I've already written about building a website by prompting AI, and more generally about why I run FreeBSD on my home servers. This post is about the combination of both.

Oh my Claudio ! (skip if you haven't spent the last 5 years in an offline bunker) #

Ok I'll be quick. Claude Code is Anthropic's CLI AI agent — it runs in your terminal, reads your files, executes commands, modifies configurations, and acts autonomously to complete whatever task you throw at it.

Think of it as a very senior sysadmin colleague that you can ask anything at any time of the day.

Installing Claude Code on FreeBSD : #

Installation is straightforward. You need node and npm from the ports/pkg :

pkg install node npm
npm install -g @anthropic-ai/claude-code

Then just run claude and authenticate with your Anthropic account. That's it. It works perfectly fine on FreeBSD.

warning Known issue : updates are currently broken
Since the migration from the npm installer to a native installer, updating Claude Code on FreeBSD (and apparently on other platforms too) is broken. There is an open issue on GitHub for this. A bit annoying but not a blocker until now ..

Deploying Authelia with 2FA in a few prompts : #

Ah, Authelia. You gave me so many headaches over the years ... We're good now. 😄

It's a great piece of software, but the configuration is... not simple. At all.
There are a lot of YAML files, cryptographic secrets to generate, session configurations, integration with your reverse proxy (in my case Nginx), TOTP/WebAuthn setup... I had tried a few times in the past and always gave up after an hour or two fighting with the config.

This is probably the most impressive thing I've done with it.

With Claude Code : I described my setup (FreeBSD jail, Nginx as reverse proxy, list of my applications), and asked it to deploy Authelia with TOTP 2FA in front of my apps.

It :

Read my existing Nginx configuration files
Generated all the required secrets and keys
Wrote the Authelia configuration.yml from scratch, adapted to my setup
Modified the Nginx vhosts to integrate the auth middleware
Wrote the FreeBSD rc.conf entries and the init script
Tested the configuration step by step

A few prompts. Maybe 15 minutes of back and forth. Something that would have taken me a full weekend (if I succeeded at all honestly).

The 2FA is now running in front of all my sensitive applications. 😎

I'm not gonna lie — I almost fell off my chair when it worked on the first try. I was 100% expecting to spend the next hour debugging YAML indentation issues or missing secrets. Nope. Just worked. That's the kind of moment where you close your laptop, make a coffee, and question all the weekends you lost doing this stuff manually. 🤯

Compiling packages that don't exist in pkg : #

One of the real frustrations with FreeBSD is when you need a piece of software that isn't in the pkg repository yet due to bad habits of devs people ! shipping only a docker-compose.yml and calling it documentation. Haha ... No build instructions, no baremetal guide, nothing. Just docker pull and good luck figuring out the rest yourself.

In the past this meant hours digging through GitHub issues, trying to reverse-engineer a Dockerfile to understand the actual dependencies, and fighting with compilation errors on a platform the developer never even thought about.

With Claude Code : you just point it at the GitHub repo (or even just the Docker image name), and it figures everything out by itself. It reads the Dockerfile, translates it into a proper FreeBSD build procedure, resolves the dependencies, adapts the compilation flags, and compiles the thing — without any documentation other than docker pull whatever/whatever. Fingers in the nose. 😄

I've compiled several applications this way. Each time it identified the missing libraries, proposed the correct flags, and fixed the compilation errors without me having to understand every single step.

Hardening HTTPS headers : #

Security headers on a self-hosted setup is one of those topics where you know it's important but the documentation is scattered everywhere and it takes time to get right.

Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, Permissions-Policy... Each application has its own requirements, and a header that works for one app can completely break another.

I gave Claude Code access to all my Nginx vhosts and asked it to review and harden the security headers for each application. It went through every single vhost, understood what each application was doing, and generated application-specific headers — not just a generic template copy-pasted everywhere.

It also explained why each header was set the way it was, which is actually useful to understand what you're doing.

