[00:54:03]
<orhtej2> > <@huskyz:matrix.org> Have any of you been able to set up ssh login by key only?
there's an option under `domain.tld/yunohost/admin/#/tools/settings/security` to disable password authentication
[03:03:10]
<huskyz> > there's an option under `domain.tld/yunohost/admin/#/tools/settings/security` to disable password authentication
it doesn't work for me
[03:03:39]
<orhtej2> #define 'doesn't work'
[03:07:49]
<huskyz> I also tried `yunohost settings set security.ssh.password_authentication -v no` but that didn't work either. Now it asks me for the key to connect from the pc where I have the private key, if I try from another pc where I don't have the key it asks me for the password and if I type it correctly I can get in
[03:21:02]
<huskyz> since from what I understand it is not recommended to edit the `sshd_config` file by hand but you should do it via that command, which doesn't work, at least to me
[03:41:24]
<Salamandar> > <@huskyz:matrix.org> it doesn't work for me
there's a green "save" button at the bottom of the page ;)
[03:42:22]
<huskyz> and although I selected “no” under “Password authentication” (in the settings from GUI) and even ran that command to disable password access, because from GUI it didn't work, under “PasswordAuthentication” in `sshd_config` I still see it says “yes"
[03:42:44]
<Salamandar> that's normal then
[03:42:44]
<Salamandar> > Le fichier de configuration '/etc/ssh/sshd_config' a été modifié manuellement et ne sera pas mis à jour
[03:42:46]
<Salamandar> Oooopsies I can confirm this doesn't work for me either
[03:42:56]
<Salamandar> ah, no
[03:43:00]
<huskyz> > <@Salamandar:matrix.org> that's normal then
ok
[03:44:36]
<Salamandar> that's probably because you got a manually modified file too, like me
[03:53:17]
<Salamandar> in domain.tld/yunohost/admin/#/tools/logs
[03:53:50]
<Salamandar> you'll have logs for "apply settings" or idk what it is in english
[03:55:42]
<Salamandar> do you have a warning line in those ?
[03:55:43]
<huskyz> > <@Salamandar:matrix.org> that's probably because you got a manually modified file too, like me
Before trying these solutions I had gone directly to edit the file by hand. Then later when I saw that it was not working I reset everything as it was before and tried these other solutions.
Also I was wondering if it is normal that in `/etc/ssh/` I see two files `sshd_config`
[03:59:30]
<Salamandar> you can't have 2 files with the same name…
[03:59:30]
<huskyz> > <@Salamandar:matrix.org> do you have a warning line in those ?
I'll look into it, thank you
[03:59:30]
<Salamandar> can you check in your log files ?
[04:00:02]
<Salamandar> what's that
[04:00:02]
<Salamandar> ah yeah
[04:00:04]
<yunohelper> Hi! To help us volunteers help you, read about <a href="https://yunohost.org/en/help-me">how to ask for help</a>.<br />Notably, if you are getting an error, share its <em>full</em> log by pasting here the link to the page created by the YunoPaste buttons.<br />Thank you for you patience, and thank you for using YunoHost!
[04:00:32]
<huskyz> > <@Salamandar:matrix.org> you can't have 2 files with the same name…
I thought it was strange, then there is something wrong, right?
[04:05:49]
<Salamandar> > <@huskyz:matrix.org> I thought it was strange, then there is something wrong, right?
one is probably without the "d"
[04:05:49]
<huskyz> > <@Salamandar:matrix.org> do you have a warning line in those ?
nope
[04:06:20]
<huskyz> > <@Salamandar:matrix.org> one is probably without the "d"
oh yes, my bad lol
[04:09:09]
<huskyz> so do you think it is because I had initially edited the `sshd_config` file by hand?
Maybe I should reinstall everything from scratch and try again? Because with the solutions found on the net, I can't solve it
[04:11:42]
<Salamandar> > <@huskyz:matrix.org> so do you think it is because I had initially edited the `sshd_config` file by hand?
> Maybe I should reinstall everything from scratch and try again? Because with the solutions found on the net, I can't solve it
Go into the diagnosis tools of the webadmin
[04:13:35]
<Salamandar> it'll show you if it detects the file as edited by hand
[04:13:44]
<Salamandar> and it'll show you the command to see your changes then overwrite them
[04:15:36]
<huskyz> ok I try
[04:15:37]
<huskyz> ty
[04:15:47]
<Salamandar> no prob <3
[04:27:22]
<huskyz> diagnostics detected that I had modified the `sshd_config` file by hand and suggested a command to restore it to its initial settings.
