Over the past few years, I've slowly tried to reduce my dependence on big tech. I know this is popular in some circles right now, and I've made all the standard moves:
But why did I do this? Not (just) because I love to chase the latest technocrat trends. Honestly it's mostly because I hate feeling dirty when I use these services:
And every tech company I've ever bought any product from seems to abuse dark patterns to manipulate users out the wazoo. All in the name of getting you to buy one more thing, or look at one more not-really-notification. Weak.
This post talks about how I freed myself from a myriad of big tech services, all with the support of a small investment in hardware, electricity, and personal time. I call my open source confederation of services Natopia, because, well, narcissism.
NOTE: Literally all of this is a work in progress. Open source projects continually develop. Standards change. This all works right now, but there are many pieces I'd like to improve. Expect updates to this page over time.
My home server runs:
Sometimes I run a Minecraft server, too.
I hope to eventually add a Calibre server to manage my book library, but it's just not enough of a benefit yet for me to bother.
Note: the VPN is a prerequisite for any of these other services to work when you're not at home.
You don't need that much hardware to run a basic "home server". I do it all on a fanless Raspberry Pi that sips barely any power and store all of my data on an external USB SSD. Here's my setup:
Raspberry Pis used to basically require an SD card for system storage. These days, I think you can even do the initial OS install on an SSD right from the first boot. I've been using 64-bit piOS for around 2 years now, since I have an 8GB Pi, and it's been solid the whole time, except for some minor wireguard issues I experienced back in 2020. I highly recommend it.
Most of these items were specially requested birthday and Christmas gifts. (thanks Mom, even if you don't know what a "raspberry pi" is) Even with SSD prices inflating recently, you should be able to put together a similar setup for somewhere between $100 and $300, depending on your home server and SSD choices. You could even run this on an old laptop if you have one lying around: that was actually my first home server, until the fan annoyed me enough to get a raspberry pi!
Router & WiFi
I use an Apple AirPort Time Capsule 802.11ac as my router. It has 3TB of internal storage that's perfectly capable of backing up my personal and work laptops. I back up my phone to my personal laptop instead of iCloud, since iCloud backups grant Apple and their friends access to your personal encryption keys). Thus the Time Capsule also grants me transitive backups of my phone, all with practically no work on my end.
Airport routers might be a little old, but even on a gigabit internet connection, AC WiFi doesn't slow things down much. I get around 750mbps down, 50mbps up on my current connection; on my Google Fiber connection at my last apartment, I used to get 750 up and down. This router is reliable and provides easy backups. I've tried openwrt in the past, and software routing and crappy CPUs caused too much buffer bloat and video latency for my comfort. Better to use a reliable hardware routing solution in my anecdotal experience. I refuse to use a router with an online management portal, so most mesh solutions are not feasible for my use case.
I use DHCP reservations for specific IP addresses on my network based on
device MAC addresses. This isn't technically required, but it can be helpful
to ensure that your home server doesn't change IP address after a power outage
or a router reboot. I also do this for all of the other devices on my network --
game consoles, laptops, phones, tablets, TVs, etc. -- so that when I look at
my network query log, each device always uses the same IP address over time.
I combine this with fancy looking hostnames in my home server
Devices that leave the home, like my laptop and my phone, end up with two IP addresses & fancy hostnames pairs because they show up as a different IP address in the VPN DHCP range. I'm not sure if this is totally necessary (is it even possible to let my router know the MAC address of a phone that's only connected to the network via VPN?), but it's fine by me -- easier to figure out when something weird happens with the VPN.
I was a happy OpenVPN user for my first year of self-hosting. It is a very solid VPN solution, and at the time, it was the only VPN that worked on 64-bit piOS without compiling your VPN server yourself.
These days, I use PiVPN to manage a local
WireGuard server. PiVPN makes it quite easy to
set up your VPN server, and adding a new client is as easy as
Once you've set up the server, you'll need to set up port forwarding from your router to your raspberry pi for the VPN port. Don't freak out if your client doesn't immediately work -- in my experience, network configurations usually need a few dozen swear words, a couple of reboots, a cup of coffee, and a nice walk before they start working with the exact same config you originally set up. For reference, I use the following settings on my Airport router:
Your "Private IP Address" field will vary depending on your home server's IP address.
When you connect to your VPN server from a client app, you'll need your home's public IP address. There are many ways to find this, but one easy way is to search 'what is my ip' in a decent search engine. Look right under the search bar on the page, above the filter settings.
You can add a VPN client profile with the following command:
This will generate a file containing a client profile. I find it convenient to
The VPN is essential to use any of these other services when you're away from home. It's also comforting to use unsecure wifi networks at hotels, coffee shops, and libraries with the knowledge that my VPN protects my traffic from prying wireless eyes.
I use a Pi-Hole to block ads on my entire network at the DNS level. This means that a most ads never make it to my device: the request doesn't even leave my network! It also helpfully blocks many ads from my "smart" TV, my Playstation 4 Pro, my e-ink Android tablet, and my iPhone, which all have locked-down operating systems that prevent me from blocking ads on the device itself.