Hardening jail network configuration and firewalling : #

You know it matters, but you always postpone it because it requires reading a lot of documentation and testing things that are annoying to test without breaking production.

I gave Claude Code access to my jail configuration and my pf.conf and asked it to review the whole thing from a security perspective.

It went through every jail, identified which ones had unnecessary network exposure, tightened the network interfaces assignments, and reviewed which jails actually needed outbound internet access versus which ones should be isolated in a strictly internal VLAN.

On the firewall side, it reviewed my PF ruleset and proposed a cleaner, stricter set of rules — proper default deny, tighter rules per jail, logging on suspicious traffic. It also pointed out a few rules that were either redundant or inadvertently too permissive. The kind of stuff that accumulates over years of "it works, don't touch it".
I also “fixed” my crowdsec setup, which was really messed up, and he optimized it 2 prompts ...

note
The great thing here is that Claude Code doesn't just propose generic hardening templates. It reads your actual setup and adapts the rules to what you're really running. A jail that hosts only a static website gets very different rules from one running a database.

The result is a significantly cleaner and tighter security posture, without having spent a full weekend in the PF documentation. 😄

Optimizing backup scripts : #

I had one backup script. It worked, but it wasn't perfect — the kind of "good enough" script you write once and never touch again because it does the job and you don't want to break it.

With Claude Code I turned it into a proper swiss army knife. Added options I had always wanted but never had the courage to implement myself — proper logging, retention management, error handling, notifications, dry-run mode... The script went from "it kinda works" to something I'm actually proud of.

That's another thing Claude Code is great at : taking something that exists and making it significantly better, without you having to rewrite everything from scratch.

That's why RAM is so expensive #

After a few months of using Claude Code as my day-to-day sysadmin assistant on FreeBSD, here's my honest opinion :

The good : #

It understands FreeBSD natively. Paths, jail architecture, rc.conf, pkg, pf... no need to constantly specify "but I'm on FreeBSD not Linux".
It reads your actual configuration before suggesting anything. It doesn't give generic answers, it gives your answers.
It's genuinely useful for tasks where the documentation is painful (hello Authelia, hello CSP headers).
It's available at 3am when something breaks in production and you don't want to google for an hour.

The less good : #

The update issue mentioned above is really annoying. When you're paying for a tool you want it to be properly maintained. Hopefully it will be fixed soon — the issue is tracked here. If you're a FreeBSD user (or just someone who cares about non-Linux platforms), please go drop a comment or a 👍 on that issue. The more noise we make, the more likely Anthropic keeps shipping a compatible binary. Go spam it. Seriously. 🙏
It can sometimes be too eager to make changes. You need to be careful and review what it proposes before blindly applying it. The --dry-run mentality is your friend.
For very exotic FreeBSD-specific setups, it can sometimes fall back to Linux assumptions. Usually correctable with a quick clarification, but it happens.

But doesn't it make self-hosting boring ? #

Honestly ? A little bit, yes. 😅

The thing with self-hosting is that half the fun was the challenge. Spending a Saturday afternoon fighting with a configuration, finally getting it to work at 11pm, feeling like an absolute genius. That satisfaction when something finally clicks after hours of debugging.

With Claude Code, the difficulties just... fall one after another. What used to be a weekend project is done before lunch. You suddenly find yourself running out of things to tinker with. The backlog of "I'll set that up someday" items is shrinking dangerously fast. 😂

That said — I act more like a CTO than a sysadmin now. I know exactly what I'm asking for, I review every change, and I know when to hit a big fat Ctrl+C when Claude starts overcomplicating things. I'm the one with the global vision and the final say. Claude is my very talented technician.

AI doesn't replace the person who knows the system. It amplifies them.

If you run FreeBSD at home and you haven't tried it yet — go install it. You won't go back. 🚀 If Anthropic is willing to keep maintaining it on FreeBSD, that is... hint hint 👀

#FreeBSD #AI #self-hosting