It’s a vpn client on steroids that creates a VPN network (based on your provider) which you can then use to run docker containers inside of, as well as create http & shadowsocks proxies for your VPN network etc.

Comments inside the docker-compose.yml files?

Maybe give cloudflared a try. Works for me even with nextcloud’s ssl (don’t think there’s a way to start NC without the self-signed cert). Couldn’t get it to work with NPM (I admittedly don’t know much about nginx) so I brought in the big gun(s).

Backblaze b2, borgbase.com. There are also programs like dejadup that will let you backup to popular cloud drives. The alternatives are limitless.

Yes to all questions. Only drawback I can recall is my banking app refusing to pass Safetynet but the website works good enough.

No minimum requirements. And here you go:

#version: "3.8"
services:
  invidious:
    image: quay.io/invidious/invidious:latest
    restart: unless-stopped
    security_opt:
      - no-new-privileges
    container_name: invidious
    stop_grace_period: 3s
    ports:
      - 127.0.0.1:3000:3000
    environment:
      INVIDIOUS_CONFIG: |
        db:
          dbname: invidious
          user: invidious
          password: superstrongpassword491
          host: postgres
          port: 5432
        check_tables: true
        popular_enabled: true
        login_enabled: false
        statistics_enabled: true
        hsts: true
        hmac_key: *PICK-A-LONG-RANDOM-STRING*
        https_only: true
        external_port: 443
        use_quic: true
        database_url: postgres://invidious:superstrongpassword491@postgres/invidious?auth_methods=md5,scram-sha-256
        force_resolve: ipv4
        domain: *your.domain.com*
    healthcheck:
      test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
      interval: 30s
      timeout: 5s
      retries: 2
    depends_on:
      - postgres

  postgres:
    image: postgres:15-alpine
    container_name: postgres
    security_opt:
      - no-new-privileges
    restart: always
    # purposefully excluded volumes section
    # the database will reset on recreate
    environment:
      POSTGRES_DB: invidious
      POSTGRES_USER: invidious
      POSTGRES_PASSWORD: superstrongpassword491
    healthcheck:
      test: pg_isready -U invidious -d invidious
      interval: 10s
      timeout: 5s
      retries: 5

I’ve hosted invidious relatively easy for a while now. Simple UI and just works. If anyone needs my compose and config setup, reply and I’ll post it.

Haha. Said the hoader with tonnes of content he’s never going to finish watching.

deleted by creator

KDE Connect is better than anything these two juggernauts can conceive of.

They provide the best balance for efficiency. Not too powerful enough to be a workhorse and not to weak to run multiple simple applications/services. NUCs are great in that they come with hardware video acceleration tech that’s highly optimized for media transcoding.

I used to love Swiftkey before it sold out to Microsoft. I use Gboard with network permissions off nowadays.

You don’t get any network isolation with this approach vs a service running in its own dedicated virtual network. Just for this reason, I think Wireguard as a VPN access to other local services is insecure.

I always see guys swearing by Wireguard for VPN access as a security measure and seems to me like if someone unauthorized gets your public key, they have access to the kingdom.

I occasionally use DriveDroid (root) to boot Linux ISOs.

My device also IR so Mi Remote comes in handy.

May not be as ideal as it requires manual selection but Chromium has a visible share button for QR on the address bar. Or you can use Pushbullet/Join/KDE Connect to share links with your phone.

For accessing your VPN network outside of your LAN, there’s the shadowsocks option in the gluetun wiki.

You have threat model to answer this question as privacy means different things to people and there are different privacy levels to every threat model. But to answer your question in a concise manner, any closed source operating system developed by commercial vendors is more likely to ship with/ introduce telemetry, user tracking and other kinds of spyware than an open one.

I use restic (and dejadup just to be safe) backing up to multiple cloud storage points. Among these cloud storage points are borgbase.com, backblaze b2 and Microsoft cloud.

Jellyfin, AdGuard Home, Nextcloud, Syncthing, Invidious, SearxNG