I did it and now it works! Thank you very much! 🙏
[04:33:24]
<Salamandar> Perfect <3
[06:59:02]
<Louis> Hey, how can I disable IPv6 from the CLI? I can’t find it anywhere…
[07:18:41]
<Err404> I not understand why you want disabling ipv6.
but I think you can edit the file `/etc/network/interfaces`
[07:22:59]
<Err404> and reload your network with `systemctl restart networking`
[07:56:03]
<tituspijean> @err404:matrix.numericore.comnoooope
[07:56:04]
<tituspijean> @err404:matrix.numericore.comon the why, first one can help out with emails being rejected if they are sent from IPv6 (without rDNS for example), and second one will make the Diagnosis quiet about any mismatch between DNS records and actual IPs.
[07:56:04]
<tituspijean> there's two settings: `email.smtp.smtp_allow_ipv6` and `misc.network.dns_exposure`
[07:56:30]
<Err404> tituspijean: thanks 😛
[08:00:07]
<Louis> That, and also, as of now I’m not using IPv6 on my home network, so I might as well disable it (attack surface)
[08:02:10]
<tituspijean> these settings do not disable it per se, but at least YunoHost won't yell about it. You can combine this with @err404:matrix.numericore.com's suggestion to edit the network configuration and actually disable it, but be very wary about it... I tend to be very unlucky when altering it 😅 )
[08:02:24]
<tituspijean> If your router has an IPv6 firewall, you can also enable it.
[08:02:25]
<Louis> Yes it’s enabled
[08:02:57]
<Louis> That’s too bad there is no yunohost command to disable IPv6 / v4
[08:03:34]
<Louis> but thanks
[08:04:00]
<Louis> On another note, is there a guide to properly configure nextcloud with yunohost? I remember reading one on the forum, but can’t put my hands on it right now
[08:04:15]
<Anmol> Hi
[08:08:32]
<Anmol> I want to forward the ports to another server through wireguard client, as the static ip prices has increased significantly. Can someone tell me how this will work?
[08:14:22]
<Anmol> 1. I run a shadowsocks proxy random port, so to connect to my server. Will forwarding this random port and connecting from the remote server running wireguard make the shadowsocks point to my own server or to the remote server?
[08:16:10]
<Anmol> 2. Will I be still able to connect to my server through wireguard for my android phone?
[08:18:33]
<Anmol> 3. Will I have to extra configuration for the apps like Matrix?
[08:21:28]
<Anmol> 4. What about the hairpinning, as of now my server runs smoothly without any trouble at home network. Will port forwarding effect it?
[08:29:51]
<tituspijean> > properly configure nextcloud
define "properly" 😛
[10:46:40]
<huskyz> ok, i've done enough experiments locally with virtualbox, i'm ready to get a vps and install yunohost on it.
On contabo I saw that they also propose the option to install your custom image.
In your opinion should I get a vps with debian and then install yunohost on it with the command `curl https://install.yunohost.org | bash` or install yunohost directly by selecting custom image?
Do any of you use contabo for your yunohost server? Which option did you choose?
Thanks
[11:01:15]
<Salamandar> IDK what contabo is :D
[11:01:54]
<huskyz> > <@Salamandar:matrix.org> IDK what contabo is :D
a vps provider
[11:02:15]
<Salamandar> omg that's so cheap how is it possible
[11:03:24]
<huskyz> > <@Salamandar:matrix.org> omg that's so cheap how is it possible
yeah lol
[11:03:38]
<Salamandar> €4.50 / month
4 vCPU Cores
6 GB RAM
100 GB NVMe
[11:04:01]
<huskyz> i wanna try
[11:05:38]
<huskyz> is insane
[11:10:31]
<huskyz> probably since the prices are so low there will be some tradeoff but anyway it is a small personal server in my case
[11:13:14]
<Salamandar> Well if contabo provides a yunohost preinstalled img… In the end it's exactly the same as a base debian + the curl command
[11:19:32]
<huskyz> I'm not sure if it offers it but I saw that it also proposes to install your own custom image -or so I understand-
[11:30:56]
<huskyz> https://aria.im/_matrix/media/v1/download/matrix.org/gHPXyPGecjooSmXgGJQQAwRC
[11:34:02]
<huskyz> I can't see the screenshot, idk why. Can you see it?
