I looked up recently and realized that it had been almost 9 months since I posted an update here. It's not that I have been idle, quite the contrary. The vision which originally sparked this project has continued to evolve. Too fast, unfortunately, because before I couldn't take the time to document what I've done I've moved on to the next thing. This is especially disappointing because I've lost count of the number times I've come back to previous posts to refresh my memory about how I did something in the early days of this project. Several "post on blog" items were on my To Do list the entire time.

The intent of this post is to give high-level overview of what I've been doing with the hope that I will slow down enough to document things as I go and that I will be able to circle back to some of these topics and cover them in more detail.

GrapheneOS

The biggest detour of this project was my decision to get rid of Google from my life as much as I could. Outside of YouTube and Gmail, the biggest offender was that I had been buying the latest Samsung Galaxy Note phones every 2 years. After doing some reasearch on various options, I settled on GrapheneOS which seemed to be best option from both a security and privacy perspective. It doesn't provide any Google services and it doesn't try to provide a proxy the way alternatives.

Fortunately or unfortunately, GrapheneOS is supported on a limited number of devices - Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL and Pixel 4a. I chose the less expensive option and bought a refurbished Pixel 3 and installed GrapheneOS. This presented a number of challenges which I had to solve.

First, where to get apps if not from Google Play store? Wherever possible, I want to use open and free software so I go to F-Droid for apps and alternatives to official Google Play apps. There is the option to get apps from alternative to the Play store called Aurora which is really a front-end to allow downloading of official APKs. Other sources of sideloading APKs have the potential problem of being replaced or highjacked with malware.

Second, no Google services means no push notifications. While this has actually been a bonus because push notifications can be really insidious, there are a few places where I want to receive notifications. For example, I need the notifications from Home Assistant and work e-mail notifications from my now WiFi-only old Note 8. This I solved by self-hosting a Gotify server on Kubernetes and app which uses a websocket for push notifications. Home Assistant can send notifications directly to Gotify and I configured Tasker to intercept specific notifications and forward them using Gotify's REST API.

Third, no Google services means no location services outside of GPS which relies on consistent GPS signal and is not battery friendly. This I solved with Open Street Map, ZaNavi, and Dejavu Location Service Provider.

Other miscellaneous apps and services had to be replaced as well:

  • Calendar/Contacts - DavX5 synchronized to Nextcloud
  • Password Manager - Self-hosted Bitwarden with bitwarden_rs
  • Tasker - Uses Google services for license management when purchased. Fortunately, Joao does offer a direct download, unlocked version for subscriber's to his Patreon. I'm happy to support further development and free myself of Google at the same time.
  • Messaging - Signal does no rely on Google services for push notifications and can replace the SMS app as well.
  • YouTube - Newpipe and other alternative front-ends to YouTube allow you to watch videos. Most recently, I've switched to using a YouTube-dl script and adding them to my Plex server using a customer Personal Media agent that makes channels and videos appear as TV shows with seasons and episodes. I would need to detail this one in it's own post once I work out all of the problems. Alternatives video sites like LBRY, Odysee, and Bitchute, and Rumble work with this solution as well.
  • Social media - Recently, I've left the big social media sites (Facebook, Twitter, Reddit) and moved to decentralized options Matrix, Mastdon, Pleorama, and Lemmy that make up the Fediverse. However, prior to that most of them have decent mobile websites that work fine in the GrapheneOS Chromium-based browser, Valadium.
  • VPN - Wireguard has been installed on almost every device I have as well as a public endpoint on my Unifi Security Gateway using this repository. All traffic is configured to go through Wireguard and it is started automatically by Tasker whenever I leave my home WiFi network.

Ansible and AWX

I've continued to build out my Ansible playbooks to automate and manage as much of this new self-hosted infrastructure. AWX runs scheduled playbooks daily which perform a number of tasks such as operating system updates, deploying Wireguard and restic, and most recently deploying Kubernetes manifests.

There are a number of areas and examples that could make up several additional posts.

Backups with Restic

Restic provides a performant and flexible backup solution which supports a large number of backends. I have implemented Restic backup jobs on every desktop and server running Linux to a Backblaze repository for offsite backup in addition to local backups to the QNAP NAS. This augments the syncing capabilities of Nextcloud for those desktops running Windows.

Grocy and Barcode Buddy

Grocy previously got a dedicated post, but since then I have added Barcode Buddy along with a Tera wireless barcode scanner to facilitate checking in and consuming items in the inventory. Since Grocy is running on the Kubernetes cluster, I expected a challenge in getting the 2.4GHz wireless USB dongle to pass through the physical server (Proxmox) to the Kubernetes node VM (Rancher), and into the Barcode Buddy container, but it went surprisingly smoothly.

I was able to pin the Barcode Buddy container to a specific node and tell Proxmox to passthrough that USB device to that specific node. It's similar in concept to what I did with the Windows 10 Gaming VM and passing through the GPU.

Wrap Up

There is so much detail that I could go into and I certainly wish I had documented a lot of this as I went. I hope to revisit some of these topics in more detail in future posts, but if there is a specific topic that interests you, you can chat with me on Matrix, through Keybase, or on Mastadon and let me know.