What the room is paying for — and what to use instead¶
A live synthesis of the writing pad from the room at PIA 2026, plus a one-page mapping of every SaaS subscription mentioned to a free-and-open-source replacement — with a direct link to the install instructions for each.
This is what you came here for. Save the page.
What the room said¶
Seven-plus table groups wrote into the shared pad. Without naming anyone, the patterns were strikingly consistent:
Almost everyone wants out of Microsoft and Google. Teams, Outlook, Office, Windows, Endpoint Protection (table 2 and the back table both named the full suite). Google Workspace, Gmail, and Drive came up nearly as often — some groups want more Google as the Microsoft exit ramp, others flagged it as the same problem in a different colour. Sloan & Sue's group, the Hot Mamas, the fuckZuk group, the PSA back table, and CJR's table all listed at least one of MS/Google near the top.
Design tools are the second-biggest line item. Adobe and Canva surfaced at four tables. Canva especially — "we pay for Canva" was the most repeated single subscription in the pad.
Zoom is on the chopping block. Three tables named it. One group ("Three o'clock siesta") listed Zoom, Squarespace, Gmail-domain, and Teams in one breath — the full SaaS bingo card.
Then the sector-specific dependencies — the harder ones. Healthcare: Netcare (medical records), and a need for a healthcare LMS at QTHC. Schools: PowerSchool and Vretta. Operations: ADP (payroll), When2Work (time-tracking — "Ridiculous!"), Beanworks/Quotient (expenses & mileage), Wrike, Sage. Campaigning tools: NewMode, CallHub, Freshdesk, Slack.
The throughline was named most clearly by CJR's table:
"We'd rather own our data, but we are limited in our tools. Where do we trade convenience for sovereignty?"
And from the fuckZuk group, the same nerve from a different angle: "Sensitive data held stateside!" — the part everyone was thinking but only one table wrote down.
The gap: almost no FOSS-native alternatives got named back into the pad. No Nextcloud, no Mautic, no Penpot, no Jitsi or BBB. That gap is exactly what the rest of this post fills.
Most of these are already running on this server¶
Worth knowing before you read further: the box serving this page is also running a much larger sister stack called Changemakerlite. It's the same philosophy as the PIA starter stack — Docker Compose, FOSS only, behind a Pangolin tunnel — just with more services. Many of the alternatives below aren't hypothetical. They're already up and answering requests on n3-pia, right now, and you can ask for a logged in tour anytime.
| Tool | What it replaces | Status on this server |
|---|---|---|
| Rocket.Chat | Slack, Teams, Discord (team chat) | Live (rocketchat-changemaker) |
| Jitsi Meet | Zoom (video calls) | Live (full Jitsi suite — web/jvb/jicofo/prosody) |
| Excalidraw | Miro, FigJam (whiteboarding) | Live (excalidraw-changemaker) |
| Vaultwarden | 1Password, LastPass, Bitwarden cloud | Live (vaultwarden-changemaker) |
| Gitea | GitHub, GitLab (code hosting + CI) | Live (gitea-changemaker) — also the registry that serves every container on this host |
| NocoDB | Airtable, Smartsheet (no-code DB) | Live (changemaker-v2-nocodb) |
| n8n | Zapier, Make.com, IFTTT (automation) | Live (n8n-changemaker) |
| Listmonk | Mailchimp, Constant Contact (newsletters) | Two instances live — the PIA stack's and CM's |
| MkDocs Material | Squarespace, Wix (docs / static sites) | Two instances live — same pattern |
| Homepage | hand-rolled HTML index, "where do I log in to…?" | Two instances live |
| CryptPad | Google Docs (sensitive drafting) | Live (PIA stack, --profile session) |
| Apache Answer | Stack Overflow Teams, Zendesk Guide | Live (pia-starter-stack-answer) |
| Grafana + Prometheus + Alertmanager | Datadog, New Relic (metrics & alerting) | Live (full monitoring suite) |
| Gotify | Pushover, Pushbullet (push notifications) | Live (gotify-changemaker) |
| Gancio | Mobilizon, Facebook Events (federated events) | :material-warning: Configured but crash-looping right now — known issue, on the fix list |
| CMLite v2 (Changemaker) | NationBuilder, NGP VAN (campaign management) | This is the reference deployment — API + admin + media-API + Postgres all live |
| code-server | GitHub Codespaces, Replit | Two instances live (the PIA stack one is what's editing this very page) |
| Pangolin / Newt | Cloudflare Tunnel, ngrok | The tunnel itself — what you're reading this through |
What that means for you: if you want to see any of these working before you install your own, ask. The Bunker Operations runs this host and is happy to give curious orgs a logged-in tour of any of the above — useful when you're trying to convince a board, an ED, or a tech-skittish colleague that "open source" isn't a bare-bones downgrade.