[12:01:55]
<huskyz> btw in case I choose to get a vps with debian instead, can I get it with debian 12? Or should I take it with debian 11? Thanks
[12:03:19]
<Anmol> > <@huskyz:matrix.org> btw in case I choose to get a vps with debian instead, can I get it with debian 12? Or should I take it with debian 11? Thanks
11
[12:07:51]
<Err404> > <@huskyz:matrix.org> I can't see the screenshot, idk why. Can you see it?
yes, there is an actual issue to see images on element (on android), element in the web browser can display images
[12:13:29]
<huskyz> > yes, there is an actual issue to see images on element (on android), element in the web browser can display images
i'm on schildichat desktop, being a fork of element I encounter the same bug here as well
[12:18:38]
<huskyz> > <@anmol:im.anmol.net.in> 11
will I be able to upgrade to version 12 and later in the future without messing up?
[12:21:09]
<Anmol> > <@huskyz:matrix.org> will I be able to upgrade to version 12 and later in the future without messing up?
yes
[12:26:14]
<huskyz> have any of you here installed yunohost on a debian vps? regardless of provider
[12:29:57]
<huskyz> Or did you directly install yunohost on it?
[12:33:01]
<Anmol> > <@huskyz:matrix.org> have any of you here installed yunohost on a debian vps? regardless of provider
on contabo debian then curl works.
[12:55:35]
<Anmol> Do we have api for only Gandi? Or there are other DNS providers as well ? Gandi is ban at my place.
[13:00:39]
<orhtej2> > <@anmol:im.anmol.net.in> Do we have api for only Gandi? Or there are other DNS providers as well ? Gandi is ban at my place.
OVH has a first-class support
[13:00:42]
<orhtej2> in terms of DNS registrar which is what I assume you're asking about
[13:07:28]
<xabi> > <@titus:pijean.ovh> @xabi:balaena.eusabout the Android apps complaining about SSL, do you use .local or similar special tld for your domain?
All my domains (.tld) have Let's Encrypt certificates. I can access Jellyfin just fine typing the URL on my pc, iOS and Android phone, but discovery feature doesn't seem to work (client sees server, but can't connect that way — I must type whole URL). Android TV client can't connect neither via discovery nor entering URL. It's the Android TV client what complains about handshake and 8096 and 8920 ports. YunoHost Diagnosis complains about 1900 and 7359, both regarding Jellyfin. I've opened an issue [here](https://github.com/YunoHost-Apps/jellyfin_ynh/issues/173).
[13:15:00]
<xabi> And if you are talking about Registrar APIs, **Gandi**'s documentation seems to be outdated and I couldn't make it work; **OVH** works; and **Cloudflare** get's stuck if updating email values but updates are sent properly. That's at least my experience.
[13:39:12]
<Augier> Hi! I'm currently in search of a free OS for my newly acquired NAS and I'm starting to consider Yunohost would actually be a good fit. The only thing I'm missing is a disk and container management. I'd like to work on https://github.com/YunoHost/issues/issues/1823 to fill the gap.
[13:39:13]
<Augier> Where should I start?
[13:39:20]
<Aleks (he/him/il/lui)> based on incus (ex-LXD)
[13:39:20]
<Aleks (he/him/il/lui)> https://yunohost.org/dev provides an overview of the various "core" blocks and we typically use https://github.com/YunoHost/ynh-dev to setup a dev environment
[13:39:37]
<Augier> You mean https://github.com/lxc/incus? How is that different from Docker? How can Yunohost run in LXC and not Docker?
[13:39:44]
<Aleks (he/him/il/lui)> LXC is more like a full system (just sharing the kernel with the host i suppose?) whereas docker is designed around "one container = one process" and doesn't really support stuff like "having systemd inside the docker"
[13:39:47]
<Aleks (he/him/il/lui)> also docker containers are supposed to be "immutable" with the data properly externalized in volumes, but Yunohost is a full ecosystem with pieces of data all over the place (well the main place is supposed to be the SQL databases and /home/yunohost.* stuff, but clearly that's not the only thing)
[13:39:58]
<Aleks (he/him/il/lui)> like if somehow you're able to install Yunohost inside a docker, the first time you naively "down" / "up" the container, you'll lose any configuration and data
[13:41:22]
<Augier> Ok, I understand.
[13:41:34]
<Augier> That feature also may involve adding a feature to relocate Yunohost's data directories after installation to make use of newly added disks. I found a few Python libraries to manipulate ZFS and smartmontools and even Btrfs in a second time :
- https://github.com/truenas/py-libzfs
- https://github.com/truenas/py-SMART
- https://github.com/knorrie/python-btrfs
[13:59:47]
<Anmol> check logs $ tail -n 100 /var/www/nginx/domain.tld.error
[13:59:47]
<Anmol> and check if Vaulwarden service is running on your server
[13:59:50]
<Anmol> $ tail -n 100 /var/logs/nginx/domain.tld.error
[14:04:28]
<thatoo> Do you have any idea why one (only) among the multiple domain I manage thanks to ynh can't renew its letsencrypt certificate automatically?
