[00:07:28]
<Thomas Freedman> Still getting the same msg about AllowGroups.
I created another user, copied the pub key into .ssh folder as authorized_keys, set .ssh folder to 700, authorized_keys file to 600. Set ownership via `chown -R newuser.newuser /home/newuser/.ssh`
I also did `yunohost user permission add ssh.main newuser`
No chg to symptoms.
[00:33:35]
<Aleks (he/him/il/lui)> >`chown -R newuser.newuser`
you probably meant : instead of .
[00:43:21]
<Thomas Freedman> Not sure I get what you mean. `newuser.newuser` is what I've always used as a shorthand for user:group. Most likely the delimiter isn't important. . has always worked for me.
[00:45:18]
<Aleks (he/him/il/lui)> hmokay 🤔
[00:45:19]
<Thomas Freedman> `ls` shows permissions updated as intended.
[02:06:58]
<Aleks (he/him/il/lui)> yes
[02:06:59]
<Aleks (he/him/il/lui)> https://forum.yunohost.org/t/google-flags-my-sites-as-dangerous-deceptive-site-ahead/20361
[06:38:36]
<Rian> hi...may i be your submissive?
[06:48:44]
<wave6677[m]> brother what
[13:03:40]
<loose_pajamas> > <@Alekswag:matrix.org> yes
Looks like im not alone. I use my server for personal use only. I'm assuming this happens from web crawlers. Will creating a black list with iptables for virtually all ip addresses but the ones I whitelist help in preventing this from happening again?
[15:01:24]
<Aleks (he/him/il/lui)> > <@loose_pajamas:matrix.org> Looks like im not alone. I use my server for personal use only. I'm assuming this happens from web crawlers. Will creating a black list with iptables for virtually all ip addresses but the ones I whitelist help in preventing this from happening again?
no idea, maybe
[15:02:01]
<Aleks (he/him/il/lui)> i would expect side effects from this, eg the yunohost diagnosis needs to access your server somehow
[15:02:49]
<Aleks (he/him/il/lui)> and it's not really a "general fix" for this situation, in the sense that many people have their server getting flagged and would still want various users to access services from pretty much anywhere on the internet ...
[15:03:24]
<Aleks (he/him/il/lui)> but yeah banning IP from the stupid google scanner probe could be one way to address the issue maybe
[15:03:50]
<Aleks (he/him/il/lui)> i dunno how realistic it is to find an up-to-date list of those probe IPs ...
[15:06:25]
<Willy> Bonjour a tous
[15:06:51]
<Willy> J'ai un doute sur le contenu du fichier /etc/yunohost/dyndns/zone
[15:06:54]
<Willy> est ce que quelqu'un pourrait me partager le contenu du sien s'il vous plait?
[15:07:32]
<Aleks (he/him/il/lui)> ou bien tu pourrais nous expliquer quel doute tu as ..
[15:07:38]
<Aleks (he/him/il/lui)> le fichier est automatiquement généré donc bon
[15:08:09]
<Aleks (he/him/il/lui)> et son contenu dépends de plein de chose
[15:08:28]
<Willy> Bonjour Aleks (he/him/il/lui)
[15:08:35]
<Aleks (he/him/il/lui)> donc comparer avec quelqu'un d'autre est juste succeptible de t'induire en erreur parce que t'aura des trucs en plus ou en moins ...
[15:08:58]
<Willy> Depuis un certain temps, je reçois des mails contenant "Failed to resolve A for mailperso.ynh.fr"
[15:09:29]
<Willy> du coup j'ai pensé qu'il manquait peut etre un enregistrement
[15:09:41]
<Aleks (he/him/il/lui)> non ça n'a aucun rapport
[15:09:51]
<Willy> ah mince...
[15:10:04]
<Aleks (he/him/il/lui)> https://xyproblem.info/
[15:10:10]
<Willy> (on en a parlé ici: https://forum.yunohost.org/t/bug-de-mise-a-jour-dyndns/21518/62)
[15:10:47]
<Aleks (he/him/il/lui)> l'explication derrière est que l'un de nos résolveurs DNS "redondant" est dans les choux, et du coup on a qu'un seul résolveur DNS opérationnel, qui des fois est surchargé et ne réponds pas suffisament rapidement
[15:11:22]
<Aleks (he/him/il/lui)> du coup comme le serveur fait ptete une requete toutes les 10 minutes pour vérifier que ton IP est bien à jour sur le DNS, une fois de temps en temps ça échoue et ça déclenche le message
[15:11:24]
<Willy> Ah donc rien a voir avec ma config?!
[15:11:29]
<Aleks (he/him/il/lui)> voila
[15:11:49]
<Aleks (he/him/il/lui)> la vrai façon de résoudre le problème c'est qu'on remette notre résolveur DNS "redondant" sur pieds
[15:12:22]
<Willy> ok, ok! Merci pour cette info (que j'avais visiblement raté)
[15:12:27]
<Willy> y'a t'il moyen d'iniber ces mails?
[15:12:48]
<Aleks (he/him/il/lui)> ¯\_(ツ)_/¯
[15:13:37]
<Aleks (he/him/il/lui)> tu peux changer la fréquence de rafraichissement du cron peut-être, genre en changeant la fréquence dans /etc/cron.d/yunohost-dyndns (pas sur du nom)
[15:14:42]
<Willy> c'est cette ligne ?