The rows below this point that map a SaaS subscription to a FOSS alternative will be tagged when the alternative is one of the tools already running on this server.
Don't want to host any of it? Piggyback on this server.¶
A lot of the services above are multi-tenant by design — one running instance can serve many organizations, with each one's data isolated from the others. Where that's the case, The Bunker Operations can give your org an account on the one already running here, sliding-scale, aligned with the same offer we already extend for the Pangolin tunnel (no setup fee, just get in touch).
The point: you don't have to install a single thing to start using FOSS this month. You can have a Listmonk list, a Rocket.Chat workspace, a CryptPad account, a Gitea organization, a NocoDB base, and a Jitsi room today — on this server — at sliding-scale or free, depending on the org.
| Service | How it's multi-tenant | Piggyback offer |
|---|---|---|
| Pangolin / Newt tunnel | Multi-org, multi-site, multi-resource — orgs and sites are isolated by API key. | Yes — the standing offer in our install guide. Bring your server and domain; we register your site. |
| Listmonk | Multi-user, multi-list — each org gets its own list, own subscribers, own sender identity (with a sending-domain split if you want full separation). | Yes — talk to bnkops. Best fit if you don't yet have enough subscribers to justify your own instance. |
| Rocket.Chat | Workspaces + per-org private channels, isolated user directories per team. | Yes — talk to bnkops. Good for inter-org coordination too: one shared workspace, multi-org channels. |
| Jitsi Meet | Stateless: anyone with the room URL can join. No accounts to provision. | Yes — just use the public URL we'll share. No setup needed. |
| CryptPad | Account-based; each user's drive and pads are encrypted to their key. Cross-tenant data leakage is structurally prevented. | Yes — register at the URL we'll share. The instance is fresh as of this week. |
| Excalidraw | Anonymous + share-by-URL — purely multi-tenant. | Yes — just bookmark the public URL. |
| Gitea | Full GitHub-style org / team / repo model. | Yes — talk to bnkops. Get your org a Gitea organization, give your contributors accounts. |
| NocoDB | Workspaces; each tenant gets its own bases, tables, and access controls. | Yes — talk to bnkops, good for ops dashboards and member databases. |
| MkDocs site hosting | One process per site, but cheap to spin up another container alongside ours. | Yes — we can host your org's docs site at a subdomain, deployed from your Git repo. |
| Apache Answer | Single-instance, but multi-user. Could host a shared cross-org Q&A. | Conditional — one shared community is fine; separate orgs need separate instances. |
| Mobilizon-shaped events (Gancio) | Federated — each instance is one community, but instances talk to each other. | Case-by-case — once we get Gancio stable (currently crash-looping). |
| Vaultwarden | Organizations with role-based vault sharing. | Case-by-case — passwords are sensitive enough that most orgs should run their own. We'll help you set yours up. |
| n8n | Multi-user, but workflows holding shared credentials get messy across tenants. | Case-by-case — better as your own small instance once you have one or two workflows that matter. |
| CMLite v2 (Changemakerlite) | Built for this — organizations, users, campaigns, voter contacts, all tenant-scoped from day one. | Yes — the whole point of CMLite is one operator running it for many campaign orgs. If you run election or issue campaigns, this is the conversation. |
The trade-off you're making by piggybacking instead of self-hosting:
- You don't have full operational control. If our box goes down, your newsletter is down too. If we have to make a policy call about a service, you're affected.
- The data lives on infrastructure you don't own. For some orgs the convenience is worth it — especially while learning. For orgs that have specifically said "self-sovereignty above all," self-hosting wins. Most orgs land somewhere in the middle: piggyback now, migrate to their own stack in 6–12 months.
- Sliding scale is real, but it's still a relationship — not a credit-card sign-up. We'll want to know what your org is and what you're trying to do.
Book a call to talk through which services to piggyback Or email admin@thebunkerops.ca
The mapping — what to use instead¶
Each row is something the room named. The alternative column is the FOSS replacement. The install column is the page that actually tells you how to put it on a Linux box this week.
The badge means already in the starter stack — you can docker compose up -d and have it running tonight. The badge means already running on the server hosting this page (the Changemakerlite sister stack — ask for a tour).
