Chatroom logs for support@conference.yunohost.org (Thursday, September 04, 2025)

September
Mon	Tue	Wed	Thu	Fri	Sat	Sun
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

[16:44:41] <miro5001> > <@lucberlin:matrix.org> Hello there! I am setting up my first YH instance this morning. Server install seem to work, I installed NextCloud and it works via the web browser, but if I try to setup the desktop app to connect to my server, it doesn't recognize my nextcloud url as such. In the nextcloud admin, I notice this message, but I am not sure it is related:
> | Your web server is not yet properly set up to allow file synchronization, because the WebDAV interface seems to be broken. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of its `trusted_domains` or the `overwrite.cli.url`. This failure may be the result of a server-side DNS mismatch or outbound firewall rule.
>
> I looked at the config file, trusted_domain and overwrite.cli.url seem to be defined correctly:
> 'trusted_domains' =>
> array (
> 0 => 'localhost',
> 1 => '[my domain name]',
> ),
> [...]
> 'overwrite.cli.url' => 'https://[my domain name]/nextcloud'
>
>
> I am unsure the error and the problems are related, do you have any ideas? Thanks a lot for the help

For apps to connect to your nextcloud server, app nextcloud needs visitors permission. Add nextcloud to visitors group in the webadmin (users and groups)
[16:45:42] <orhtej2> > <@miro5001:matrix.org> Mmhhh, try adding (or editing) `always_bcc your_email_address` in main.cf and restart postfix. This will send a copy of all emails sent (or received, I don't remember). It may help understand what's wrong

The problem magically fixed itself once i deleted legacy_admin user 🤷
[16:45:45] <orhtej2> > <@miro5001:matrix.org> I have a moodle 4.1 instance running in a ubuntu server (with php7.4) that I need to move to a yunohost server. What would be the most straightforward way to do it?
> I've made a db dump (3G) and copied the data_dir locally.

Does moodle come with internal backup? If so make backup and restore it into a fresh instance perhaps?
[16:45:45] <orhtej2> > <@miro5001:matrix.org> It has a db only backup - import. But I don't know if importing an old version of the db is possible

So no content transfer?
[16:45:46] <orhtej2> is there a favicon displaying for you? I see no mention of any favicon in `yunohost-portal` code 🤔
[16:48:24] <boz89> Can I be your visitor on your site Luc? :)
[16:48:24] <boz89> I can be your visitor and you can be mine! :)
[16:49:01] <boz89> Is wireguard still the best vpn to install on yunohost?
[16:49:01] <boz89> has anyone tried x ray vpn? It is supposed to work in countries with dpi censorship
[16:49:02] <boz89> https://github.com/MHSanaei/3x-ui
[16:49:02] <boz89> is that any good?
[16:54:49] <Salamandar> Hmmm is it a known bug that app upgrades are broken ?
[16:54:49] <Salamandar> "No such file or directory /var/...../scripts"
[16:54:50] <jeroen 🇧🇪> Haven't tested that one. I've started using netbird and works pretty well. Utility depends on where your server runs
[16:54:50] <Salamandar> (Am on my phone, can't copy the msg and no log in yunohost log list)
[16:55:32] <tituspijean[m]> @askielboe:matrix.orgyou should be able to! Can you try enabling the debug settings for MediaWiki? (https://www.mediawiki.org/wiki/Manual:How_to_debug) Maybe it will tell you what's the issue.
You wrote that the error starts by a dump of the LocalSettings.php file, but is there a log or error right before it?
[16:56:36] <boz89> are web services that rely on docker alright as a yunohost app or not ideal? I was looking at this vpn https://github.com/NOXCIS/Wiregate
[16:56:37] <boz89> https://github.com/donaldzou/WGDashboard

^This one also uses docker so I don't know if I should port a "non native" docker app to yunohost?
[16:56:49] <tituspijean[m]> @boz89:matrix.org to be transparent, I'm maintaining two of the non-OpenVPN apps (WireGuard with a webui, and Headscale), and I have no will to package other apps. I'm mostly using Headscale nowadays, and I'm quite satisfied with it.
[16:57:15] <lautre> In your Nextcloud config file, do you have an array with 2 entry, one with 127.0.0.1 and other with your domain?
[16:57:16] <boz89> very nice! Does Headscale also function like a "normal vpn" which let's me browse the web from my devices?
[16:57:16] <lautre> Sorry for the noise. It's 'localhost' for the first entry, and, I have one Nextcloud working fine. I found the log, I will search why one doesn't works.
[16:58:01] <lautre> EmFl How is the access settings for apps? : Visitors (means public, without SSO), All_users? admin_only?
[16:58:02] <lautre> I don't understand. This setting is who is allowed to access to the app from Internet.
But yes, if you set "admin" and with your admin session in your yunohost you can't access to the app, there is a problem.
So, you should check logs with ssh access
[16:58:02] <lautre> And, on your browser, please check if you change your "referer", and cookies
[16:58:02] <lautre> If you have some extensions who alter Referer for example
[16:58:03] <lautre> If you don't have another suggestions, may be you should post in the forum.
[16:58:43] <lautre> I can't help more, for the moment (and I use Nextcloud).
[16:59:07] <lautre> I tried to update one of my Nextcloud. It failed. And the nextcloud folder in `/var/www/` disappeared
I tried to restore the "pre-backup", but failed because there was no nextcloud app.
I installed one, and tried to use the pre-backup, and I returned at the first situation where my Nextcloud doesn't works.
Made another backup to don't depend on the pre-backup.
Saw that I need a module for php, but it fail (why, don't know), removed the line in the config file.
Started to use `occ` because it's faster to see if there is still something wrong.
Added mbstring module who was missing.
Updated Nextcloud apps with occ, and removed the apps Polls because missing table in DB (I don't use this app anymore)
Used `occ maintenance:repair` with success.

