~ / install — sparkbox
$

That's it.

One command installs 35+ self-hosted apps with sane defaults, real backups, and a dashboard that doesn't lie to you. Your data stays on your hardware.

Install guide → See what's inside
Support the project

Four honest ways to keep this going.

Every app and module is free, forever — the complete private server costs nothing, no app paywall. The optional $49 Legend tier unlocks the enhanced SparkBox on top: Tom AI in your dashboard, the upgraded interface, deeper customization and extra modules, priority support, and a supporter badge — with more landing all the time. One-time, not a subscription. The other two are pure project funding via partners we already use ourselves.

Supporters
0 and counting

Every Backer + Legend who's chipped in since launch. SparkBox runs on supporters — hosting, AI, development, and professional security audits cost money every month, so there's always a next goal to chase.

Stage 1
100
Costs covered
Hosting, CDN, and AI run on supporters — not ads, not your data.
Stage 2
1,000
A part-time engineer
A second pair of hands to help Tom — more modules and faster fixes.
Stage 3
1,500
Independently audited
Funds a professional third-party security audit — the real trust check for a privacy tool.
→ And beyond — mobile apps, a bigger team, bigger ambitions. New goals keep unlocking as we grow; this never really finishes.

Updated 2026-05-30 — the counter only ever grows.

Back it

Support SparkBox.

Every app stays free forever — no paywall. Backing unlocks the enhanced SparkBox: Tom AI in your dashboard, the upgraded interface, deeper customization, and priority support on d/sparkbox — with more Backer features landing all the time. One-time, not a subscription. Full breakdown on the backer page →

Back SparkBox →
Use what we use · Recommended VPN

Surfshark.

Unlimited devices, kill-switch wired into the arr stack out of the box, MultiHop for paranoid uploads. The VPN we run on every box we ship. From $1.89/mo on the 2-year plan.

★ SparkBox users get 4 months free
Get Surfshark →
No NAS? · Recommended host

Hostinger.

If you don't have hardware sitting around, the KVM 4 is the cheapest sane way to run SparkBox without compromising on disk or RAM. Spin up, point the install script at it, done in 20 minutes. $13/mo intro · $25/mo at renewal.

Get the VPS →
Just use it

Use it free forever.

The most useful thing you can do is install it, file good bug reports, and tell one friend. That's how 83 reports turned into 53 shipped fixes.

Install guide →
Who's behind it

Made by Tom Spark.

Tom Spark
Tom Spark

Privacy advocate, VPN reviewer, and certified GEEK. SparkBox is the box Tom wished existed — shaped in conversation with the people running it.

Tom Spark Reviews on YouTube
Community made

The receipts, refreshed daily.

Numbers below are rewritten every day at 13:17 UTC from the Demox API and the patch log. No fluff metrics, no growth-team scoreboard.

193 Reports filed
88 Fixes shipped
99% Answered
53m Median reply
786 Comments made
Since launch · see every thread on demox.world/d/sparkbox

I just setup a Linux Mint VM in my normal PC so I can take a look around this and have a bit of a test-run before installing it to it's proper home on another PC I want to use and apart from a couple of small glitches which your own prompts pointed me to the solutions it is now running. That was one of the nicest installs I have done in a long time, super fast too and this interface that you came up with is gorgeous, I love it! Thank you for creating and sharing this, I look forward to getting this all set up in it's permanent home and using it properly :D

@BadBunny

Happy to support the cause! The amount of time, effort, and stress you saved me is well worth it! I am just glad your YouTube video was delivered to my feed. I had watched so many one-stop ARR stack setup videos that took hours to fully get up and running, and then were always super inconsistent!! That has not been the experience with Sparkbox at all. Now that things are setup it all just seems to be working beautifully and everything stays working even after updates. It truly feels like the first good, sturdy solution. I am excited to be at what feels like the start of a new Napster-type era. In the future when I get access to more decommissioned servers with some higher TB drives I plan on making my family and friends some SFF Sparkbox Media Servers for them to host at their own homes! So yeah, thank you for what you have created here!

