Menu
Article self-hosting

Digital Legacy Planning for Homelabbers: What Happens When You Die

homelabbed

• 6 min read

There's a thread that pops up on r/selfhosted every few months. Someone's dad passed away, or their spouse had a sudden medical emergency, and now they're staring at a rack of blinking servers with absolutely no idea how to access the family photos, the financial records, or even turn the damn things off.

It's a gut punch to read. And if you're honest with yourself, you know your setup would be just as impenetrable.

I've spent the last year thinking about this problem, and I've implemented solutions I'm actually confident in. This isn't just theory. This is "I tried this so you don't have to" territory.

The Bus Factor Problem

In software development, "bus factor" refers to how many team members would need to get hit by a bus before a project becomes unmaintainable. For most homelabs, that number is exactly one: you.

Think about what your family would face:

  • A password manager they can't access
  • Services running on IP addresses they don't know
  • SSH keys they've never heard of
  • Containers with names that only make sense to you
  • A domain that needs renewal in 6 months
  • Photos, documents, and memories locked behind authentication

Your homelab isn't just infrastructure. It's become the family's digital backbone. And you're the single point of failure.

The uncomfortable truth? Most of us have spent more time optimizing our Docker Compose files than planning for our own mortality. Time to fix that.

Emergency Access in Bitwarden and Vaultwarden

If you're self-hosting a password manager (and you should be), emergency access is your first line of defense. Bitwarden and Vaultwarden both support this feature, and it's criminally underused.

How Emergency Access Works

You designate a trusted contact who can request access to your vault. When they do, a waiting period starts (you configure how long). If you don't deny the request within that window, they get access.

It's essentially a dead man's switch built into your password manager.

Setting It Up in Vaultwarden

First, make sure emergency access is enabled in your Vaultwarden config:

EMERGENCY_ACCESS_ALLOWED=true

Then in the web vault:

  1. Go to Settings → Emergency Access
  2. Click "Add emergency contact"
  3. Enter their email (they need a Bitwarden/Vaultwarden account)
  4. Choose access level: View (read-only) or Takeover (full control)
  5. Set the wait time (I recommend 7 days for family, 14 for friends)

The wait time is crucial. Too short and a compromised contact could steal your vault. Too long and your family is stuck waiting during a crisis. Seven days hits the sweet spot for most people.

What Your Contact Actually Sees

When emergency access triggers, your contact gets either:

  • View access: They can see all passwords but can't modify anything. Good for a spouse who just needs to pay bills.
  • Takeover access: They become the new owner of the vault. Use this for your designated "digital executor."

Pro tip: Set up two contacts. Your spouse with View access and a tech-savvy sibling or friend with Takeover access. Redundancy matters here too.

Documentation That Non-Technical Family Can Actually Use

Your Ansible playbooks and docker-compose.yml files are documentation for you. They're gibberish to your partner.

You need a "hit by a bus" document. And it needs to be written for someone who thinks "container" is something you store leftovers in.

What to Include

Create a physical document (yes, printed on actual paper) that covers:

The Basics:

  • Where the servers physically are
  • How to turn everything off (not gracefully, just off)
  • Who to call for help (tech-savvy friend, MSP, etc.)
  • What bills need to keep getting paid (domain, cloud backups, VPS)

Access Information:

  • How to access the password manager (including master password)
  • The URL of your main dashboard or homepage
  • Any 2FA recovery codes they might need

What Actually Matters:

  • Where family photos are stored
  • Where financial documents live
  • What services the family actively uses (Jellyfin, Nextcloud, etc.)
  • What can be safely ignored or turned off

The Physical Document Problem

Yes, writing down your master password feels wrong. Every security instinct screams against it.

But here's the thing: your threat model changes when you're dead. You're not protecting against hackers anymore. You're protecting against your family losing access to their own memories.

Store the document in:

  • A fireproof safe at home
  • A safe deposit box
  • With your will and other estate documents
  • Sealed envelope with your attorney

Update it annually. Put a reminder in your calendar. I do mine every January along with checking smoke detector batteries.

Dead Man's Switch Options

Beyond emergency access, you might want automated notifications if you become incapacitated. Here are the options from simple to self-hosted.

Google Inactive Account Manager

The easiest option, especially if you have any Google services. Google's Inactive Account Manager will:

  1. Detect if you haven't logged into any Google service for a set period (3-18 months)
  2. Attempt to contact you via email and SMS
  3. If no response, notify up to 10 trusted contacts
  4. Optionally share specific data or delete the account

To set it up: Google Account → Data & Privacy → Make a plan for your digital legacy

The downside? Three months minimum wait time, and you're trusting Google. But it's free, reliable, and requires zero maintenance.