It's always the same domain and every time the same issue : "this domain is not ready.... please check dns conf..."
So every time I have to renew the certificate on the web gui ignoring test and diag verification.
All other domain are ok even matrix.mydomain.tld is ok, only its subdomain admin.matrix.mydomain.tld has trouble renewing itsefl automatically.
[14:05:15]
<thatoo> And if I check the diagnostic page, it says that there isn't any problem with DNS but if I go back to the page to renew this specific certificate, it's the same, if I want to renew, I have to ignore test and diag verification.
It's been like that for, I can't even remember but I never asked before because it's only one and every time I tell to myself that it will solve by itself before next renewal.
[14:07:43]
<Salamandar> > <@thatoo:defis.info> Do you have any idea why one (only) among the multiple domain I manage thanks to ynh can't renew its letsencrypt certificate automatically?
> It's always the same domain and every time the same issue : "this domain is not ready.... please check dns conf..."
> So every time I have to renew the certificate on the web gui ignoring test and diag verification.
>
> All other domain are ok even matrix.mydomain.tld is ok, only its subdomain admin.matrix.mydomain.tld has trouble renewing itsefl automatically.
Is it the only sub-sub-domain you have ?
[14:07:44]
<Salamandar> On the top of my head i'd guess it looks like an issue with how glob subdomains are handled
[14:08:02]
<thatoo> > <@Salamandar:matrix.org> Is it the only sub-sub-domain you have ?
well subdomain are ok but this is the only sub.subdomain indeed
[14:08:46]
<thatoo> Do I do it manually as usual or do you want me to test something?
[14:09:11]
<Salamandar> I think you would need to check your DNS config. Do you have a specific A or AAAA entry for this sub-sub-domain ?
[14:12:21]
<philientaylor> > <@Salamandar:matrix.org> I think you would need to check your DNS config. Do you have a specific A or AAAA entry for this sub-sub-domain ?
Thank you for checking this, as sub-sub, and sub-sub-sub domains, onto infinity, are very important to me in using YunoHost!! :)
[14:12:23]
<philientaylor> My use case is to allow some users to be NS authority over their own sub-domains, and delegate authority further and further down to other sub-YunoHosters 🤪🤣🧐
[16:14:46]
<laguill13> Bonsoir,
Avez vous des astuces pour réduire la consommation de votre serveur ?
Connaissez vous tuned ?
[16:15:47]
<Err404> >réduire la consommation de votre serveur ?
consommation électrique? CPU? RAM?
[16:47:39]
<Ilario> SVP si quelqu'un peut joindre anubis ou pitchum pour leurs dire que le muc yunohostxmpp n'est pas joignable. Merci.
[16:49:24]
<marcms> > SVP si quelqu'un peut joindre anubis ou pitchum pour leurs dire que le muc yunohostxmpp n'est pas joignable. Merci.
Salut, je n'ai plus accès à ce MUC moi non plus mais c'est également le cas d'autres MUCs qui sont comme lui hébergés sur le serveur chapril.org
[16:50:00]
<marcms> Comme j'étais en train de bidouiller ma config TLS j'ai pensé que c'était à cause de ça mais peut-être que le serveur est hors-ligne
[16:50:01]
<pitchum> tous les services chapril.org sont actuellement indisponibles... on est sur le coup...
[16:51:19]
<Ilario> > tous les services chapril.org sont actuellement indisponibles... on est sur le coup...
Merci! 👍
[20:36:23]
<laguill13> > >réduire la consommation de votre serveur ?
>
> consommation électrique? CPU? RAM?
Oui pardon j'ai oublié de préciser.
Je parlais de la consommation électrique
Je pensais utiliser le mode suspend et hibernate après 5 et 30 minutes d'inactivité
[20:37:32]
<Err404> alors il se trouve que ces derniers jours j'ai expérimenté la mise en veille de mon serveur de sauvegarde (je compte faire une sauvegarde deux fois par mois par exemple)
[20:39:29]
<Err404> j'utilise AMT pour réveiller le serveur, l'opération est assez longue car il faut envoyer plusieurs fois la commande (ou des ping) parce que le premier paquet n'arrive pas toujours quand la carte réseau est à l'écoute (cest comme ça que je l'interprete vu qu'il y a des timeout sur le ping ou que la commande ne fonctionne pas du premier coup)
[20:39:55]
<Err404> parfois le serveur réagi en une seconde, parfois il en faut bien 5...