@GamerX06

Damn dude !!!! Just setup something similiar and took me weeks ! This is amazing !

@DarkStorm909

just recently rebuilt my whole stack into lightweight linux vms after a catastrophic hardware failure... this woulda saved some time lol.

@razzix2

incredible work Tom... this is next level brilliance

@astrodude45

Your timing literally could not have been *ANY* better! *Half-chub*.... psssh, I'm rockin the full-monty over here 🤠

@rs832
What installing feels like

Five steps. Two minutes. Done.

This is the counter-narrative to curl-bash terror. The script tells you what it's doing, asks once, and walks away clean.

1 One command
2 Install
3 Password
4 Launch
5 Install apps
install.sh — verbose
[1/9] detecting platform … linux/amd64 · ubuntu 24.04
[2/9] checking docker … v27.3.1 ok
[3/9] checking ports … 80, 443, 8443 free
[4/9] pulling sparkbox-core … 312 MB
[5/9] pulling 9 app images … 1.8 GB
[6/9] writing systemd units … 9 services enabled
[7/9] generating credentials … one master password set
[8/9] running health probes … 9/9 green
[9/9] writing dashboard route … done
→ dashboard live at https://192.168.0.17:8443
Your dashboard

One screen, all your stuff.

sparkbox · 192.168.0.17
9 of 35 apps 0.04% CPU up 14d 3h last backup 11m ago · verified
ImmichRUN
JellyfinRUN
VaultwardenRUN
Pi-holeRUN
Home AssistantRUN
PaperlessRUN
SonarrRUN
RadarrRUN
qBittorrentRUN
What's inside

35+ real apps. One install.

Every icon below is a real upstream project. SparkBox wires the storage, the reverse proxy, the backups and the credentials so you don't have to think about any of it.

Immich
AI photo library with face searchreplaces Google Photos
PhotoPrism
Older photo library — for users migrating off itreplaces Apple Photos
Nextcloud
File sync, calendar, contactsreplaces Dropbox
FileBrowser
Web file managerreplaces
Syncthing
Peer-to-peer file syncreplaces Dropbox Sync
Paperless-ngx
OCR document archivereplaces Evernote
Stirling PDF
PDF editor, signer, converterreplaces Adobe Acrobat
Jellyfin
Stream movies, TV, musicreplaces Plex Pass + your library
Sonarr
Auto-download TV showsreplaces
Radarr
Auto-download moviesreplaces
Prowlarr
Indexer manager for the *arr stackreplaces
qBittorrent
Download client (VPN-routed)replaces
Jellyseerr
Request movies & showsreplaces
Bazarr
Auto-download subtitlesreplaces
Audiobookshelf
Audiobooks & podcastsreplaces Audible
Navidrome
Self-hosted music streamingreplaces Spotify
Calibre Web
E-book libraryreplaces Kindle Unlimited
Kavita
Comics, manga & e-booksreplaces Comixology
Vaultwarden
End-to-end password vaultreplaces 1Password
Authelia
SSO + 2FA gatewayreplaces
Pi-hole
Network-wide ad blockerreplaces browser blockers
AdGuard Home
DNS filtering with DoHreplaces
WireGuard
Private VPN tunnel homereplaces NordVPN
Tailscale
Zero-config mesh VPNreplaces port forwarding
Gluetun
VPN kill-switch for downloadsreplaces
Nginx Proxy Mgr
Reverse proxy with free SSLreplaces
Matrix + Element
Encrypted federated chatreplaces Slack Pro
Home Assistant
Whole-home automationreplaces SmartThings
Frigate
AI NVR with object detectionreplaces Ring
Mealie
Recipe manager + meal planreplaces Paprika
Ollama
Run Llama / Qwen / DeepSeek locallyreplaces ChatGPT API
Open WebUI
Private ChatGPT-style interfacereplaces chat.openai.com
Linkding
Bookmarks & read-laterreplaces Pocket
FreshRSS
RSS readerreplaces Feedly
BookStack
Self-hosted wikireplaces Notion
Actual Budget
Envelope-method budgetingreplaces YNAB
Portainer
Docker container managementreplaces
Uptime Kuma
Service uptime monitoringreplaces UptimeRobot
Homarr
Customizable start pagereplaces
Grafana
Metrics & dashboardsreplaces Datadog
Prometheus
Time-series metrics databasereplaces
Duplicati
Encrypted off-site backupreplaces Backblaze
Speedtest Tracker
Internet speed historyreplaces
🔥 Exclusive · Backers

We even built our own chat.

