oranki

joined 1 year ago
[–] oranki@sopuli.xyz 15 points 9 months ago

Flashing the stock Pixel ROM back is just as simple as flashing GrapheneOS, the instructions in GOS website are very good for both.

The only two things I can think of that might be issues are banking apps and Google Pay, if you use that. I use Play services in the main profile and honestly there's not much difference to the stock ROM in terms of user experience. Even Android Auto works nowadays.

For the banking apps, you can have a look at https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/. Just note that if your bank is not on the list, it doesn't necessarily mean it wont work.

[–] oranki@sopuli.xyz 7 points 10 months ago

Portability is the key for me, because I tend to switch things around a lot. Containers generally isolate the persistent data from the runtime really well.

Docker is not the only, or even the best way IMO to run containers. If I was providing services for customers, I would definetly build most container images daily in some automated way. Well, I do it already for quite a few.

The mess is only a mess if you don't really understand what you're doing, same goes for traditional services.

[–] oranki@sopuli.xyz 11 points 10 months ago (2 children)

Most likely, a Hetzner storage box is going to be so slow you will regret it. I would just bite the bullet and upgrade the storage on Contabo.

Storage in the cloud is expensive, there's just no way around it.

[–] oranki@sopuli.xyz 3 points 10 months ago

There was a good blog post about the real cost of storage, but I can't find it now.

The gist was that to store 1TB of data somewhat reliably, you probably need at least:

  • mirrored main storage 2TB
  • frequent/local backup space, also at least mirrored disks 2TB + more if using a versioned backup system
  • remote / cold storage backup space about the same as the frequent backups

Which amounts to something like 6TB of disk for 1TB of actual data. In real life you'd probably use some other level of RAID, at least for larger amounts so it's perhaps not as harsh, and compression can reduce the required backup space too.

I have around 130G of data in Nextcloud, and the off-site borg repo for it is about 180G. Then there's local backups on a mirrored HDD, with the ZFS snapshots that are not yet pruned that's maybe 200G of raw disk space. So 130G becomes 510G in my setup.

[–] oranki@sopuli.xyz 11 points 10 months ago (4 children)

Imagine if all the people who prefer systemd would write posts like this as often as the opposition. Just use what you like, there are plenty of distros to choose from.

[–] oranki@sopuli.xyz 4 points 1 year ago (2 children)

Wireguard runs over UDP, the port is undistinguishable from closed ports for most common port scanning bots. Changing the port will obfuscate the traffic a bit. Even if someone manages to guess the port, they'll still need to use the right key, otherwise the response is like from a wrong port - no response. Your ISP can still see that it's Wireguard traffic if they happen to be looking, but can't decipher the contents.

I would drop containers from the equation and just run Wireguard on the host. When issues arise, you'll have a hard time identifying the problem when container networking is in the mix.

[–] oranki@sopuli.xyz 0 points 1 year ago (1 children)
  • Open the GUI network settings
  • Set DNS to the IP of the PiHole, make sure the "automatic" switch is off.
  • Do the above for each active interface (ethernet, wlan) and for both IPv4 and IPv6
  • Save/apply settings
  • Turn the interface(s) off, then back on
  • resolvectl flush-caches just in case

Look at resolvectl dns to check there's no DHCP-acquired DNS servers set anymore

If you use a VPN, those often set their own DNS servers too, remember to check it as well.

[–] oranki@sopuli.xyz 1 points 1 year ago

I run GrapheneOS too. Fortunately there are so few issues that I can just focus on using it, no need to engage the community around it.

[–] oranki@sopuli.xyz 7 points 1 year ago

Protonmail, but not really because of encryption. I just liked their Android client and webmail the most. I've had sensitive backups on Proton Drive for a long time, so that also played a role in the choice.

I hosted my own server for quite a few years, but the SMTP clients (Thunderbird, Evolution, K9 mail) all doing things slightly differently made me give up. Biggest push was that K9 mail didn't really move deleted mail to trash. These were probably dovecot configuration issues, but I got tired of searching for solutions. Never had any deliverability issues.

[–] oranki@sopuli.xyz 4 points 1 year ago

I used to run everything with Pis, but then got a x86 USFF to improve Nextcloud performance.

With the energy price madness last year in Europe, I moved most things to cloud VPSs.

One Pi is still running Home Assistant, hooked to my heating/ventilation unit via RS485/modbus.

I had a ZFS backup server with 2 HDDs hooked up over USB to a Pi 8GB. That is just way too unreliable for anything serious, I think I now have a lot of corrupted files in the backups. Looking into getting some Synology unit for that.

For anything serious that requires file storage, I'd steer clear from USB or SD cards. After getting used to SATA performance, it's hard to go back anyways. I'd really like to use the Pis, but family photo backups turning gray due to bitflips is unacceptable.

They are a great entrypoint to self-hosting and the Linux world though!

[–] oranki@sopuli.xyz 4 points 1 year ago (1 children)

The article is old, yes, the first one from a search engine. If you have a source for saying it's not in the works anymore, I'd be glad to see it. Not saying you're wrong.

Just this month there was a statement from FiCom (finnish organization advancing IT businesses' interests) urging our government to not accept the bill, so to me it seems it's just under development.

link to statement, Sep 13th, in finnish

view more: next ›