted from browser IDEs to secure, long-running cloud environments for AI agents, and that infrastructure is what Codex is buying: somewhere for an agent to run uninterrupted for hours inside enterprise cloud.

Hot take: This is the clearest signal yet that "sandbox where an agent can safely run for a long time" is the infrastructure everyone actually wants. It's also a small eulogy for the open-source CDE dream. The lesson for self-hosters isn't to mourn, it's to notice what's valuable: an isolated, persistent place to run untrusted agent code. You can build that yourself, and you probably should.

6. Docker Desktop leans hard into MCP and local models

The latest Docker Desktop updates add MCP profile template cards and an onboarding tour, let you filter logs by Compose stack, and extend Model Runner with support for Qwen3.5. Docker is clearly positioning itself as the place where you wire local models and MCP servers into your dev loop.

Hot take: Two years ago Docker was fighting to stay relevant. Now it's shipping first-class MCP and local-model tooling faster than most AI-native startups. If you've been running models in a random Python venv, the Compose-plus-Model-Runner path is worth a look, because reproducible AI environments are the thing everyone forgets they need until a teammate can't reproduce a result.

7. Immich v3 moves into release candidates

Immich, the self-hosted Google Photos alternative, is closing in on its v3 release, now in release-candidate territory. The headline features: non-destructive mobile editing, workflows, and the ability to use Immich as a full gallery app on Android.

Hot take: Immich is the poster child for self-hosted software that's genuinely better than the SaaS it replaces, and v3 pushes it further onto your phone, which is where the "just use Google Photos" temptation actually lives. If it can be your default gallery app, Google Photos stops being a habit. Wait for the stable tag before you point your only copy of the family photos at it, though. Release candidates are called candidates for a reason.

8. UN Open Source Week put digital sovereignty on the main stage

UN Open Source Week wrapped at UN headquarters with keynotes from Yann LeCun and Linus Torvalds and sessions on financing open source, AI governance, and digital sovereignty. When the UN is running a track on how countries stay in control of their own software, the sovereignty conversation has officially left the homelab.

Hot take: "Digital sovereignty" sounds abstract until you realize it's the same instinct that makes an individual self-host their email: don't hand the keys to someone who can change the locks. For teams that need to keep data in a specific jurisdiction, running open-source software on European infrastructure is the practical version of that idea, no UN panel required.

What We're Watching Next Week

Kubernetes 1.37 hits its feature freeze on July 10, heading toward a late-August release. Worth tracking if you run clusters, because this is the point where the shape of the next version locks in.

Claude Sonnet 5 is being pitched as the most agentic model yet, able to drive browsers and terminals on its own. The question for self-hosters: do the open agent stacks like OpenClaw and Hermes keep pace, or does the frontier pull further ahead of what you can run yourself?

Bottom Line

Three threads ran through the week. Consolidation: the agent-sandbox layer is so valuable that OpenAI bought a company to get it. Capability: Gemma 4 under Apache 2.0 means the models you can self-host keep getting better and freer. And maintenance: Grafana and PostgreSQL both shipped fixes you should apply now, not next sprint. The tools keep getting more powerful, but the boring habit of patching is still what keeps your stack yours.

Thanks for reading ❤️ See you next week 👋