A word of warning: depending on the blacklists you employ, a Pi-Hole can and will break some particularly spammy websites. Referral and tracker links frequently break -- a particularly annoying situation when I'm trying to unsubscribe from a mailing list or service. I see this as a red flag that only reinforces my hatred for these privacy violating services, but Meg tells me that I might be a dangerous antisocial madman who doesn't acknowledge the real world utility of Instagram ads. Who's to say who's right? At least you're aware now.
Once you've got your Pi-Hole set up, you need to configure it as the DNS provider for your network. I can't help you with that configuration -- it depends on your router. In the Airport UI, this is particularly annoying. Here's my current configuration:
Airport routers only have one set of inputs for DNS settings. If you set up a DNS server in your personal network DHCP range, computers connected to your guest network will try to connect to that DNS server... and fail. Because they're in a separate network. For this reason, I don't recommend using a guest network on an Airport router with a Pi-Hole.
On OpenWRT it was pretty easy to set up a custom DNS provider, but also pretty easy to screw up. I seem to remember an awful lot of text entry and writing newlines by hand because there weren't any input boxes. There's one major thing you should understand when setting up your Pi-Hole: it should be the only DNS for your network. Don't add a second "backup" DNS in case it fails -- if you do that, every time you block an ad with the Pi-Hole, your devices will go straight to the second DNS and fetch the ad successfully. Stick with just the one.
Some devices come with DNS addresses hardcoded into them. If your router allows it, block outbound requests from your network entirely for every device except the server running the Pi-Hole. That way, nobody can send rogue requests to DNS servers other than the Pi-Hole.
My music hosting is deceptively simple. I use:
FinAmp and Sonixd are easy to install on your client devices. Once you've installed them, you just have to point them to your Jellyfin server. I use my Pi-Hole to make easy-to-remember DNS entries like "music.box" instead of "192.168.1.3" for services like Jellyfin. Note that FinAmp and Sonixd are both fairly picky about including the "http://" prefix at the beginning of your URL. If you create a fun DNS entry, you'll enter a URL like this:
Setting up Jellyfin isn't too hard, once you've got a place to store all of your legitimate DRM-free music files ripped from CDs in the 00's. I find Docker a bit too computationally expensive on my Raspberry Pi, so I run Jellyfin on server startup via Systemd. The official documentation covers things quite well.
I organize my files just like I did in the 00's with iTunes:
Jellyfin lets you edit metadata in the files directly, but only some of it, like song names, artist names, album names, etc. It can be difficult merge artists, if they somehow get separated -- I'm still not sure if there's a good way to do this in the UI.
I need to investigate volume normalization. My Rush albums, for instance, are super high quality vinyl-ripped lossless FLACs, upwards of 3000 kbps quality. But they're quiet compared to the rest of my songs. From what I've read, I should be able to edit the volume gain directly in the file. But I haven't experimented with it yet.
I did experience one issue early on with my Jellyfin setup: the account
running my Jellyfin server didn't have write access to my music library.
This meant that I couldn't edit song metadata or delete songs from the UI.
I worked around this by simply running Jellyfin as my admin
I originally spent a fair bit of time setting up Jellyfin to use Google Drive as a network storage engine. Surprisingly, it worked! Then, the next day, Google announced massive cutbacks to previously "unlimited storage for life" university Google accounts. Coincidence? I think not. There was some noticeable latency anyway, and 2TB USB SSDs are cheap enough that you're unlikely to need more storage for a long time.
A News Feed
I use FreshRSS to keep up to date with blog posts and non-evil newsletters from companies I respect. It's been working great for about a month so far. If you don't know what RSS is:
Initial installation didn't take long (despite the long list of steps below -- they go quick, and it's all basic Unix-isms instead of modern container voodoo. I followed this guide, but in case that blog ever disappears, here's the steps I followed:
Special thanks to cosmosurfer for this non-containerized RSS aggregator setup.
Think the installation took a long time? It takes longer to find a list of feeds you'd like to follow. Here's my own list of feeds that you can shamelessly sift through as a starting point (or laugh at, if that's more your speed):
I'm providing this as an OPML file. It's basically just a piece of XML that you can import into most RSS clients. If you don't want to go through the process of setting up FreshRSS, I highly recommend FeedBro, which runs as a Firefox add-on. Unlike FreshRSS, you can't share your subscriptions and read state across devices, but if you mostly use one device to read RSS that might not be a big deal.
Just search the feed name and as long as you use a civil browser like Firefox, you'll see a little RSS icon on the right side of the URL bar. If you click on that, you'll end up at the feed URL, which you can copy & paste into FreshRSS.
I use NetNewsWire to read my feed. A lot of people swear by other clients like Reeder. Some folks just prefer the FreshRSS web UI. Figure out what makes you happy -- I like the native iOS and macOS styling of NetNewsWire, so I'm sticking with it for now. I might make my own theme sometime soon and share it here.
Network File Shares
I use Samba to expose files on my home server to other devices on my network -- mostly Macbooks. I followed this guide, but in short:
If you don't see the server or icons, try
I just use Time Machine for now. I'd eventually like to offload my backups to an offsite storage medium, in case of a flood or a fire or a Vogon constructor fleet. For now, this is the best backup solution I've ever had, and I'm basking in that glory until I get worried enough to improve it.