The Samaritan Compendium

Every tool here is open-source, self-hostable, and rated for sovereignty on a scale of 1 (vendor lock-in) to 5 (complete ownership). The proprietary alternatives are noted so you can compare honestly.

Infrastructure

Proxmox VE

Sovereignty: 5/5 | Open-source virtualization platform combining KVM hypervisor and LXC containers with a comprehensive management interface.

Use cases: Self-hosted cloud infrastructure, complete replacement for VMware and Hyper-V, disaster recovery with built-in replication.

Why it wins: Zero vendor lock-in, web-based management, built-in HA with clustering and live migration, integrated backup/restore.

Alternatives: VMware ESXi (sovereignty: 2/5), Hyper-V (1/5)

Getting started: Download the Proxmox VE ISO, create bootable media, boot and follow guided setup. Access the web interface at https://[your-server-ip]:8006.

Linux

Sovereignty: 5/5 | The foundation of digital sovereignty. An open-source OS kernel that powers everything from embedded devices to supercomputers.

Use cases: Server operating systems, desktop liberation from proprietary OS, infrastructure automation.

Why it wins: Complete transparency, zero licensing costs, exceptional stability, unmatched hardware flexibility, rich distribution ecosystem.

Alternatives: Microsoft Windows (1/5), Apple macOS (1/5)

NGINX

Sovereignty: 5/5 | High-performance web server, reverse proxy, and load balancer for self-hosted infrastructure.

Use cases: Web application hosting, API gateway with rate limiting, TLS termination.

Why it wins: Superior performance for concurrent connections, highly configurable modular design, built-in load balancing, battle-tested security features.

Alternatives: Apache HTTP Server (4/5), Microsoft IIS (1/5)

Docker

Sovereignty: 4/5 | Containerization platform enabling consistent application deployment across environments.

Use cases: Application containerization, microservices architecture, dev environment standardization.

Why it wins: Consistent environments dev-to-prod, resource isolation, rapid deployment, large ecosystem.

Alternatives: Podman (5/5), LXC/LXD (5/5)

Note: Docker's daemon architecture and default Hub dependency reduce its sovereignty score slightly. Podman is daemonless and fully rootless.

Grafana

Sovereignty: 5/5 | Open-source analytics and monitoring platform with visual dashboards and extensive data source support.

Use cases: Infrastructure visualization, security operations dashboards, business analytics.

Why it wins: Supports dozens of data sources, highly customizable dashboards, powerful alerting engine, large plugin ecosystem.

Alternatives: Datadog (1/5), Splunk (1/5), Kibana (4/5)

Prometheus

Sovereignty: 5/5 | Open-source monitoring and alerting toolkit designed for reliability and scalability.

Use cases: Infrastructure metrics collection, alert management, service health monitoring.

Why it wins: Powerful multi-dimensional data model, flexible PromQL query language, autonomous single-server nodes (no distributed storage dependency), pull-based metric collection.

Alternatives: Datadog (1/5), InfluxDB/TICK Stack (4/5), Nagios (5/5), Zabbix (5/5)

Security

Matrix Protocol

Sovereignty: 5/5 | Open standard for secure, decentralized, real-time communication with end-to-end encryption.

Use cases: Secure organizational communications, encrypted team collaboration, vendor-independent messaging.

Why it wins: Decentralized architecture, E2EE by default, interoperability through bridges (Slack, Discord, IRC), self-hostable with multiple server implementations.

Alternatives: Slack (1/5), Discord (1/5), Microsoft Teams (1/5), XMPP (5/5)

GnuPG

Sovereignty: 5/5 | Complete implementation of the OpenPGP standard for encrypted communication and file protection.

Use cases: Email encryption, digital signatures, secure file transfer and verification.

Why it wins: Strong public-key cryptography, free and open-source, cross-platform, integrates with many email clients.

Alternatives: S/MIME (3/5), proprietary PGP implementations (2/5)

OpenSSL

Sovereignty: 5/5 | Full-featured toolkit for the Transport Layer Security (TLS) protocol and general-purpose cryptography.

Use cases: Certificate management and PKI, encryption key generation, TLS implementation.

Why it wins: De facto standard for TLS/SSL, wide range of cryptographic functions, cross-platform, actively maintained.

Alternatives: LibreSSL (5/5), GnuTLS (5/5), BoringSSL (4/5)

Network

WireGuard

Sovereignty: 5/5 | Modern, fast, secure VPN protocol with state-of-the-art cryptography and minimal attack surface.

Use cases: Secure site-to-site connectivity, remote access, cross-border secure communications.

Why it wins: Exceptionally small auditable codebase (~4,000 lines vs OpenVPN's 100,000+), significantly faster than OpenVPN and IPsec, seamless roaming, now integrated into the Linux kernel.

Alternatives: Cisco AnyConnect (1/5), OpenVPN (4/5)

pfSense

Sovereignty: 5/5 | Open-source firewall and router platform based on FreeBSD with enterprise-grade networking capabilities.

Use cases: Network edge security, advanced routing and VLANs, multi-WAN failover.

Why it wins: No licensing fees, extensive feature set (VPN, load balancing, traffic shaping, captive portal), user-friendly web interface, regular updates.

Alternatives: OPNsense (5/5), Cisco ASA (1/5), Palo Alto Networks (1/5)

Storage

PostgreSQL

Sovereignty: 5/5 | Advanced open-source relational database with enterprise features and unparalleled reliability.

Use cases: Primary application database, data warehousing, GIS applications (via PostGIS).

Why it wins: ACID compliance, 30+ years of active development, advanced features (MVCC, table inheritance), rich extension ecosystem, enterprise performance without enterprise cost.

Alternatives: Oracle Database (1/5), Microsoft SQL Server (1/5), MySQL (2/5 — Oracle-owned)

MongoDB

Sovereignty: 4/5 | Document-oriented NoSQL database for modern application development and scalability.

Use cases: Document storage, real-time analytics, content management.

Why it wins: Flexible schema, built-in sharding for horizontal scaling, rich indexing, Community Edition provides sovereignty with enterprise capabilities.

Alternatives: DynamoDB — AWS (1/5), Cosmos DB — Azure (1/5)

NextCloud

Sovereignty: 5/5 | Self-hosted productivity platform providing file storage, collaboration, and communication tools.

Use cases: Google Workspace / Microsoft 365 replacement, document collaboration, calendar/contacts/file sync.

Why it wins: Complete data sovereignty by self-hosting, rich app ecosystem (Calendar, Mail, Talk, Office), cross-platform clients, federation between instances.

Alternatives: Google Workspace (1/5), Microsoft 365 (1/5), Dropbox (1/5), ownCloud (4/5)

Development

Markdown

Sovereignty: 5/5 | Lightweight markup language for creating formatted documents with plain text syntax.

Use cases: Documentation, knowledge base articles, technical specifications.

Why it wins: Simple syntax, plain text ensures portability and longevity, universally supported, no vendor lock-in.

Alternatives: reStructuredText (5/5), AsciiDoc (5/5), Microsoft Word (1/5)

Sovereign Tools Directory