Now, doing another backup.
Next step will be to upgrade the Nextcloud from Yunohost command.
😀
[16:59:38] <ewilly88> > <@emfl:matrix.org> Hello, (posted this on IRC but I keep getting disconnected and saw the message about missing bridge so sorry for the duplicate in case you saw that message there)
>
> I've recently installed yunohost on a proxmox server via the self helper script available here (https://community-scripts.github.io/ProxmoxVE/scripts?id=yunohost). I don't know if it's related to this or not, but when I install an app, I get the message that everything went well, but everytime I click on the app in the portal, I get a redirection to sso and then back to the portal again.
> Both apps I've tested are deployed on subdomain (home.arpa for main domain, paheko.home.arpa, owncloud.home.arpa). I've set A record for these names to the IP of the yunohost lxc.
> I probably missed something essential but I can't figure it out.

Community script broke some app (immich for example) as it add some fancy stuff. You should install a proper debian LXC and follow yuno installation dicumentation.
[16:59:40] <tituspijean[m]> Yes, you have to setup "exit nodes" on the devices you want to use the outgoing Internet connection, and then you can select the exit node on any client you want to use the tunnel. Default Headscale setup uses quite a lot of command lines (access it with `yunohost app shell headscale` then `./headscale <command>`), though Headplane is also packaged to give some basic UI.
[16:59:41] <EmFl> Hello, (posted this on IRC but I keep getting disconnected and saw the message about missing bridge so sorry for the duplicate in case you saw that message there)

I've recently installed yunohost on a proxmox server via the self helper script available here (https://community-scripts.github.io/ProxmoxVE/scripts?id=yunohost). I don't know if it's related to this or not, but when I install an app, I get the message that everything went well, but everytime I click on the app in the portal, I get a redirection to sso and then back to the portal again.
Both apps I've tested are deployed on subdomain (home.arpa for main domain, paheko.home.arpa, owncloud.home.arpa). I've set A record for these names to the IP of the yunohost lxc.
I probably missed something essential but I can't figure it out.
[16:59:53] <EmFl> Both were set as admin since I'm admin. But I've changed paheko to visitors and it works ... I don't have any extension that would modify referer or cookies
[17:00:09] <EmFl> humm I'm not seeing anything in the logs, nothing when the redirect happens in yunohost logs, the only thing I see is in nginx error log about a missing custom css (*231 open() "/usr/share/yunohost/portal/customassets/home.arpa.custom.css" failed ) but I suppose this is not relevant
[17:00:09] <EmFl> Thanks a lot for your help
[17:00:10] <EmFl> humm might have been happy a bit too soon :p Paheko works fine but owncloud does not log me in (used admin account with password provided during install), getting this : This could be because of a routine safety log out, or because your account is either inactive or not yet authorized for use. Please try logging in after a while or seek help from your Administrator.
I see the oidc callback in the network tab... probably related to the sso issue somehow. Will keep looking but if anyone has an idea I'm all ears :)
[17:00:10] <EmFl> Ok will wait a bit and do that. But changing to visitors could be ok for the time being since my installation is local and both systems have their own authentication layer.
[17:00:26] <EmFl> oh well nextcloud worked right out of the box... sweet. And thanks again :)
[17:00:32] <boz89> I found an issue with the DKIM recommendation from yunohost. DMARC is listed as "p=none" but it should be "p=reject"
[17:00:32] <boz89> that is the whole point of SPF and DKIM
[17:01:13] <orhtej2> as in 'to whom it may concern, every mail that I send is spam', right?
[17:03:35] <boz89> https://dmarcian.com/policy-modes-quarantine-vs-reject/
[17:13:30] <lautre> You can set, in Proxmox, another disk/partition for your VM/LXC and mount it in it. I not yet did it, but it's a way
[17:13:33] <jeroen 🇧🇪> Doing exactly this in my VPS, mounted a drive under /home
[17:13:34] <lautre> What is PBS?
[17:13:34] <jeroen 🇧🇪> Also: use PBS to backup, you can access the files more easily than the normal backup in proxmox
[17:14:41] <EmFl> Hello me again, something else I'm struggling with, if you install yuno on proxmox, then you have a huge lxc or vm that has all your apps and data inside. so I can't back up individually or load balance between my proxmox servers. Did I misunderstand something ? Is there a way to have the best of both worlds ? Or yuno is more targeted at barebone install on single machine and maybe not the right fit for proxmox ?
[17:14:59] <err404> Proxmox Backup Server
[17:14:59] <err404> EmFl: I use Yunohost in a container in a proxmox server, and I use "bind mount" to store some data outside the container (to keep it small):
- https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
[17:15:44] <EmFl> but that would still be specific to yuno right ? Where if I install 20 apps they would all be in the same disk.
[17:15:56] <EmFl> or do you mean, mount inside the lxc a disk under for example /home/yunohost.app/nextcloud
[17:19:00] <jeroen 🇧🇪> should work as well
[17:24:40] <niklas> it looks like the -u flag for `yunohost app list` to list only apps with pending updates has been removed in 12.1. Is there another way of getting that list in the CLI?
[17:28:33] <isAAAc> niklas: not really what you expected i think, but `yunohost tools update && yunohost tools upgrade` gives you what is pending for update _(included system parts)_
[17:30:09] <Aleks (he/him/il/lui)> (or `yunohost tools update apps`)
[17:30:09] <Aleks (he/him/il/lui)> the output may be a bit confusing right now though because it contains raw info, in particular some error messages for failed requirement even when the requirement is fullfiled which is a bit confusing, it was designed to be used by the API)
[17:30:31] <Luc (he/him)> Hello there! I have a domain question. I have a YH server with a public website and a few private apps like nextcloud. My appex domain name (lucmartinon.com) points to the public website, and my YH server is deployed on the subdomain yh.lucmartinon.com.
But if I go to yh.lucmartinon.com, I am redirected to the login page, which seems to be: https://lucmartinon.com/yunohost/sso/login