[20:40:27]
<Err404> une fois réveillé il lui faut bien quelques secondes pour donner l'accès à ssh ou les autres services
[20:41:35]
<Err404> donc pour un serveur de sauvegarde, pas de problème, je ne suis pas à 10s près.
mais pour un serveur web ça ne fonctionne pas car on risque d'avoir des erreurs de serveur introuvable ou autre
[20:41:56]
<Err404> à moins d'avoir un proxy qui "fait patienter"
[20:43:14]
<Err404> comme c'est pour mon serveur de sauvegarde, je peux facilement le repasser en veille à la fin de la sauvegarde
[20:47:30]
<Err404> si tu connais un façon fiable et rapide pour réveiller un ordi, je suis intéressé 😺
[20:58:27]
<farfalla> > j'utilise AMT pour réveiller le serveur, l'opération est assez longue car il faut envoyer plusieurs fois la commande (ou des ping) parce que le premier paquet n'arrive pas toujours quand la carte réseau est à l'écoute (cest comme ça que je l'interprete vu qu'il y a des timeout sur le ping ou que la commande ne fonctionne pas du premier coup)
AMT c'est le magic packet ?
[21:15:09]
<olivier> AMT c'est le truc d'intel pour piloter un ordinateur "à distance" (ou en tous cas hors du périmètre de l'OS)
[21:16:22]
<olivier> en gros c'est un ordinateur dans l'ordinateur, ça se base sur le Management Engine (à moins que ce ne soit l'inverse, je me perds dans leur dénomination) ; c'est très utile, mais c'est un gros blob closed-source (basé sur Minix3, d'après les rumeurs), qui tourne même quand l'ordi est éteint - tant qu'il a du jus
[21:24:29]
<farfalla> > <@olivier:no.dustinthe.net> en gros c'est un ordinateur dans l'ordinateur, ça se base sur le Management Engine (à moins que ce ne soit l'inverse, je me perds dans leur dénomination) ; c'est très utile, mais c'est un gros blob closed-source (basé sur Minix3, d'après les rumeurs), qui tourne même quand l'ordi est éteint - tant qu'il a du jus
Ah oui c'est le fameux truc hautement soupconné d'être plein de backdoors ? 😁
Sinon tu as essayé les magic paquets ? Je crois que c'est moins fiable si tu as un réseau compliqué avec des switchs entre la machine qui envoie le paquet et la machine à réveiller, et si la machine à réveiller est éteinte depuis longtemps parce que tu envoie à une adresse MAC et il faut que ce soit correctement routé
[21:25:56]
<farfalla> > <@farfalla:chagai.website> Ah oui c'est le fameux truc hautement soupconné d'être plein de backdoors ? 😁
> Sinon tu as essayé les magic paquets ? Je crois que c'est moins fiable si tu as un réseau compliqué avec des switchs entre la machine qui envoie le paquet et la machine à réveiller, et si la machine à réveiller est éteinte depuis longtemps parce que tu envoie à une adresse MAC et il faut que ce soit correctement routé
genre moi je fait `sudo etherwake -i <interface> <mac>`
[21:26:56]
<farfalla> > <@farfalla:chagai.website> genre moi je fait `sudo etherwake -i <interface> <mac>`
Aussi il faut activer le wake-on-lan sur la machine cible
[21:33:27]
<farfalla> > C'est ça, et c'est bien crade.
> Mais mon serveur est vieu donc son AMT n'a pas les fonctionalités récentes comme la prise de controle poussé ou le vpn.
> Par contre il y a surement les backdoors déjà en place
Oui quitte à ce qu'elles soient là, autant les utiliser 😄
[21:33:47]
<Err404> Le magic paquet ne permet que de réveiller la machine.
On ne peut pas faire un reset ou poweroff forcé comne avec l'AMT
[21:34:46]
<Err404> L'AMT dispose de sa propre config réseau, sa propre ip
[21:37:30]
<Err404> C'est ça, l'AMT c'est bien crade.
Mais mon serveur est vieu donc son AMT n'a pas les fonctionalités récentes comme la prise de controle poussé ou le vpn.
Par contre il y a surement les backdoors déjà en place
[21:37:30]
<farfalla> > L'AMT dispose de sa propre config réseau, sa propre ip
Ah ben oui c'est tout mieux
[21:37:59]
<Krafting> > L'AMT dispose de sa propre config réseau, sa propre ip
je viens de rejoindre, c'est quoi quye t'apelle AMT ?
[21:40:07]
<Err404> https://fr.m.wikipedia.org/wiki/Intel_Active_Management_Technology
[21:42:43]
<Krafting> oh okay