What do you want to build?
The docs aren't organised by feature — they're organised by goal. Pick the scenario that sounds like your weekend project, and we'll walk you through it with config snippets, screenshots, and the inevitable footguns.
Scenarios
End-to-end recipes — start at the goal, finish with a working node.
The Personal Cloud
Replace Dropbox / Google Drive / iCloud.
- Pair a desktop with a VPS
- Create your first vault, set RF
- Add Android — automatic photo sync
- Streaming vs. full-sync vaults
The Secure Comms Hub
Replace Signal / Telegram for your private group.
- Chat vaults & invites
- End-to-end audio + video calls
- Local background notifications
- Compact LAN-pairing for two phones
The S3-compatible Backend
Plug MeshHold into self-hosted apps.
- Enable the S3 listener, bucket = vault alias
- Access keys + per-bucket permissions
- Recipes: Nextcloud, PeerTube, Mastodon, Matrix, ejabberd
- Pleroma, Lemmy, Ente, Restic / rclone, static sites
The Private Mesh VPN
Tunnel your phone through a trusted exit.
- Entry → middle → exit chains
- HTTP CONNECT proxy vs. system VPN
- Management keys (tunnel cap)
- REALITY / SSH masquerade transports
The Flat Mesh LAN
Reach every node by a stable virtual IP.
- Mesh-route network keys = membership
- Deterministic virtual IPs (no coordinator)
- Per-node port ACL (default-deny)
- Join nodes, connect by IP — coexists with Tailscale
USB Device Passthrough
Use a USB device plugged into another machine.
- Export a device on Linux (usbip bind)
- One TCP forward carries USB/IP port 3240
- Attach on Windows with usbip-win2
- Signed driver vs. test-signing mode
The Home Automation Bridge
Doorbell, Grafana, Pi-camera — all into MeshHold.
- Inbound webhooks (Slack/Mattermost shape)
- GPIO button → video call
- Headless Pi camera (auto-answer)
- Alert routing into chat rooms
The Developer Platform
Build apps on top of MeshHold.
- REST API reference
- Server-Sent Events stream
- MCP / Claude Code integration
- libp2p protocol IDs
The Office / Lab Fleet
A multi-user team mesh.
- Network bootstrap & swarm-key rotation
- Trusted vs. untrusted nodes
- Per-key access & rotation
- Backup & disaster recovery
Core Concepts
Understand the fundamentals.
- Convergent encryption
- Replication factor & reliable nodes
- Vaults, blocks, and hash-chains
- Mesh topology & gossip
Reference
For when you already know what you want.
Security & hardening
Login brute-force lockout, TOTP 2FA, TLS, DoS limits, peer ACL, and a hardening checklist.
Open →Fail2Ban integration
Drop brute-forcers at the firewall — enable the shipped filter + jail and verify it.
Open →Configuration reference
Every key in config.yaml — types, defaults, validation rules.
Open →CLI reference
Every meshhold subcommand and flag.
Open →REST API reference
All /api/v1/… endpoints with examples.
Open →Architecture spec
The long-form design doc — protocols, crypto, invariants.
Open →Anonymous telemetry
What every node reports back, how to switch it off.
Open →Routers (OpenWrt / dd-wrt)
Run a relay / tunnel / VPN node on a router — which build for which CPU, and how to install it.
Open →Can't find what you need?
The forum is the best place to ask — answers there get folded back into these guides.