Office, docs, file sharing — replacing Microsoft 365 / Google Workspace¶
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| MS Office, Outlook, Teams, OneDrive, SharePoint | Nextcloud — the FOSS office stack: files, calendar, contacts, shared docs, video, chat. The closest single thing to "the whole Google/Microsoft replacement." | Install: Nextcloud AIO (Docker) · Manual install docs |
| Google Docs (just docs, sensitive drafting) | CryptPad — end-to-end-encrypted collaborative pads. | In this stack (run with --profile session) · Self-host docs |
| Google Docs (shared docs inside Nextcloud) | Collabora Online or OnlyOffice | Collabora install (Docker) · OnlyOffice Docs install |
| Dropbox, Google Drive (just file sync) | Seafile — leaner than Nextcloud if all you need is files. | Seafile install docs (Docker) |
Newsletters & mass email — replacing Mailchimp / Constant Contact / Campaign Monitor¶
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| Mailchimp, Constant Contact, Campaign Monitor | Listmonk — single-binary newsletter platform, millions of subscribers, BYO SMTP. | In this stack · Listmonk install docs |
| HubSpot, Marketo (marketing automation) | Mautic — drip campaigns, lead scoring, the heavier-weight option. | Mautic install docs · Docker recipe |
Video calls & webinars — replacing Zoom¶
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| Zoom (quick meetings) | Jitsi Meet — also a free public instance at meet.jit.si, and already self-hosted on this server. | Self-host Jitsi (Docker) · Quick install guide |
| Zoom (structured webinars, training, breakouts) | BigBlueButton — built for education; polls, whiteboard, breakout rooms. | BBB install docs · bbb-install.sh script |
Chat — replacing Slack / Teams / Discord¶
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| Slack, Discord | Mattermost — Slack-shaped, easy migration. Rocket.Chat is the equally-popular alternative — already running on this server. | Mattermost install (Docker) · Rocket.Chat install |
| Slack across multiple orgs / federated | Matrix + Element — federated, end-to-end encrypted. | Synapse install (Docker) · matrix-docker-ansible-deploy |
Design — replacing Canva & Adobe¶
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| Canva | Penpot — Figma-shaped, full FOSS, also has a hosted free tier at penpot.app. | Self-host Penpot (Docker) |
| Adobe Photoshop | GIMP — desktop, longest-lived FOSS image editor. | Install GIMP |
| Adobe Illustrator | Inkscape — desktop vector editing. | Install Inkscape |
| Adobe Premiere | Kdenlive or Shotcut — desktop video editing. | Install Kdenlive · Install Shotcut |
| Whiteboarding (Miro, Mural, Figma FigJam) | Excalidraw — free public instance, also self-hosted on this server. | Self-host Excalidraw |
Websites — replacing Squarespace / Wix / Webflow¶
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| Squarespace (docs / knowledge base / static site) | MkDocs Material | In this stack · MkDocs Material install |
| Squarespace (more layout flexibility) | Hugo or Astro | Install Hugo · Astro install |
| Substack (publishing + memberships + newsletter) | Ghost | Ghost install docs · Ghost Docker |
Time tracking & scheduling — replacing When2Work / Doodle¶
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| When2Work, time clock | Kimai — staff timesheets, time tracking, exports for payroll. | Kimai install (Docker) |
| Doodle, When2Meet | Rallly or Cal.com | Rallly self-host · Cal.com self-host |
| Calendly | Cal.com | Cal.com self-host |
Surveys & forms — replacing SurveyMonkey / Google Forms / Typeform¶
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| Google Forms, SurveyMonkey | LimeSurvey | LimeSurvey install (Docker) |
| Typeform | Formbricks | Formbricks self-host |
| Field & humanitarian data collection | KoboToolbox | Kobo install |
Help desk & Q&A — replacing Freshdesk / Zendesk¶
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| Stack Overflow Teams, Zendesk Guide, FAQ pages | Apache Answer | In this stack · Answer install docs |
| Freshdesk, Zendesk (ticketing) | Zammad | Zammad install (Docker) |
Campaign tools — replacing NationBuilder / NewMode / CallHub / NGP VAN¶
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| NationBuilder, NGP VAN, Action Network (campaigning side) | CMLite — voter contact, canvassing, phone banks, GOTV. The Changemakerlite stack running on this server is the reference deployment. | CMLite docs & install |
| NationBuilder, Salesforce (member-CRM side) | CiviCRM | CiviCRM install |
| CallHub, Strat Com Hustle (P2P texting, voice broadcasts) | OpenVBX (voice) · GovHack-style stacks (more research needed — gap area) | (Operationally the hardest category to fully replace — most groups end up paying for the SaaS here. Worth a separate post.) |
Finance, payroll, expenses — replacing ADP / Beanworks / Sage / Wrike¶
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| Sage, QuickBooks | InvoiceNinja (invoicing) · ERPNext (full ERP including accounting) | InvoiceNinja install · ERPNext Docker |
| Beanworks / Quotient (expenses & mileage) | ERPNext expense module, or a CSV workflow into your accounting tool. | (See ERPNext above.) |
| ADP (payroll) | No clean Canadian FOSS replacement — payroll is the regulated end of finance. Worth keeping the SaaS for now, isolating it, and exporting your data quarterly. | — |
| Wrike (project management) | OpenProject, Vikunja, or Kanboard | OpenProject install · Vikunja install · Kanboard install |
Education-sector tools — replacing D2L / Genesis / PowerSchool / Vretta¶
The school and healthcare-LMS questions from the Hot Mamas and QTHC tables deserve a more careful answer than a one-line table can give. Short version:
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| D2L Brightspace, Canvas LMS (healthcare or member training) | Moodle — the canonical FOSS LMS. | Moodle install docs · Moodle Docker |
| D2L (modern UX, smaller groups) | Open edX | Open edX install (Tutor) |
| PowerSchool, Genesis (SIS — student information systems) | OpenSIS Community or Fedena | openSIS install |
(Genuinely — if your org is in the school system and you're stuck on PowerSchool, talk to us. This is one of the hardest categories.)
