Late to the party, but I’ve read that OP is going to be the sole admin. Do Not Do This. I admire what you are trying to do, but ultimately, you will have no rest, no vacation, no backup for yourself. The hardware & software aren’t the issue here - it is the human support of those services. You will put a single point of failure on yourself, and likewise your peers.

Many of the FOSS projects you mentioned have commercial services. SAAS exists for a reason. By subscribing to those services as a business, you underwrite their ability to provide the software for free to the community. It’s a win-win.

I was pleasently surprised by immich. Might be worth to compare with photoprism.
About the immich app: It somehow even punched throught my 2FA’d proxy. I am not sure how it authenticates through my phone and it only works if I authenticated inside the network first but it somehow works also outside.

If you don’t need it to be absolutely 100% foss: Veeam B/R is a solid option for backup.
Able to backup both proxmox, windows, linux mac and as well as some other hypervisors.
And it’s very mighty.

The comments seen to be going of in tangents. For a small business self hosted solutions are great, provided you have backups.

Here’s my 2 cents: Install proxmox or another hypervisor, as it will provide snapshot based auto-backups directly to your NAS nfs share. You may additionally configure an additional vm for testing other things/docker images.

Also configure your NAS to auto backup to a third location for backup snapshots.

You may configure additional vms for the accounting and time management software.

I would recommend separate vms for enterprise/commercial solutions and self hosted ones, as the support for enterprise solutions WILL blame you for anything that goes wong with their software (your XYZ software did abc and broke our product, so no support for you).

Dedicate 1 VM for self hosted products and as far as possible use docker, as it provides another level of segregation between services. Docker compose would further help you with internal networking and volume management.

On the docker VM, I would recommend postgres, NGINX Proxy Manager, Uptime Kuma on the same docker network.

I haven’t had the time to implement LDAP & SSO myself yet but it would ease your life in the long run to set it up at the beginning.

Good luck.

I don’t see anyone talking about the human side so I’ll ask - what is the appetite for change? I can see you yourself are motivated and that’s great. How do you feel the attitude is with the others there? Migrating a company that’s been working analogue for decades sounds like a big change programme regardless of the tech choices you ultimately make. This sounds like process change as well as technology change and that requires using another set of skills to wrangle the people.

I would advise to pick a small area first that’s causing the most pain but also very amenable to common tech most people are already familiar with and is only a small change to existing processes. Get an early visible success.

The photo management might be a good start as we all are used to these apps on our phones and the tech is mature and easy to find in FOSS.

Everyone loves Immich though it has some big warnings on its github page about its own maturity. Maybe something simpler: just file/photo synching and a shared gallery? It can always be upgraded in future. Syncthing is solid, some kind of NAS and one of the older/mature galleries running on top. Get your backup process nailed down and run a real recovery process before too many photos are at stake.

Anyway it sounds exciting and kudos to you for looking to FOSS. Good luck!

I think the thing with self hosting is that it’s a hobby, and when it goes wrong, it’s part of the hobby to figure it out. But in terms of business, then it becomes a risk. By all means try and use FOSS to improve solutions. I use a self hosted dropbox / file delivery to clients as it can saturate my 1Gbps fibre which is faster than most cloud file shares, but only because if it goes wrong one day, it’s a 2 min job to use a cloud solution instead (temporarily) and email clients with the alternative solution. But I would never build something up that only ever worked via one system.

Don’t just have data backups, have service backups. And in that regard, you may decide it’s just easier to do as others have said and use enterprise solutions from the start.

If using a self hosted Office suite, have all files duped into a single Google Drive account for example. That way you’re only paying for one Google account and have an emergency backup solution in place. EDIT: I’ve just recently degoogled and use Infomaniak in Europe for my office suite backup as its free for the 1st user. Experimenting with other non-Google/Microsoft solutions might be part of your journey.

You may decide the savings aren’t worth the effort in what you’re trying to achieve. EDIT: but I want to add that this is all part of the fun of what we do: thinking outside the box!

A gaming rig is a waste of money because you don’t need a fast gpu on a such a server. You want a boring server box and even better one with built-in “ilo” remote management.

FreeIPA and Keycloak will give you directory management (LDAP and Kerberos), identity management, and single-sign on (OIDC and SAML) which if all your computers are running Linux as well, will give you centralized management of users.

You can then set other FOSS business management/productivity applications like NextCloud, Oodoo, Seafile, OnlyOffice, LibreOffice, CryptPad, etc. To use Keycloak as its authentication mechanism.

A lot of this will depend on what kind of work the business does.

You’ll also want to look into log management and SEIM for security monitoring, Wazuh, Graylog, and others. This is especially true if the business has any data compliancy responsibilities in the country this is in.

Is there a reason you aren’t using standard enterprise stuff?

I think you will quickly find that a lot of those pieces of software aren’t scalable

Although I agree that if it’s a small business, it’s better to outsource it to an established business but if you’re serious about doing it yourself, check out OpenDesk/OpenCode. Also, why use your own hardware? A VPS is much more reliable.

I think a concern for the business is whether other people can help maintain the system. As such don’t go too custom and roll your own. Take things like nextcloud and see if you can fit the requirements by bolting on a few docker services. Keep it simple by using “appliances” where it makes sense (dedicated NAS?).

I haven’t tried it, but onlyoffice docspace looks like an option. It’ has hosted and self hosted options.

https://www.onlyoffice.com/docspace-enterprise.aspx

Edit: onlyoffice workspace might be a better fit if the company has the funds.

https://www.onlyoffice.com/download-workspace.aspx