[15:14:43]
<Willy> */10 * * * * root : YunoHost DynDNS update; sleep $((RANDOM\%60)); ! ping -q -W5 -c1 ip.yunohost.org >/dev/null 2>&1 || test -e /var/run/moulinette_yunohost.lock || yunohost dyndns update >> /dev/null
[15:16:11]
<Aleks (he/him/il/lui)> yep si tu veux tu peux remplacer le */10 * du début par * */1
[15:16:25]
<Aleks (he/him/il/lui)> pour dire "1 fois toutes les heures" plutot que "1 fois toutes les 10 minutes"
[15:16:58]
<Willy> parfait, merci beaucoup
[15:45:21]
<pti-jean> Oui, moi aussi j'ai cette erreur! ;-)
[18:00:42]
<freetux[m]> Hello. J’ai tenté une maj de Synapse… planté et restauration plantée aussi, mon weekend commence mal. /o\\
J’essaye de vous envoyer des logs si quelqu’un est dans le coin pour débloquer le truc, au moins permettre la restauration du backup.
[18:00:42]
<freetux[m]> Hello. J’ai tenté une maj de Synapse… planté et restauration plantée aussi, mon weekend commence mal. /o\
J’essaye de vous envoyer des logs si quelqu’un est dans le coin pour débloquer le truc, au moins permettre la restauration du backup.
[18:07:10]
<freetux[m]> https://paste.centos.org/view/a7efc30e
[18:09:19]
<Aleks (he/him/il/lui)> paste.centos.org, really ? x_x
[18:09:20]
<Aleks (he/him/il/lui)> moké ça ressemble à une excuse valable ;P
[18:09:20]
<freetux[m]> Habitudes, et je retire des trucs persos dans les logs.
[18:11:40]
<Aleks (he/him/il/lui)> `'ModuleNotFoundError: No module named '\''attrs'\''`
oh, god
[18:11:41]
<freetux[m]> C'était des pseudos de comptes matrix.
[18:11:41]
<Aleks (he/him/il/lui)> > <@freetux:tetaneutral.net> Habitudes, et je retire des trucs persos dans les logs.
en vrai si t'as du feedback sur le genre d'info que t'enlève, ce serait intéressant pour essayer de les automatiser ...
[18:13:34]
<Aleks (he/him/il/lui)> ```
2022-12-02 17:49:16,732: DEBUG - 181922 DEBUG - + yunohost user create synapse -f Synapse -l Application -d matrix.domain2.tld -p **********
2022-12-02 17:49:16,733: DEBUG - 181922 WARNING - Not a tty, can't do interactive prompts
```
[18:13:35]
<Aleks (he/him/il/lui)> aah c'est genre t'es en 11.1
[19:27:46]
<loose_pajamas> Does the (yunohost) firewall only filter ports?
[19:29:22]
<Aleks (he/him/il/lui)> yes
[19:34:31]
<loose_pajamas> iptables is installed by default, I tried to install iptables-persistent and it indicated it would remove the yunohost firewall
[19:34:57]
<loose_pajamas> can iptables and the yunohost firewall not coexist?
[19:35:53]
<Aleks (he/him/il/lui)> iptables is already installed, iptables-persistent is a different package and conflicts with the firewall because they handle pretty much the same kind of feature
[19:36:14]
<Aleks (he/him/il/lui)> i mean it's similar to having both nginx and apache installed at the same time
[19:36:22]
<Aleks (he/him/il/lui)> both will want to use port 80
[19:41:17]
<loose_pajamas> ok that is good news. I was under the impression that iptables-persistent was required in order to keep the filter rules from getting flushed at reboot
[19:46:19]
<Aleks (he/him/il/lui)> in stock debian yes, but yunohost has its own firewall mechanism and yunohost-firewall is automatically started at boot
[19:51:08]
<loose_pajamas> Thanks for the info Aleks
[19:53:11]
<loose_pajamas> As I said earlier, I'm going to try and set some rules to block most ip addressed. do you know off hand any important ip addresses that yunohost uses such as but not limited to its diagnostics?
[19:54:31]
<Aleks (he/him/il/lui)> uuuuh not sure to get what you mean
[19:54:51]
<Aleks (he/him/il/lui)> but if you want some custom persistent rule you should write a custom firewall hook in /etc/yunohost/hooks(.d?)
[19:58:10]
<Aleks (he/him/il/lui)> cf for example https://forum.yunohost.org/t/close-tcp-22-port-using-yunohost-firewall-service/13518
[19:58:15]
<Aleks (he/him/il/lui)> (post_iptable_rules rather)
[20:13:59]
<loose_pajamas> thanks I'll check that link out
[21:51:19]
<ffdb> https://aria.im/_matrix/media/v1/download/matrix.org/VTGswrvBPXfegJGHgPhDNCqp
[21:51:27]
<ffdb> Hi, trying to install Mastodon and it errored out. Have attached error log.
[21:53:02]
<ffdb> The relevant lines seem to start here:
2022-12-02 21:39:10,570: DEBUG - Error: no version found for '16'
2022-12-02 21:39:10,571: DEBUG -
2022-12-02 21:39:10,572: DEBUG - + ynh_exit_properly
2022-12-02 21:39:11,081: DEBUG - + ynh_clean_setup
2022-12-02 21:39:11,082: DEBUG - + true
2022-12-02 21:39:12,088: ERROR - Unable to install mastodon: An error occurred inside the app installation script
[21:53:39]
<Aleks (he/him/il/lui)> hmmm could be that it's not available for that architecture
[21:55:19]
<ffdb> I installed the 32 bit image as thats all my hardware will support. Might that be the issue?
[21:56:02]
<Aleks (he/him/il/lui)> yup it might be
[21:56:06]
<Aleks (he/him/il/lui)> i'm not sure though
[23:02:26]
<ffdb> Some digging reveals it is an issue with the 32 bit installation. Node doesn't support 32 bit anymore: https://forum.yunohost.org/t/error-impossible-d-installer-mastodon/14517
[23:27:10]
<Aleks (he/him/il/lui)> 😬