Generally agreed, I would actually try using as many services with their progressive web apps.

The main reason I think they may need google services is the banking app. Mine will refuse to launch without google services installed.

You sound like the ideal candidate for a refurbished Pixel 7 / 8 from amazon.

Test its hardware thoroughly on the stock os in case you need to return it.

Install GrapheneOS using the Web installer.

Install Droid-ify into your main profile from the f-droid web page. It looks much better than the official f-droid client and actually has a working auto-update

Create a work profile. I use an app called Shelter as the work profile admin app. This allows you to auto freeze your big-tech apps to help with battery life / privacy. Install google services from the built-in GrapheneOS app store.

Enjoy.

BTW you CAN do DNS in a unifi gateway. It just requires making dnsmasq entries through shell. Perfect solution? No. But it gets you there with no additional hardware.

I’ve been using Linode (now owned by Akamai) for a couple years now and have enjoyed their pricing / service.

I mean speaking from experience, its resurrected a couple problematic CPUs for me. CPU pins no, pads on an LGA style CPU, sure.

I’m with catloaf. Consistent CPU soft locks point to a possible bad memory module or CPU.

Clear CMOS.

Try removing one memory module at a time.

See if there is an option to disable hyperthreading in bios.

Another thing to try is to remove the CPU, careful not to damage the LGA pins on the motherboard, and clean the CPU contacts with alcohol. Take care to ground yourself out and the case before handling the CPU out of socket.

You are correct, a VPN connection does not bridge to another profile. You can install a VPN in said work profile. The always-on VPN settings in grapheneos have the work icon to indicate what VPN is in your work profile.

See my other comment on this thread. Basically I have a shared mount point for the two containers and TubeSync writes video metadata to NFO files.

TubeSync has an option to write metadata to NFO files. Then you just tell Jellyfin to not run any scrapper and just use said NFO files. It’s not perfect but it gets you a title and description for the video.

I use TubeSync to do the downloading and then have Jellyfin as a frontend player. Seems to work pretty good for me and was pretty quick to stand up in docker.

IKR?? I feel personally targeted by this… And I’m OK with it.

Thanks! Flatpak-KCM is perfect as I’m thinking I’ll move to fedora KDE in a couple days when f40 drops. I’m hoping that the Wayland experience on NVIDIA GPUs will be smoother there than on GNOME.

To add on to this, if you are using flatpak apps and want granular permission control, check out flatseal. Fedora (IMO) has one of the best flatpak integrations out of the box. Other “sandboxing” or containerized app deployments are snaps (made by Canonical), and appimage (I’m not entirely sure this qualifies as an app container).

From my experience, flatpaks is currently leading in adoption when compared to the other two.

For container management I use portainer CE and for the rest I use CheckMK.

^^ Source: trust me bro

I dont know if this qualifies as a “toaster” but Ive used this docking bay in the past for a NAS and it served my purposes decently well. One thing to keep in mind is that random IO will be lacking with a usb interface. Also, this particular chipset does powercycle all the drives when one is removed so drive swaps end up requiring you to power the entire system off to perform. Also no integrated cooling may be a deal breaker as you illuded to.

If I was basing a nas build off of a PI, I would look to use the PCIe 1x2.0 interface on the pi 5 as a HBA.

Have you looked into policy-based decryption? Here’s an knowledge base page on the RHEL customer portal that goes over it well. I’m not sure if this will work on freebsd but it does offer a solution that allows for zero-touch reboots.

I stand corrected, its been quite a few years since I needed to use the ADB backup so I guess back then it was more complete.

Found a good detailed explanation here.

Shame that it seems to be getting phased out for cloud backup solutions. Makes sense that google would want to control more of your data and make you pay for it.

As installing a custom ROM typically involves using ADB anyways, I would suggest that you back up your device normally (copy files over to a folder on your computer), and then use the built-in backup function in ADB to make a secondary complete backup.

Also, depending on your threat model, you might not want to move any files from your old installation to your new one. Its possible that the old files, applications, and linked accounts could compromise your new installation privacy / security. I also generally enjoy starting with a clean slate after a new OS install.

CGNAT = Carrier Grade Network Address Translation. It makes it practically impossible to open ports to the public internet and in some extreme instances make zerotier very unstable. Typically you only have CGNAT if your internet connection is 4G or fixed wireless.

OpenVPN is just a VPN protocol. Roughly comparable to wireguard. It has been the gold standard for VPN technology for the past decade or so. Wireguard by comparison is much newer, and lighter to run. This typically results in faster throughput from a computational standpoint and devices where power is limited (cell phones), uses much less power by leveraging modern CPU encryption methods.

If you have the option to port forward on your home internet connection, its possible to setup a VPN connecting in a straight shot from your home to your roaming device. If you can’t port forward, you will need a main in the middle (the VPS) to establish and route the connections through.

Zerotier works off of a PTP style network and the free plan allows up to 50 devices when last I checked. I’m not sure on the availability of zerotier or wireguard on truenas as the last time I used TrueNAS was Scale 22.