Earth Walker

They can recieve security updates if you use an alternative ROM such as Lineage or /e/OS.

Can you please explain how e/OS/ is insecure?

I’ve heard a lot of people complain about software glitches and minor hardware issues. These issues may be due to the fact that the Pixel 6 was the first Pixel to use Google’s own Tensor chips.

Get a Pixel 7 or newer and put Graphene OS on it. Pixels are excellent phones and have good support for custom ROMs. The Pixel 6 has a lot of weird issues that the others don’t have, so avoid it. Graphene is the best ROM for privacy AND security, and it is also relatively user-friendly.

Or, if you want an older phone, try a Pixel 3, 4 or 5. They are good phones with an older design style that may appeal to you.

/e/OS (also known as Murena) is also a good ROM for privacy, and supports a broader range of devices.

Nextcloud may be a bit overkill for your use case, but it does have a very good video chat function. It’s also pretty easy to deploy as a snap package or with the AIO docker image. A downside is that the other person has to have an account on your instance and log into it to join a call. However this is not necessarily difficult to arrange.

I would very much prefer to use passkeys wherever possible. My password manager of choice Bitwarden also supports them. Unfortunately, Android 13 which I am running does not support setting a default app to handle passkeys. So I cannot access that functionality on my phone yet. I think in a few years I will be authenticating with passkeys for a lot of services. However there will be a lot of services that lag behind in terms of offering passkey authentication.

Learn Linux TV has some stickers related to FOSS and self-hosted sofware. It also helps support a great learning resource.

https://merch.learnlinux.tv/

Thank you, I wasn’t sure if that video was re: Traefik or VPN. I appreciate the suggestion.

How did you set up a VPN to securely connect to your services over the internet? I have looked for guides to do this and haven’t had much luck. I would really like to implement this in my setup.

I self host jellyfin, nextcloud, owncast, tandoor, komga, photoprism and searxng. I use nginx proxy manager for a reverse proxy and SSL cert automation. Works great for me but I would like to get into traefik sometime.

I self host for privacy reasons, also it’s fun, it’s a learning opportunity and sometimes self-hosted services are functionally better than the other options out there.

Jellyfin is ideal for privately sharing music. Plex is similar but not FOSS.

Agree, if you are running containers on a casual or “just for fun” basis then automatic updates are fine. But the more you or others depend on the service running, the more it makes sense to perform an update manually, when you have time to troubleshoot any problems that may arise. Or, even update on a test setup first to identify issues and then update on your production setup.

You know you can just request the desktop site on FB messenger and use it on your phone that way right?

https://www.makeuseof.com/how-to-view-desktop-version-of-any-site-on-mobile/

Traefik is powerful and versatile but has a steep learning curve. It also uses code to control its configuration which is a bonus for reliability and documentation as discussed elsewhere ITT. Nginx proxy manager is much simpler and easier to use, may be a good one to get started with, but lacks the advantages of traefik described above. Nginx proxy manager does support SSL cert automation.

Another suggestion for you, I highly recommend specifying a version for the docker image you are using for a container, in the compose file. For example, nextcloud:29.0.1. If you just use :latest, it will pull a new version whenever you redeploy which you may not have tested against your setup, and the version upgrade may even be irreversible, as in the case of nextcloud. This will give you a lot more control over your setup. Just don’t forget to update images at reasonable intervals.

Some examples of technologies which follow that paradigm are docker compose, ansible, nixOS and terraform. But it all depends on your workflow.

I use markdown text files which are synced to my nextcloud instance.

This is somewhat tangential to your post, but I think using infrastructure as code and declarative technologies is great for reliability because you aren’t just running a bunch of commands until something works, you have the code which tells you exactly how things are set up, and you can version control it to roll back to a working state. The code itself can be a form of documentation in that case.