I really wanted to like Graphene OS but I ended up bouncing off it due to a few major pain points that badly effected battery life.
- Using the default 5g setting resulted in far worse battery life than stock, telling people to choose 4g isn't a solution. They desperately need something like the adaptive connectivity service.
- Using Homeassistant's GPS tracking feature just destroyed the battery life, even switching to 4g didn't solve this issue. Changing all the GPS settings didn't help either.
- The obnoxious green GPS active icon makes the notification bar useless if using a GPS tracking app (or even gps navigation). The request for a whitelist was either ignored or rejected, the teams communication can come off a bit rough.
No normal user is going to be happy with Grapheneos. From what I've seen postmarketos is much more user friendly.
I don't know what to say about your battery life issue, other than that I don't have any such problems.
What's obnoxious about the green GPS icon? How does it make the notification bar useless? It is on all the time while I'm using Google Maps, it's small and not in the way and is a good reminder if I have accidentally left Google Maps open in the background. What's the problem?
I don't recognise the 5g battery life issues personally. I do 100% agree the GPS thing is such a bad decision. It just becomes noise that no one pays attention to anymore.
I ended up using my public ip address in combination with a list of known ips for home and work and such, and building my HA automations around that. I wanted to do it with wifi SSID's, but that also requires the location permission and triggers the indicator (which is understandable, just wish I could still read SSID's with location services disabled entirely) (or, just let me disable the gps antenna and leave everything else).
> I do 100% agree the GPS thing is such a bad decision. It just becomes noise that no one pays attention to anymore.
It's not noise for me, I only ever have GPS on for Google Maps, and I like the indicator because its absence reassures me that nothing is using GPS in the background.
I also want to have audible notification or, even better, a loud siren when GPS, or WiFi are activated without my direct action. Sadly, SafeDot doesn't work properly on Graphene.
It certainly could be something else other than 5g but it's one of the first things that gets thrown around when battery drain is mentioned and the mobile internet was the main user of power on the phone.
> No normal user is going to be happy with Grapheneos.
I am a normal user, extremely happy with GrapheneOS. I just don't use HomeAssistant, which seems to have been your dealbreaker in this case.
I genuinely don't see a difference between Stock Android and GrapheneOS, except that I get more updates and I have more privacy controls (like scopes, but honestly I haven't had a need to use them yet).
You are very fortunate for not hitting any edge cases, but sorry anyone commenting here typically isn't anywhere near to what you could call a "normal user". I ran into quite few minor issues with the enhanced security settings, my partner would never been able to figure out the solution to that issue and I consider them a normal user.
Not to mention the 5g battery drain is a hard show stopper, not just Homeassistant issues. I even experimented with different apps like owntracks but same problem with GPS.
I found a solution to the GPS icon but it requires an ADB command so not a great fix.
Obsidian looks interesting, I will have to see if I can get the plugin installed and tested. At one point the guy writing Notebooks did webdav, but Apple yanked the rug out from under him so that webdav no longer worked well and he just decided it was no longer a feature. And my notes have been a mess for years afterward. Joplin looked like it would be a good replacement, but it spams up the md files, so that if you ever switch away from it you'd spend months cleaning them up. So basically I've just been using an open Sublime window and syncing by hand... no fun.
I don’t use Joplin for this reason. I just want a folder of markdown files. It was mildly difficult to escape from even with the export features.
I did script the cleanup. Title field to filename, then remove the header completely. Or something like that.
Had another script that would take the date (which happened to be my filenames) and commit the file into a git repo pretending it was committed that day too. Dear diary style.
Quick and dirty but it did what I needed it to do.
I was surprised to discover that if you run the robot vac once a day or even every second day it significantly reduces the amount of dust that ends up on other surfaces.
You just schedule it and forget it. As everyone says it doesn't do as good of a job as you do but the main benifit is it's consistent about doing that job more frequently.
In my experience the bottle neck for any nextcloud install is typically the database.
Unlike many other projects it's surprisingly easy to get in a situation where the db is throttling due to IO issues on a single box machine. Having the db at on a seperate drive from the storage and logging really speeds things up.
That and setting up a lot of the background tasks like image preview generation, redis ect properly.
Been running this for years. Absolutely fantastic, my vacuum has never touched the "cloud" and yet I can still run it remotely (or with "smart" run automations) via Homeassistant.
Adding to the praise of "it just works". My Dreame L10S Ultra was straightforward to root after getting the breakout PCBs required. Now it only talks to NTP and the update server when I remember to check for updates every few months.
I don't have any links for assembled boards, but there seem to be some available [1]. You can find the PCB files here [2] including more documentation. The same page also has a Telegram group link to find people near you who might be able to help out.
I got my PCBs made via JLCPCB, but there are other options as well. Pay attention to select the correct PCB thickness, noted in the Readme. I fell into that trap and had to order again. Sourcing the USB port with the correct footprint was a bit annoying, I just ended up ordering a selection of kits with multiple variants from Aliexpress.
Snap isn't the best experience for Nextcloud in my experience, fine for a demo or a single user instance that isn't mission critical. Users who expect more out of it will often bump up against its limitations.
Anyone who wants to seriously use Nextcloud should look into the AIO docker containers or rolling the individual containers themselves. Nextcloud has expanded into a full groupware stack and it's expected you have an actual admin managing the system like with any real deployment of enterprise software
It includes most of the essential features, and I’d say it’s excellent for professional use. I’ve been running an instance for many years on a VPS for work collaboration, and it’s been perfect. It’s now hosted behind Cloudflare Tunnels, with group members whitelisted by email.
If you need more advanced or fancy/niche features, AIO might be a better though heavier fit (I run an instance of AIO at home, mostly for testing). Snap is lightweight and a bit opinionated (in reasonable ways in my view), and the documentation used to mention some of its limitations. In exchange, you get snappier, more robust installation.
Nextcloud suffers from flexibility, it's got a lot to offer but requires dialling in to your specific use case, the mistake most admins is to assume you can just run it without tuning, it has too many differing options to do that smoothly out of the box.
The ability to just run it in a snap has really contributed to this imho, Nextcloud is enterprise software you just happen to be able to run in your homelab.
Perhaps not requiring a wireguard client installed on the machine you are accessing from. There are several circumstances where installing a VPN client isn't possible or practical
IMHO Fial2ban, just like port knocking, isn't cargo cult security. They are a single tool that can be included in a general system security arsenal, not the only tool you should use but one of a suite of tools that can be used depending on what you want to achieve.
Personally I use fwknop for port knocking as it doesn't suffer from replay attacks as it's an encrypted packet. But still serves the same niche
The point being made is that unless "what you want to achieve" is "run a tool that isn't improving your security posture", port knocking isn't providing value to the security model.
I can't agree that it's "a tool that isn't improving your security posture", if it's a layer on top of other tools, you might argue it's effectiveness isn't great but to say it's effectively nothing is a reach.
Not to mention it also simplifies the security of controlling signing keys significantly.
reply