[00:02:19]
<Aleks (he/him/il/lui)> `sudo yunohost tools regen-conf yunohost`, unless maybe the cron job was manually modified
[00:07:58]
<kevadesu (EN/FR/DE)> i actually managed to figure it out
[00:08:01]
<kevadesu (EN/FR/DE)> https://aria.im/_matrix/media/v1/download/gitter.im/75885c2db6757e353e62f59eada40e81c32f058c1796332768204947456
[00:08:33]
<kevadesu (EN/FR/DE)> it was in /etc/cron.d but thanks eitherway!
[07:29:37]
<jorgeluis> Could someone please check this issue with piwigo?
https://github.com/YunoHost-Apps/piwigo_ynh/issues/128
[07:34:30]
<centralscrutinizer> > <@chrichri:librem.one> Does anybody run the whatsapp bridge together with conduit?
i am running it but on synapse
[11:53:11]
<Louis> Hi, has anyone tried to install their own CA and certify yunohost server? How feasible is it?
[12:11:25]
<Louis> My plan was to have my own CA so that I can have mTLS with the clients I trust in order to open my server to the internet while avoiding the use of the VPN (because where I work I need to be on the local network of the company, and yet be able to connect to my server, so VPN does not make it). And I don’t feel extremely safe just opening up my webserver and trusting the web portal for sign-in. mTLS is an extra layer of security that i’d like. However, it seems that yunohost does not support another CA except let’s encrypt… So I’m wondering if it’s a good idea to go that way or not.
[12:30:08]
<chrichri ⚡> > <@louisvgn:matrix.org> My plan was to have my own CA so that I can mTLS in order to open my server to the web while avoiding the use of the VPN (because where I work I need to be on the local network of the company, and yet be able to connect to my server, so VPN does not make it). And I don’t feel extremely safe just opening up my webserver and trusting the web portal for sign-in. mTLS is an extra layer of security that i’d like. However, it seems that yunohost does not support another CA except let’s encrypt… So I’m wondering if it’s a good idea to go that way or not.
Independet of the question if the SSL stuff would be possible with yunohost - you could easily use a VPN if you're allowed to do so by the rules at your company.
It is quite usual to route only the traffic for certain addresses or networks through a VPN and let the rest of the traffic use the local networks default routing.
Certificates: I do not know much about mTLS, but your yunohost uses Let's encrypt to proof its identiy to its clients (e.g. you). This is quite independent of using client certificates to authenticate the clients.
As far as my knowledge goes there's no option in yunohost to use client certificates. If I'd really want to use client certificates and still use yunohost I'd put a reverse-proxy in front of the whole yunohost to verify the clients and decide which traffic should go in without trusted certificates (like federation traffic).
[12:31:22]
<chrichri ⚡> Just tried mautrix_whatsapp : https://chrichri.ween.de/o/500f45ff9cae465e8660f1a1febb4efd 🥴
[12:42:31]
<Louis> > <@chrichri:ween.de> Independet of the question if the SSL stuff would be possible with yunohost - you could easily use a VPN if you're allowed to do so by the rules at your company.
> It is quite usual to route only the traffic for certain addresses or networks through a VPN and let the rest of the traffic use the local networks default routing.
> Certificates: I do not know much about mTLS, but your yunohost uses Let's encrypt to proof its identiy to its clients (e.g. you). This is quite independent of using client certificates to authenticate the clients.
> As far as my knowledge goes there's no option in yunohost to use client certificates. If I'd really want to use client certificates and still use yunohost I'd put a reverse-proxy in front of the whole yunohost to verify the clients and decide which traffic should go in without trusted certificates (like federation traffic).
That’s what I was planning to do with the reverse proxy indeed. Though I may try out the VPN solution you mentioned. It may work if I use some random ports so that the company does not detect the VPN… Thanks
[12:45:05]
<chrichri ⚡> > <@louisvgn:matrix.org> That’s what I was planning to do with the reverse proxy indeed. Though I may try out the VPN solution you mentioned. It may work if I use some random ports so that the company does not detect the VPN… Thanks
It is not only a question of detecting VPN, but of compliance. Where I work I'm bound not to do that, because of backdoor to our internal network. Do you want that responsibility (that comes with routing through a VPN)?
You could even use a proxy for the VPN and run it on tcp:443 using the CONNECT method. There are solutions out there.
[12:49:39]
<Louis> Right, I’ll look into that. For now, it seems to be a bit easier with the VPN, though mTLS would be the ideal solution.
[18:18:20]
<chrichri ⚡> Just installed **GoToSocial** and am a bit confused about **registration**: Found hints that there might be a way to have self-registratoin with confirmation by the admin, but didn't find any information on how to use it...
[18:19:40]
<chrichri ⚡> What I undestood is: to **expose the public timeline on the web** I'd need to install a web-frontend and allow guests to read that stuff - is that correct?
[18:24:38]
<tl> Does anyone know when yunohost for raspberry pi 5 will be released?
[21:55:59]
<amu> Hello. If I want to write a custom script for an app (to periodically clean Mastodon cache files), where should I store it?
[21:56:19]
<amu> It'd be used with cron
[22:15:54]
<amu> I'd like to make sure the script gets backuped by the standard yunohost backup
[22:28:34]
<amu> And it stays when having a major Yunohost upgrade