Password management — replacing 1Password / LastPass¶
Not named in the room, but every org we've ever talked to is paying for one of these and it's worth flagging.
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| 1Password, LastPass, Bitwarden cloud | Vaultwarden — drop-in Bitwarden-compatible server, works with the official Bitwarden mobile/desktop/browser apps. Lightweight (single Rust binary). | Vaultwarden install (Docker) |
| Bitwarden cloud (you want the official server) | Bitwarden self-hosted | Bitwarden install docs |
No-code databases — replacing Airtable / Smartsheet¶
A category many orgs slide into without noticing — a "spreadsheet that grew into a system." FOSS has good options here.
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| Airtable, Smartsheet | NocoDB — Airtable-shaped on top of your own Postgres/MySQL. | NocoDB install (Docker) |
| Notion (as a database) | AppFlowy or Affine | AppFlowy self-host · Affine self-host |
Workflow automation — replacing Zapier / Make.com¶
Where most orgs lose hours stitching tools together. Self-hostable now.
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| Zapier, Make.com (Integromat), IFTTT | n8n — visual workflow builder, 350+ integrations, self-hostable. Already running on this server. | n8n install (Docker) |
| Power Automate | Huginn or Activepieces | Huginn install · Activepieces install |
Monitoring, dashboards, alerts — replacing Datadog / New Relic / PagerDuty¶
Once you start running your own stack, you need to know when things break. The CM stack on this host is wired up end-to-end with the FOSS standard for this.
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| Datadog, New Relic (metrics & dashboards) | Grafana + Prometheus — the industry-standard FOSS observability stack. | Grafana install · Prometheus install |
| PagerDuty, Opsgenie (alerting & on-call) | Alertmanager + a paging integration (Gotify, ntfy, email) | Alertmanager install |
| Uptime Robot, Pingdom (external uptime checks) | Uptime Kuma | Uptime Kuma install (Docker) |
| Pushover, Pushbullet (push notifications to phone) | Gotify or ntfy | Gotify install (Docker) · ntfy self-host |
Code hosting & CI — replacing GitHub / GitLab¶
If your org writes any code at all — even just docs in markdown — you have one of these somewhere.
| What the room pays for | FOSS alternative | Where to install |
|---|---|---|
| GitHub.com (private repos, basic Actions) | Gitea — Go-based, single binary, scales from one developer to thousands. Already running on this server (and is the registry serving every other container here). | Gitea install (Docker) |
| GitLab.com (the heavier feature set) | Forgejo (community fork of Gitea, more aggressive feature pace) or GitLab CE (the original, heavyweight to run) | Forgejo install · GitLab CE install |
| GitHub Container Registry, Docker Hub | Gitea's built-in container registry | (Included with Gitea above — enable in app.ini.) |
Where to start tomorrow morning¶
If reading the table above feels like too much: pick one tool.
If you only do one thing this month, do this:
- Clone this stack.
git clone https://github.com/adminatthebunker/PIA-BNKOP-SERVER→cd pia-starter-stack→ walk through the install guide. One server, one evening, replaces Squarespace + Mailchimp + a help desk. - Then add Nextcloud for the office suite, on the same box, with the same
docker-compose.ymlpattern. That's the second-biggest lift removed. - Then attack design. Set up Penpot for your team, install GIMP + Inkscape on the staff laptops. Cancel the Canva subscription on its next renewal.
After those three, you've removed 80% of the SaaS surface area named in the room.
The rest — the LMS, the payroll, the time-tracking — is more careful work. We'll write up the harder categories in follow-up posts. Subscribe if you want them.
Want to talk it through?¶
If your org wants to walk through which of these to do first — given your size, your budget, the SaaS you're already locked into, and the technical comfort of whoever will own it — book a free 60-minute call (remember 1st ones free ;).
Book a free 60-min call with The Bunker Operations Or email admin@thebunkerops.ca
This post was written live during PIA 2026 with input from every table in the room. Errors are the writer's; the ideas are everyone's. CC BY-SA 4.0 — re-post, edit, translate, send to your board.