when i moved into this flat, i bought a raspberry pi cm4, and a dual gigabit ethernet hat thingy for it, with the intention to set it up as the router for my home network. however, i didn't really know what i was doing, and the previous occupant had left me a cheap netgear router which turned out to be quick and easy to run openwrt on. i had no idea how my own homegrown setup would be better than just using openwrt. thus the netgear became my router for a few years, while the raspberry pi was left to collect dust, sans a handful of false starts in trying to do stuff with it.

openwrt is nice for improving cheap shitty consumer routers, bit it came with a lot of limitations:

• releases are frequent, and upgrades are hard. i just ended up never doing it, because breaking something on my only router would be incredibly inconvenient. while you can update individual packages, stuff like the linux kernel are just baked into the image you flash onto your router, so that never got updates.

• to my knowledge, no good way of automating stuff. if i had to redo my setup (and i did once, because i locked myself out without having backups like a dummy), i'd just be pointing and clicking for an hour or two to get things back to how they were. ideally, i would like to simply run a thing on my computer to bring my router back to the exact state i want it in.

• the router's hardware is still shit. the soc is like a mediatek mips thingy with 128 megs of ram that can't cost more than like a penny per unit. i could only ever get like 60% of my internet speed through this thing, even via ethernet, and it would suffer occasional lockups for seemingly no reason. the stock firmware, like openwrt, is also just a terribly out-of-date linux which probably does nothing special, so i don't think it was openwrt's fault that it performed so poorly.

• i looked into docker, and for a multitude of reasons, you just aren't going to be running that on openwrt, let alone on the mips architecture.

in the years that followed, i expanded my knowledge. using openwrt allowed me to mess around with and figure out vlans and firewalls. i bought my first managed switch, and a separate wifi access point, and learnt how to fit everything together the way i wanted. i made separate networks for my home and work devices, as well as for IoT crap and guest clients. separately, i also learnt how to automate linux stuff using ansible.

with the recent news that tim cook is sucking up to president musk, i decided that cher was right and made the decision to cancel my apple services and self-host my file storage and music and everything. as a prerequisite, i wanted to have my pi sorted out as my router. if i couldn't even do that, then there was no hope for me hosting my own stuff to replace icloud.

so a week and a bit ago, i plug the pi in, and move towards my goal incrementally:

• install an operating system. this was an easy choice, i didn't want to use anything but stock raspbian. also start writing an ansible playbook to automate the steps i take.
• set up unattended-upgrades, configure the time zone, and do all the system configurationy stuff.
• get a firewall up and running. initially i thought maybe i should learn nftables, but then i decided on firewalld after reading someone else's experience of setting up a router with it.
• figure out that NetworkManager keeps making firewalld forget that an interface is bound to a zone, and replace it with systemd-networkd instead.
• get dhcp working. i initially figured i'd be using dhcpd or dnsmasq, but i found out systemd-networkd just simply has its own dhcp server, so i decided to use that.
• get ipv6 working.
• choosing a dns server. i've used bind9 and dnsmasq in the past, but this time i decided to go with unbound. i may replace it with pi-hole later.

at this point i decided the pi was good enough to replace the netgear router. later, i work on getting more firewall zones and vlans set up, making it a complete replacement for the router i had before. the pi gets the full 500/500 Mbit/s bandwidth of my internet, i can have it auto-update, i can run whatever i want on it, including dockerised stuff, and if my cats throw up on it, i can set up a replacement by running ansible-playbook on my laptop.

every other pi project i've set out to do never went to plan, so i'm quite pleased with this outcome. hopefully it doesn't take me several more years to actually get a NAS or something set up.