Pixels have better security because of hardware and recieve regular security patches. I recommend you to read https://grapheneos.org/faq#device-support
Also stay away from CopperheadOS, it is not actually aecure but a complete scam https://mobile.twitter.com/GrapheneOS/status/1324470375502237696
Some confusion here? :) The patch I developed for Bromite allows enabling for DNS-over-HTTPS, not DNS-over-TLS. It is true though that Android P will get system-wide support for DNS-over-TLS and I have read in Chromium codebase that DNS-over-TLS support is already there.
I seem to have hit an unrelated build issue. It looks like there's some issue with the trusted CAs on the ubuntu instance. "Cloning into '/home/ubuntu/custom'... fatal: unable to access 'https://notabug.org/bubblethink/custom-config-repo/': server certificate verification failed. CAfile: none CRLfile: none". I am able to clone it locally. I don't remember if we do apt upgrade before building. Could that be the issue ?
In the new format, you can add this (or equivalent with your own repo) at the end of the config file:
[[custom-patches]]
repo = "https://notabug.org/bubblethink/aosp_patches"
patches = ["00002-microg-sigspoof.patch"]
[[custom-prebuilts]]
repo = "https://notabug.org/bubblethink/android_prebuilts_prebuiltapks"
modules = ["GmsCore", "GsfProxy", "FakeStore", "com.google.android.maps.jar"]
A few points about the microg setup. Due to the way patches are applied in the stack, if you try to combine other patches, the build may fail. I haven't tested the combination of this with other patches. The first time you boot, open the microg app and do the self-test. Give it the permissions and add location backends. If it still complains that network location is not enabled, you need to toggle the location from main android settings once for it to work. Ideally, you should get all check boxes after that. Finally, in chromium, go to site settings, and disable the location permission for google.com. It causes crashes in the microg setup.
Thanks for the feedback. I haven't really been looking for donations, but enough people have mentioned it, so here are two options: https://liberapay.com/rattlesnakeos/ or bitcoin 17GHmnK3fyw9TBngvaM8Veh37UR65rmvZS.
I don't personally use microg, so I can't comment on that but hopefully someone else can chime in. As for your other questions, I can recommend EteSync (https://www.etesync.com/) for client side encrypted contact/calendar sync (they support phone/web/desktop) if you don't mind paying $2/month for a service, although you can also self host if you want. I generally prefer to not self host as I don't want to deal with ongoing security/maintenance in my personal time and instead prefer paid services with client side encryption.