So far I’m happy with my Fairphone 5. Not exactly cheap, but I’d argue it is value for money in the end. Timely security updates, unlockable bootloader (though I haven’t yet) and updates for (at least) 7 years after launch. I haven’t had the need to swap any of the middle things yet, but I’m starting to suspect my USB port has a loose pin or something so I’ll probably swap that module soon. Glad that I can.

These days, you can install any of the gaming focused distros (Bazzite, CachyOS, Nobara, …). And you didn’t have to do anything. It just works, and works well. Steam is either installed or suggested initially. Really trivial.

Self hosting BitWarden still means it’s accessbile for them and/or from them. You also have no way to audit their security from what I understand. VaultWarden is FOSS, if you want to, you can go check. And it does get checked by people with the competence to check this do every now and then. [Edit: I forgot that BitWarden is actually souce-available as well, while not being FOSS that’s still better than most solutions]. I just prefer full FOSS whenever possible. I prefer it not be a black bos I just happen to run on my own server.

If you self host VaultWarden, the instance can just be not accessible from the internet, and only from behing a VPN. Obviously this is inherently much safer. If that’s possible with the self-host option I don’t know, but even just for licensing the local instance will have to be able to reach their servers (possibly be reachable from their servers, too). I did see they got an “offline deployment” option for air-gapped servers, but haven’t looked into what limitations that entails.

Additionally, you’re still within their licensing model. So for certain features you need to have a not-free account (like even just more than 2 people).

And like others said, VaultWarden is much lighter on resources in general and you aren’t limited in what you can and can’t do (users, collecitons, auth-options, …).

Your first point is debatable. You still have to trust them to be that secure, and you can’t verify that. If they are ever breached, it’s literally the worst case scenario. You can self-host their solution, but only in the enterprise tier (6$ per user per month). Also BitWarden is a target woth attacking, I am not. BitWarden hosts thousands of instances worthy of being attacked individually. A personal VaultWarden instance of “Mike and Molly Peterson” isn’t exactly an attractive target. I do think they are pretty secure, but a single mistake with these stakes can have immense consequences. LastPass was also breached repeatedly, with a similar buiseness model.

The second point about electricity wouldn’t be true in my particular case, as the server for self-hosting it is running anyway. Running VaultWarden or not doesn’t change the power usage noticably. Obviously this is different for someone who doesn’t just have a server at home running anyway.

Side note: I’m not actually running a personal VaultWarden instance, as my personal requirements are being met just fine with KeePass files. We do run an instance at work, but it isn’t world-accessible (internal access only).

If does need ports to be accessible in order to receive anything. So check the firewall.

If you can, just self-host vault warden (compatible with bit warden and supported). Gets your data out of the cloud entirely.

I wish there was one. Thunderbird has given me nothing but issues. KMail is lacking basic features, as does evolution. I obviously haven’t tried them all, but this already took long enough and I’m tired of it.

First my context: I’m also running multiple Proxmox hosts (personal and professional), and havea paperless-ngx instance (personal/family). I tried Firefly, but the effort required to get it to a point where it would be if use to me was too high, so I dropped it. Haven’t used n8n.

For the setup I’d just use the Proxmox community scripts, if you haven’t heard of them. Makes updates trivial and lowers the bar to just trying something to basically zero.

Paperless-ngx I actually use, cause it means I can find something when i need it. It’s all automatically ocr’d and all you have to do is categorize them. With time, it’ll learn and do this for you. You can (manually) setup your scanner to just directly upload files to the “consume” folder and it just works. PC/server power is near irrelevant, it just means OCR takes slightly longer, otherwise it’s a web server. You can run this just fine on a raspberry pi.

I don’t have any real automation setup, so I can’t really comment on that. My advice is to just install it, see what it does and how it feels. Try to anticipate if and how much automation you need. Many aspects of all this are of the “setup once” variety, where once it’s working, you don’t have to touch it again. Try to gauge if the one time effort is worth it for you, then go from there. As I said, it was fine for paperless for me, but not for Firefly (but I might need to revisit this).

You can set that on any android. Pin is just the default, but it’s up to you to use a full password, then you need the full password for first unlock after boot.

You kinda want it to be based on Firefox, as the only other option is chrome. The forks already strip out all the mozilla bullshit, it’ll just be more work to strip out all the AI nonsense.

I’m mainly familiar with librewolf, it’s not just stripped of nonsense but also hardened by default. Actually so much so that I stayed on Firefox as it was too much effort (so far) to “unharden” all the aspects I didn’t want or need.

DuckDNS had been unreliable when I used it, but it’s been a while. I swapped over to desec.io but their signups aren’t always open. Can highly recommend them though, and they offer many paths to update the IP, including DynDNS(2) protocol or just ddclient.

Also works with certbot for Let’s encrypt certificates using dns challenge.

Never run something like Vaultwarden with unencrypted traffic. Throwing in a self signed cert is basically free insurance. You never know when even in your “trusted network” something starts listening in. Just why risk it?

Yes, but it isn’t available (yet). The pebble 2 duo does not, but it has already shipped. I don’t know how many are still available and/or will be made.

Currently the app also has zero support for anything health-related, including sleep. If that will be fixed by the time the pt2 is shipping, who knows. This is probably not a huge problem for op, as he’s explicitly searching for a watch without smartphone reliance.

Even in the old app and on the old pebble watches, anything health related was an afterthought at best, and it also isn’t a focus of it officially. The new ones are using the same OS, so are incredibly similar. Which is generally a good thing, but also includes the lack of features related to anything “health”.

The modern Pebble has no heart rate sensor, and generally no useful exercise monitoring.

Teams actually has Linux builds on the AUR. Obviously they are wrapping the web version, but it does integrate much more nicely with the GUI. I’m running the version that uses your already installed electron. I don’t have to use chrome for teams, which is the real upside for me.

Ssh over Internet is fine as long as it’s properly setup (no password auth, root not allowed, etc.). Obviously a VPN is even better.

I would like to add that I did look at the GitHub before commenting. And I still didn’t get it. Matthew with just explain what it does, but also why is different from the common tools/suggestions that seem similar. Maybe it’s more about highlighting the differences (or the additional capabilities).

Ah now I understand the purpose. I only use it for my (personal) dotfiles, which as a term is ambiguous at best, but in my case I mean config files. That was how I essentially misread your title. Obviously all those files are owned by my user, and most live in ~/.config or similar locations beneath my home directory. Things like application preferences, basically.

Obviously your tool also works for this, but I now understand it’s more meant for system wide config files.

I’m also just using GNU stow into a git repo. It needs no configuration file and just works on any system. Rolling out a new system takes 2 commands. I really don’t see the need for a specialized tool for this use case.

I only have one entry in there, which is for /boot. The others are implicit anyway since I’m using ZFS. The boot entry is needed afaik, as there are multiple efi-type partitions in the system.