Self-Hosted Dead Man's Switch

If you want something faster or don't trust Big Tech with this (fair), there are self-hosted options.

Simple cron + email approach:

#!/bin/bash
# /opt/deadman/check.sh
# Requires a "heartbeat" file to be touched regularly

HEARTBEAT_FILE="/opt/deadman/heartbeat"
MAX_AGE_DAYS=7
ALERT_EMAIL="spouse@email.com"

if [ ! -f "$HEARTBEAT_FILE" ]; then
    echo "Heartbeat file missing" | mail -s "URGENT: Dead Man's Switch Triggered" $ALERT_EMAIL
    exit 1
fi

FILE_AGE=$(( ($(date +%s) - $(stat -c %Y "$HEARTBEAT_FILE")) / 86400 ))

if [ $FILE_AGE -gt $MAX_AGE_DAYS ]; then
    echo "No activity for $FILE_AGE days. Please check on [Your Name]." | \
    mail -s "URGENT: Dead Man's Switch Triggered" $ALERT_EMAIL
fi

Then set up a cron job to run it daily and a simple way to touch the heartbeat file (I use a Home Assistant button on my phone's home screen).

More polished options:

  • github.com/stoically/dms - A proper dead man's switch with web UI
  • Healthchecks.io - Originally for cron monitoring, works great as a dead man's switch

The "I'm Still Alive" Button

Whatever system you use, make checking in effortless. If it's annoying, you'll stop doing it, and then your family gets a scary email while you're just on vacation.

I have a button in my Home Assistant dashboard that:

  1. Touches the heartbeat file
  2. Runs on a widget on my phone
  3. Gets pressed whenever I remember (usually weekly)

The check window is 14 days. Long enough that a vacation won't trigger it, short enough to be useful in an actual emergency.

Simplifying Your Setup for Inheritance

This is the hard part. Because let's be honest, your homelab has accumulated cruft. Services you tried once, containers running just in case, configurations that made sense three years ago.

It's time to Marie Kondo your infrastructure.

The Inheritance Audit

Go through every running service and ask:

  1. Does my family actually use this? If not, does it need to survive me?
  2. Could this run on a managed service instead? Sometimes paying $5/month for something hosted is worth the reduced complexity.
  3. What's the minimum viable version of this? Maybe you don't need HA Kubernetes. Maybe a single Docker host is fine.

The Consolidation Strategy

For essential family services (photos, documents, media):

  • Consider a NAS with a friendly UI (Synology, QNAP) instead of custom-built
  • Use Cloudflare Tunnel or similar for easy external access without port forwarding
  • Automatic cloud backups to somewhere your family can access

For everything else:

  • Document how to shut it down gracefully
  • Or just accept that it'll die with you, and that's fine

The Nuclear Option Document

Include instructions for the absolute worst case:

If you just need everything OFF and don't care about data:

1. Unplug the black power strip in the office closet
2. Cancel the Hetzner server (login in password manager under "Hetzner")
3. Cancel the domain renewal (Cloudflare account, same password manager)
4. Done. Everything is off.

If you want to preserve family photos:
1. The Synology NAS is the white box with blue lights
2. Don't unplug it - photos sync to Backblaze automatically
3. Contact [Tech Friend] to help extract them

The Uncomfortable Conversation

None of this works if your family doesn't know it exists.

You need to have the conversation. Tell your spouse:

  • Where the documentation is
  • Who to contact for help
  • That they have emergency access to your password manager
  • That it's okay to just turn everything off if it's overwhelming

This conversation sucks. Nobody wants to talk about dying. But it's a gift to the people you'd leave behind.

Your Action Items

Don't just bookmark this article. Actually do something:

  1. Today: Set up emergency access in Bitwarden/Vaultwarden
  2. This week: Write a one-page "if I die" document with the absolute basics
  3. This month: Set up Google Inactive Account Manager or a self-hosted dead man's switch
  4. This quarter: Do an inheritance audit of your services
  5. Once a year: Review and update everything

Your homelab is your legacy. Make sure it doesn't become a burden.

This article was inspired by recurring discussions on r/selfhosted, where homelabbers share both the technical solutions and the emotional weight of digital estate planning. If you've implemented your own dead man's switch or have tips for simplifying inheritance, drop a comment below.

Share