Meet Hearth — a private group chat that runs on your SparkBox. No accounts, no Big Tech reading your messages, and no upload caps because your photos and video live on your own pool. Send a link, your people pick a name, you're talking. It's a Tom Spark exclusive for Backers — and a good showcase of what an app looks like when it's built for you, not an ad business.

#general 📞 Gather
Mara
okay this is so much nicer than discord lol
You
right? and it's all on my NAS — no upload cap 🔥
Message #general — drop a photo, a 4GB video, whatever
See Hearth →
0.04% Idle CPU 9 apps running on a $400 NAS.
45+ Bugs caught pre-ship Pre-release testing only. We don't YOLO main.
$0 Free, forever The app's free forever. Tom AI is the only optional paid extra.
Hardware bundles

Three boxes that just work.

You don't need to buy anything to run SparkBox — but if you're shopping, these are the three setups we test against every release.

Starter

Hostinger KVM 4

$13/mo intro · $25/mo renewal

Cheapest sane way to try SparkBox without buying hardware. Spin up, point the script at it, done.

Get the VPS →
TOM'S PICK Family

UGREEN DXP2800

$396NAS only

Two-bay NAS, Intel N100, 8GB DDR5. The SparkBox sweet spot — runs the full 35-app stack at 0.04% idle CPU.

Buy the NAS →
Power

UGREEN DXP4800 Pro

$720NAS only

Four bays, Intel Core, room for everything — Frigate object detection, local LLMs, the whole stack.

Buy the NAS →
Time saved

Roughly 1.4 Saturday afternoons.

Conservative estimates of how long the equivalent setup takes on a vanilla Docker / TrueNAS / Synology stack without SparkBox's automation.

1-click *arr stack auto-config45 min
Pre-set qBittorrent admin password10 min
VPN-routed download stack pre-wired30 min
Per-app credentials surfaced on launch15 min
Pi-hole launcher → /admin/ (vs 403 root)5 min
Self-update with auto-rollback20 min
Encrypted backup with verified restore60 min
AI helper that reads your container logs30 min
Tooltips on every config field25 min
Dashboard auto-restart watchdog90 min
5.5h 330 minutes saved ≈ 1.4 Saturday afternoons back in your life.
The hundred little things

The details nobody else gets right.

01

One-click arr stack

Sonarr, Radarr, Lidarr, Prowlarr and Bazarr wire themselves together — same indexer config, same download path, no copy-paste between four UIs.

02

qBit + arrs ride the VPN

Surfshark tunnel is bound at the namespace level. If the VPN drops, the torrent client drops with it. Period.

03

Tooltips on every field

Every config input has a plain-English "what this does and why" tooltip. No more Wiki tab-hopping at 11 PM.

04

AI troubleshooter

Logs go through a local model. It says "your disk is full" instead of pasting a stack trace at you.

05

Frigate password capture

Frigate doesn't do auth on its own — SparkBox sits a real login in front of it so you don't accidentally expose your driveway.

06

No port numbers visible

Everything's on subpaths and proper subdomains. You don't need to memorize :8443, :9091, :32400.

07

Immich permissions auto-fix

The HEIC-on-Linux dance is gone. We detect it on install and stamp the right umask.

08

Auto-rollback

Every update is a snapshot. If a health probe fails within 180s, we revert before you wake up.

Already on a NAS?

Here's the pitch, plainly.

Four reasons people leave Synology, UGREEN's stock OS, or Unraid. The verdict line is what SparkBox does about each.

01 · Telemetry

Your NAS shouldn't phone home.

