As I mentioned, using rustup requires granting VSCodium more invasive permissions to get it to work. Furthermore, installing it would require layering system packages, which should be done sparingly. Using the Rust SDK is the recommended approach by VSCodium while using their Flatpak, and it is actually the simpler option.

secureblue has native support for containers, although it uses the more modern Distrobox rather than Toolbx. I tried installing VSCodium in this way, but I couldn’t get it to start due to some windowing system issue. Even if I could, it comes at the cost of security. Firstly, user namespaces need to be enabled. Secondly, the app would have less granular permission control (e.g. full access to the home directory). For those reasons, it’s better to avoid using containers unless explicitly required. This method works fine, so there’s no need.

This guide is actually only 3 steps:

1. Install VSCodium
2. Install the Rust SDK
3. Enable permissions

The rest is just extras, like installing rust-analyzer, which you would need to do on any distribution. The reason it’s so long is because I wanted to make it painstakingly simple for anyone to be able to do it, regardless of using the command-line, user-interface, mouse, or keyboard. Depending on how hardened you’ve made your secureblue system, you really could just install everything with one command:

flatpak install -y com.vscodium.codium org.freedesktop.Sdk.Extension.rust-stable/x86_64/24.08 && flatpak override -u --env=FLATPAK_ENABLE_SDK_EXT=rust-stable com.vscodium.codium

secureblue isn’t designed to be fast, easy, or simple. It’s designed to be secure.

Hope this helps!

Organic Maps and OpenStreetMap should be listed as map alternatives. Mullvad Leta is a recently popular private search engine.

Google isn’t inherently bad; they are bad for privacy but good for security. For that reason, Chromium-based browsers such as Vanadium, Trivalent, or Brave Browser are still good alternatives to Google Chrome even though Chromium (which is the open source base for Chromium-based browsers) is developed by Google.

Also: the “T” in PeerTube should be capitalized.

How many hours of sleep I’ll be losing /s

It’s terrible to use, and it has no themes, so using it at night is a death sentence for your eyes.

A brief internet search shows that surprisingly, hosting Jellyfin on OpenWRT should work…

I still find it hilarious that since dd-wrt and OpenWrt are just… Linux, you could install Super Mario Bros on there. I checked, nobody seems to have tried.

I’ve never used tailscale, I’m afraid. Normally I would say: just use whatever seems easier to set up on your device/network; however, note that tailscale needs a “coordinate server”. No actual traffic ever goes through it, it just facilitates key exchanges and the like (from what I understand), but regardless, it’s a server outside your control which is involved in some way. You can selfhost this server, but that is additional work, of course…

Ah, that make sense. Is Wireguard P2P?

Glad I could help, after being so unhelpful yesterday :)

Don’t beat yourself up, you were fine. Because I’m big on privacy, when I ask for help I have a bad habit of leaving out the “why” behind my choices, so it’s understandable that people weren’t happy with what I needed.

Eh… Marriage is not really common in either of our families. We agreed to go sign the papers if there ever is a tax reason, lol. Sorry if that’s a bit unromantic :D Nice rings though ^^

I need to go make a petition to raise taxes then! /s

You both are perfect for each other, so don’t screw it up!

Hi again.

Hi there!

Set up ProtonVPN on the raspberry pi.

I’m actually surprised nobody suggested simply using the Pi with OpenWrt as my own router. Though, that would make it hard to host Jellyfin.

Nots that this requires you trusting the pi to the same degree that you trust your phone.

For the most part, I trust the security of my Pi. I can hold it in my hand and see every line of code, after all!

Devices which you take with you, like your phone, unfortunately will loose internet connectivity when you leave your home until you switch off Wireguard, and switch on Proton, and not be able to connect to Jellyfin when you return home, until you switch them back.

I plan to post a tutorial about how to securely host Jellyfin. Another user gave a solution to this problem that I absolutely love, and I’ll showcase it there. I don’t want to spoil it :)

Could you explain Wireguard vs. Tailscale in this scenario?

Thank you all so much for your help! This is likely the solution I will go with, combined with another one, so again thank you so much!

P.S. I don’t care if you wrap an ethernet cord around her finger, get going!

I’m interested in you and your girlfriend’s thoughts on my new post about this issue.

P.S. She’s a keeper. Marry her already!

You want to use it only locally (on your home), but it can’t be a local-only instance.

By “local-only” I meant on-device

You want to e2ee everything, but fail to mention why.

Privacy and security.

There is no reason to do that on your own network.

Networks are not a trusted party in any capacity.

I do not know why you want to use a VPN and what you want to do with it. Where do you want to connect to?

A VPN such as ProtonVPN or Mullvad VPN are used to displace trust from your ISP into your VPN provider and obscure your IP address while web browsing (among other benefits that I don’t utilize).

What is the attack vector you’re worried about? Are there malicious entities on your network?

These are good questions but not ones I can answer briefly.

HuggingChat is open source and lets you use DeepSeek. It also doesn’t censor results like the main app (allegedly) does.

Some YouTube clients allow “local extraction” (FreeTube and LibreTube, to name a couple), which sidesteps the need for an instance altogether. However, that then means either 1. You use a VPN to hide your IP from YouTube and risk getting the VPN server IP banned or 2. You don’t use a VPN, expose your IP to YouTube, and have a (small) chance of banning your own IP.

The best alternative would be to remove YouTube altogether and switch to something like PeerTube or Odysee, but you can’t expect all your favorite creators to be there.

What does their router do that any router with openrouter doesn’t lol

It financially supports OpenWrt, for one :)

Well, switching to GrapheneOS shows that you don’t care what those companies do, and that you’re willing to fight. It means those companies lose one more customer. The more people that use GrapheneOS, the more companies will be forced to support it.

This is very bad news, because this means any app that wants your data could do the same.

Ideally, you would have zero iOS or Android devices in your household

*besides custom Android distributions that respect privacy ;)

That’s a good idea! I’ll be sure to include that in my post, thank you!

I know Proton VPN offers NetShield to its paid users. I forgot about DNS filtering because GrapheneOS doesn’t recommend using it over a VPN and the filters can make you stand out, but that’s just me. Good gift idea!

Good one!

This is meant to help you with ideas, not a strict guideline. You’ll notice I mentioned the following for the Google Pixel phones, for example, since I knew not everyone would be happy with it:

Other phones exist for this category, but the Google Pixel is a good baseline.

These gift ideas may not be for you, but plenty of other people would be happy with them.