An open-source Office stack for 2025 (because OAuth fatigue is real)

I lost track of how many OAuth auth screens I clicked through in 2025. Fifteen separate accounts that each demanded re-auth on a different cadence, four password manager imports across vendor changes, three separate "your subscription is changing" emails that meant a feature I depended on disappeared. By mid-year the friction crossed a threshold and I rebuilt my office stack mostly with open-source self-hosted alternatives.

The result is more work to operate and meaningfully less work to use day-to-day. Worth being concrete about what works, what doesn't, and the trade-off curve so other people deciding whether the migration is worth it can decide accurately.

The stack

What's running, what it replaced, what it costs me to operate:

Nextcloud for file sync, calendar, contacts, simple document editing. Replaced: Google Drive, Apple Calendar's iCloud sync, Apple Contacts, Google Docs for the documents I don't need real-time collaboration on. Runs on the Synology. ~30 minutes of setup quarterly for updates.

Forgejo for the personal git server. Replaced: a paid GitHub plan that I'd been on for years. Runs on the Synology in a container. Almost zero operational overhead. Same UI as Gitea / GitHub for the workflows I use.

Mailcow for personal email hosting on my own domain. Replaced: a Google Workspace account. Runs on a small VPS. The setup was an afternoon; ongoing operation is the kind of thing where you do something maybe twice a year (cert renewal, occasional spam-filter tuning).

Vikunja for task management. Replaced: a series of failed migrations between Asana, Todoist, Things, and Apple Reminders. Runs on the Synology. Boring, reliable, exports to standard formats.

BookStack for personal knowledge base. Replaced: a paid Notion plan. Runs on the Synology. The hierarchy model fits how I think about my notes better than Notion's pages-as-databases model did.

Open WebUI as the AI chat interface. Replaced: paid ChatGPT and Claude Pro subscriptions for the use cases that route to local models. Runs on the Studio. The local-models story I've been writing about lives here.

Wireguard via Tailscale for the network glue. Replaced: nothing, added because the on-prem stack needs a way to reach me when I'm not on the home network. Effectively free at my usage level.

Caddy for reverse-proxying everything with TLS. Replaced: a tangle of nginx configs from various tutorials. Boring, works.

That's the stack. Not exotic. Each piece is a well-understood project; the integration is the work.

What works better than the SaaS equivalents

A few specific cases where the open-source self-hosted version is genuinely better:

Zero subscription cycles. No "your plan is changing," no "this feature is now Premium," no "we're sunsetting this product." The software does what it did when I installed it; updates come on my schedule.

Single auth surface. The Tailscale-plus-local-IDP setup means one auth context for everything. No re-OAuth-ing 15 services per quarter. The friction reduction is bigger than I expected.

Data portability is real. Every system in the stack has standard export formats. Markdown, ICS, vCard, JSON. The "I want to leave" path is straightforward in a way that's never quite true with SaaS.

Customization where I actually want it. The few places where I had specific wants (the Vikunja sort order, the BookStack theme, the Forgejo CI runner config) are gettable in the OSS world in a way the SaaS equivalents either don't allow or charge for.

Cost is predictable. A small NAS plus a small VPS plus electricity. Order-of-magnitude similar to one or two SaaS subscriptions; covers all 8 of the services I migrated.

What doesn't work as well

Worth being honest about the trade-offs:

Real-time collaboration is weaker. Nextcloud's collaborative editing is functional and not as polished as Google Docs. For the cases where multiple people need to edit a document together in real time, I still use Google Docs. Most of my documents aren't this case; the ones that are go elsewhere.

Mobile clients vary. Some of the OSS projects have great mobile apps (Nextcloud, Vikunja). Some don't (BookStack mobile is web-only and a bit awkward; Forgejo mobile is read-only most of the time). Net effect: I do more on the laptop and less on the phone for OSS-stack things.

The "everyone uses it" benefit is gone. When I share a document. I have to send a link to a Nextcloud instance the recipient has never seen. They can read it, but it's not "click this Google Doc." The friction is small per case, real in combine.

Setup time was real. Maybe 30 hours total to get everything stable, including the Wireguard / Tailscale wiring, the TLS cert automation, the backup story for each piece. Spread over a few weekends. Not free; not crazy either.

On-call is on me. When something breaks, I fix it. The MTTR on my self-hosted stack is hours-to-days; the MTTR on a SaaS stack is "the vendor fixes it whenever they fix it." Different shape; my shape costs me time when something breaks.

What this costs vs what it saves

The honest math, annualized:

SaaS stack I replaced: Google Workspace ($150/yr), GitHub Pro ($48/yr), Notion Personal Pro ($96/yr), Todoist Premium ($60/yr), ChatGPT Plus ($240/yr), Claude Pro ($240/yr), iCloud+ for the storage tier ($120/yr). Roughly $1,000/yr in subscriptions.

OSS stack I run: small VPS for Mailcow ($10/mo), incremental electricity for the NAS / Studio (~$25/mo on top of what I'd have been paying anyway). Roughly $420/yr in operating costs. Plus the one-time setup time and ongoing maintenance.

Annual savings: ~$580. The capital cost (NAS, networking) was already there for other reasons. The setup time (call it 30 hours at the value-of-time rate I'd put on a weekend project) is roughly $1,500 of effective cost. The break-even is year three.

That's not what motivated the move. The motivation was the OAuth fatigue and the "things keep changing under me" feeling. The cost story is fine; the operational-control story is the value.

Where this fits in the broader pattern

This is a smaller-scale version of the same pattern as the on-prem case for AI workloads, picking the cases where SaaS isn't paying back and moving them to infrastructure you control. The same operational discipline applies: backup, monitoring, on-call routine. The same trade-off shape: more setup, less per-day friction, more control over the lifecycle.

It also fits the keepers-vs-abandons home-stack discipline. The OSS office stack has the same operational requirements as the home AI stack; running both extends the same muscle.

What I'd recommend

For someone considering whether to do this:

• Don't migrate everything at once. Pick the SaaS that's annoying you most (mine was email). Move it. See if the operational story works for you.
• Don't try to replicate the SaaS UX 1:1. The OSS equivalents have different shapes; some better, some worse. Optimize for the things you actually need rather than for feature parity.
• Plan for the network layer. Tailscale or equivalent is what makes the self-hosted stack accessible from anywhere. Without it, the experience is much worse.
• Have a working backup story before you migrate the data. The "I forgot to back this up" failure mode is the worst in the OSS-stack lifecycle.
• Accept that not everything should move. The cases where SaaS is genuinely better (real-time collaboration, mobile-first workflows, network effects), keep those on SaaS.

The open-source office stack in 2025 is buildable, sustainable, and meaningfully less annoying day-to-day than the SaaS jungle. The economics aren't dramatic; the operational-control story is. For people who feel the OAuth fatigue, the migration is worth it. For people who don't, it isn't.

Worth being honest about which side of the line you're on before deciding.