No tracking, no ads, no profile of you, no per-install ID. The only thing SparkBox sends is an anonymous ping when you update — which version, did it work — so we can catch a bad release. No identifier, nothing tied to your box. Crash reporting is opt-in and off by default.
SynologyDefault-on Device Analytics + crash reports + push notification relay through Synology's servers.
UGREENCalls AliCloud endpoints by default; mobile app syncs telemetry even with cloud features off.
UnraidOpt-in stats on the OS itself, but plugins vary widely.
02 · Stale apps

Apps that haven't been updated since 2022.

We track upstream releases per-app. Updates roll out weekly, snapshotted, with one-command rollback. Nothing is allowed to rot.
SynologyFamously slow first-party packages — Jellyfin, Plex, Docker all lag months behind upstream.
UGREENShips an old Docker engine and an even older app store.
UnraidCommunity Apps usually fresh; first-party apps lag. Per-plugin maintainer reliability.
03 · Forced accounts

You shouldn't need a vendor login.

One local master password. No SparkBox account, no email required, no "sign in to continue." Air-gap it and it still works.
SynologyAccount required for QuickConnect, mobile apps, Photos, Drive sync — most of what you bought it for.
UGREENAccount required for remote access and the mobile app. Email + phone collected at first boot.
UnraidLicense tied to a USB stick. 'Unraid Connect' is opt-in; OS works fully offline.
04 · Vendor death

What happens when the company pivots?

SparkBox runs on stock Linux + Docker. If we vanish tomorrow, your services keep running and you can lift everything to bare docker-compose with one export.
SynologyQuickConnect, Photos, Drive remote sync depend on Synology's cloud staying alive.
UGREENRemote features and the mobile app die with UGREEN's account servers.
UnraidOffline-first. Plugins may rot if their maintainer leaves, but the OS itself runs forever.
The other options, honestly

SparkBox vs the field.

Eight rows, four competitors, no asterisks. If you find a row that's wrong, file an issue and we'll fix it the same day.

SparkBox Unraid ZimaOS Umbrel DIY Docker
Commands typedZero~30~12~4~200
Tooltips on every fieldYesPartialPartialNoNo
Apps wired together35+Per-appPer-appPer-appYou
UpdatesAuto, staged, rollbackManualAuto, no rollbackWeeklycron + hope
Built byTom Spark, full-timeLimetech LLCIceWhaleUmbrel teamYou, on Saturdays
PriceFree, forever$129+ per tier$29/yr ProFree + CloudFree + your time
Idle CPU (35 apps)0.04%1–3%2–4%1–2%Depends
Who answers ticketsTom, in ~15minForumDiscord + ticketsDiscordNobody
Migration paths

Coming from somewhere?

From Google Photos

Takeout → Immich, no loss.

Drop the Takeout zip into Immich import. We preserve albums, dates, geo, and HEIC. No transcode.

via Immich CLI · ~90 min for 200GB
From iCloud

Direct sync, no Takeout dance.

Sign into iCloud once from your Mac; the helper pulls your library and uploads incrementally.

via icloudpd · resumable
From Synology Photos

Rsync, keep your folder structure.

One rsync command from DSM. Folders, dates, and faces survive — we re-run face detection locally.

via rsync · zero re-encode
From Plex

Library → Jellyfin, metadata intact.

Bring your media folder verbatim. Same files, new frontend; we re-scan in place.

via Plex Meta Manager port
From Dropbox

Mount and stream into Nextcloud.

External storage mount means no "downloading 400GB to your laptop first."

via rclone · stream-once
From 1Password

.1pif → Vaultwarden, 2FA preserved.

Standard export, standard import. TOTP secrets carry over. Your devices keep working through the cutover.

via Bitwarden CLI
Platform support

Where SparkBox runs.

install.sh detects the distro family at runtime and routes through apt-get, dnf, or pacman automatically.

Tier 1 · Supported

Tested on every release.

UGREEN NASyncDXP2800 · DXP4800 Pro
Linux × 8Tier-1 distros below
Windows WSL2Win 10/11 + Docker
Ubuntu 24.04 Debian 12 Linux Mint 22 Pop!_OS 24.04 Arch Rocky 9 AlmaLinux 9 Fedora 41
Tier 2 · May work

Community-reported, not gated by CI.

