Funkwhale is the best option for replacing Spotify. It can be private or public and federated so you can follow users who want to share their playlists and such.

Navidrome is another good option although i don’t use it personally I hear nothing but good things.

Avoid subsonic directly but youll find funkwhale and other services support it as a protocol very well. Its just the subsonic server software itself and all of the forks seem to basically just be reinventing the same wheel over and over so they can charge for “premium” features.

Okay I don’t drive so im a bit out of the loop on this but last time i rented a car some 15-20 years ago it had GPS built in that didn’t require connecting, it was a tablet sized interface on the console… is that not a thing anymore? Like do cars in 2025 not have functioning GPS without a phone connected to them? Thats wild if so. A 2008 Toyota Prius could have a built in console navigation system, it ran off a DVD or USB key that you got updates for by mail, and here we are in 2025 you need a phone just to power the cars computer for navigation.

It was not that common 10 years ago, it was only JUST being fully rolled out in the US in 2015 when they finally made it mandatory for cards to have chips in them. I guess I’m just an old man yelling at clouds here, but i just never really felt like using cash or a card was that inconvenient.

I suppose for you tap2pay is as essential as being able to run custom software on my devices is to me, I have been using custom roms since 2009 and I wouldn’t be willing to sacrifice my ability to use GrapheneOS just so i can carry one less card that i can literally fit in my phone case, but hey, different strokes ig.

And what did you do five years ago or ten years ago? At what point did Tap to Pay become so convenient and so essential to your life that you’re willing to give up your ability to have complete ownership and control over what’s installed on your phone rather than go back to having a card on you?

It just doesnt seem like that big of a deal to me, but then i never was able to use it anyway because ive been running grapheneOS or another custom rom since before tap2pay even existed.

So you sacrafice your ability to use a more free device because youd rather leave your credit card at home, but thats A choice that you made. If you wanted you could bring a card with you or cast with you or a wallet full of things. Do you not carry ID with you either?

Honestly tap2pay seems like very little advantage over a credit card for having to sacrafice privacy and the ability to control the software on my phone, but thats just me.

Im not saying its a problem to want features, just saying its sacraficing freedom for convience, its a choice.

If you really wanted to use a Linux phone, there are options. You would have to adapt, you would have to use non-standard solutions, but in the long run you’d have more freedom because of those sacrifices in convenience.

None of the 3 things you mention was common place 10 years ago, its not that much of a setback to carry cash or a card, or to use a dedicated device for navigation. Its fine if you dont want to do that but dont act like you can’t live without tap2pay or a voice assistant if you really wanted to.

So what happens if your phone is lost or stolen or damaged? How would you pay for a new phone?

How old are you that you “need” these things.

Is not being able to use tap to pay, or having to plug in an aux cable really that big of an inconvenience?

Oh interesting! Thank you.

Thanks but i meant the site in the original post https://cheapskatesguide.org/articles/debian-netinstall-waf.html

It says

403 Error Your IP address has been blocked. This MAY be because you have made yourself look like a robot by using an unknown VPN or Tor exit node.

I just wish i could read it, it seems to block based on my IP which isn’t really a good way to identify bots.

Well it cant be that good becauase it thinks im a bot.

Anubis works pretty well for me so far in blocking clankers.

Great idea, i really hope we see more of that type of local/selfhosting for average folks, its really the only way to save the internet from just being another corporate censorship heavy advertising platform.

I setup navidrome but never got around to using it much personally. It seems like a good option for a private collection, but im more about sharing mine these days.

I setup jellyfin with feishin and use finamp on mobile for music.

Im also running the latest alpha of funkwhale which i recommend checking out the stable version for a better impression but the alpha is functional if a bit ugly at the moment. My public service for funkwhale has the most users out of anything else i run so people def seem to like it.

I discovered mstream fairly recently and really like its simplicity.

I have MPD setup to stream as a radio on my homepage.

Overall i mainly just use jellyfin out of convenience because i already use it for shows and movies. But ive tried lots of dedicated music options and every subsonic fork still in existence, i keep coming back to jellyfin though.

I think if you already have jellyfin working navidrome isnt really as useful unless you dont like the way jellyfin handles music (wich objectively jellyfin isnt the best interface for music). Its not really that much extra overhead though tbh so you shouldnt hesitate to give it a try if you want to. Really anything thats just focused on audio streaming isnt going to add much overhead.

In that case you would need to add the peers to the wireguard node you have running in the home lab as well. Wireguard can route peer to peer and will take the shortest path available to it.

That said, i highly recommend first getting things working in a “spoke and hub” style wireguard configuration with either your homelab or the vps as a central peer, then add peers as endpoints after you have everyone with working connections to the central peer. Its just a heck of a lot easier to trouble shoot and get your head around thatway.

deleted by creator

A central wireguard peer on your vps, connect home to vps and direct the wireguard. Add friends as peers on the VPS like such:

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <VPS_PRIVKEY>

# Home
[Peer]
PublicKey = <HOME_PUBKEY>
AllowedIPs = 10.0.0.2/32

# Friend
[Peer]
PublicKey = <CLIENT_PUBKEY>
AllowedIPs = 10.0.0.3/32

Use iptables to Split tunnel traffic

For the home network ip route add 192.168.1.0/24 via 1. 0.2 dev wg0

And for the vpn To route google a .d such

Enable NAT for clients

iptables -t natw POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

You can set the iptables rules to run wjen it comes up

Forgive my formatting. Mobile clients being janky

It sounds like you’ve got the right plan. I use Anubis and fail2ban along with some manual rules on nginx to block AI bots. In my experience Anubis helps a lot, and you can monitor nginx logs over time to for scans and such to make additional ban rules on.

I’m pretty happy with Debian as my server’s OS. I recently gave in to temptation and switched from stable to testing, on my home systems I run Arch because i like to have the most up to date stuff, but with my servers that’s a bit less important, even so debian testing is usually pretty stable itself anyway so I’m not worried much about things breaking because of it.

Ive used offtiktok which is self hostable

There is also proxitok

Or you could probably work out something with yt-dlp or one of the front ends for it.