Ubuntu Server openSUSE Manjaro EndeavourOS Raspberry Pi OS Elementary
Tier 3 · Coming soon
Synology DSM QNAP QTS TrueNAS Scale ARM64 (Pi 5, Apple Silicon)
Always shipping

A changelog that's actually alive.

Bug fixes the same day. Bot-refreshed from the release pipeline.

v1.6.122 2026-05-19

Clearer Surfshark push in Media VPN modal

VPN cost rationale now in the modal copy + docs by-line.

v1.6.105 2026-05-12

gluetun /dev/net/tun preflight

Install-time check that catches the kill-switch's #1 first-run failure mode.

v1.6.93 2026-05-10

Per-app setup guides shipped

33 stub guides — vaultwarden, jellyfin, tailscale, arr-stack, immich and more.

v1.6.59 2026-05-07

Profile-aware reauth + VPS detection

Closes credential-dump vulnerability on shared/public network profiles.

v1.6.50 2026-05-06

Pre-beta audit hardening

Seed-failure gate, env-precedence at dashboard layer, media-restart serialization.

v1.6.47 2026-05-05

VPN city configuration bug

cmd_up's unset list now includes new module env vars so install.sh seeds them cleanly.

See the full release history →

FAQ

The questions people actually ask.

Yes — SparkBox itself stays free forever. Every app in the bundle, every module, no upsells, no subscription. The one optional paid extra is the $49 Legend supporter tier, which adds three things: Tom AI in your dashboard (a SparkBox-exclusive troubleshooting assistant — SparkBox-only questions, won't write unrelated code; it runs on paid AI, which is why it's the one paid extra), priority forum support on d/sparkbox (your posts get answered first), and a cosmetic animated gold ring on your Demox avatar. The app works fully without any of it.
Yes. The installer is a five-step wizard with pre-filled defaults for your hardware. Every field has a tooltip explaining what it does in plain English. If something errors, the dashboard shows you a fix-it button instead of a stack trace, and the built-in AI helper reads your container logs and tells you what to click next. The most common path from "plug in NAS" to "photos backing up from my phone" is under 20 minutes.
Yes. Out of the box, nothing is exposed to the internet — apps are reachable only from inside your house unless you flip a switch. When you do want remote access, the wizard sets up a private tunnel (WireGuard or Tailscale) instead of opening ports. Every container runs locked-down with sane defaults.
Your box keeps working — it's code on your disk, not a server call. Every SparkBox install is a stock Linux box running stock Docker. There's a one-command export that hands you the equivalent docker-compose files for everything you have running. You can lift the whole setup to bare Docker and forget we ever existed.
Immich on a phone looks like Google Photos. Jellyfin looks like Netflix. We designed family-facing apps to hide SparkBox entirely. You see the dashboard. They see photos.
Officially supported: UGREEN NASync (DXP2800 / DXP4800 Pro), Windows WSL2, and 8 Linux distros across all three major package-manager families. install.sh detects your distro family and dispatches automatically — single one-line curl install on any of them. Other Docker-capable x86-64 Linux usually works without changes.
The bundled apps stay OSS — Jellyfin, Sonarr, Radarr, Vaultwarden, Immich — every container SparkBox bundles is upstream open-source software. The closed code is the integration layer — the dashboard, the wizard, the auto-update infrastructure. In 2025+, OSS source code stops being a moat. For a one-person project funded by YouTube content, OSS would mean a clone ships faster than Tom can ship the next real feature. Trust comes from behavior, not from a code audit — the binary doesn't phone home except for license validation and update checks, both documented in the privacy policy, ed25519-signed releases verified by every install, and a named accountable individual.
Daily check at 05:00. New release available → dashboard shows a badge → one click to apply → auto-rollback if the new build doesn't come healthy in 180 seconds. You don't drift behind, and you don't end up on a broken release.
Yes. Tailscale ships in the default Privacy & Network category and gets you a stable address into your box without port-forwarding. WireGuard is there too if you prefer the manual route.