I don't understand this, per my understanding it should be https://yh.lucmartinon.com/yunohost/sso/login
[17:30:31] <Luc (he/him)> because then, I have to login again to go to then admin, which seems weird
[17:30:32] <Aleks (he/him/il/lui)> hmmm not sure what you mean by "the admin" ? The webadmin ? The user and portal and webadmin are not "connected", they do not share the same authentication cookies so you need to re-log on the webamin anyway even when you're logged in the user portal
[17:30:32] <Luc (he/him)> ok, so nothing to worry here
[17:30:32] <Luc (he/him)> yes the webadmin sorry, what is there /yunohost/admin
Now I have it twice, I can access it at lucmartinon.com/yunohost/admin or yh.lucmartinon.com/yunohost/admin, which seems weird
[17:30:32] <Aleks (he/him/il/lui)> yeaaah the "same" webadmin is accessible by any domain or IP pointing to the machine, but the portal(s) are on each "main domain" of the server
[17:30:33] <Aleks (he/him/il/lui)> (not sure if that's understandable 😬)
[17:30:33] <Luc (he/him)> thanks :)
[17:35:57] <boz89> Could anyone give me quick impromptu advice about the /etc/hosts file? My VPS provider is doing something unusual a bit.
The file looks like this
"
127.0.0.1 localhost
127.0.1.1 hostname.domain.com hostname
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouter
XXX.XX.XXX.X hostname.domain.com hostname"
So it links both 127.0.1.1 and my public IPv4 to hostname.domain.com hostname. Is that correct or will it confuse yunohost???

[17:35:57] <jeroen 🇧🇪> just checked, I would remove your WAN IP in the file
[17:35:57] <boz89> chatgpt and deepseek said it is wrong. chatgpt said to remove the public ipv4 line. deepseek told me to remove both the public ipv4 line AND the 127.0.1.1 line..
[17:35:58] <jeroen 🇧🇪> last line
[17:35:58] <jeroen 🇧🇪> that seems ok
[17:35:58] <jeroen 🇧🇪> that's very wrong
[17:35:59] <boz89> ok I will remove that.. but should I keep the 127.0.1.1 hostname.domain.com hostname ?
[17:35:59] <jeroen 🇧🇪> yes, I know
[17:35:59] <jeroen 🇧🇪> the lat line
[17:35:59] <boz89> the last line is the public ipv4 address of the vps
[17:36:00] <jeroen 🇧🇪> just checked another debian machine and that has us tthe WAN IP and not the 127... I don't think it matters much
[17:36:00] <jeroen 🇧🇪> yes
[17:36:00] <boz89> if yours also has that line then I am guessing it should work with yunohost
[17:36:01] <boz89> lol
[17:36:01] <boz89> I wonder where it has seen "many yunohost installations break".. but it is kinda convincing with that "trust me" statement ha
[17:36:01] <jeroen 🇧🇪> > <@marvin:nitro.chat> Is there a way to reset Let's Encrypt so that Yunohost recreates all certificates and requests?

yunohost domain cert renew is your friend I guess
[17:36:02] <Marvin> Is there a way to reset Let's Encrypt so that Yunohost recreates all certificates and requests?
[17:36:02] <boz89> lol deepseek told me "Trust me on this - I've seen many YunoHost installations break because of manual /etc/hosts tweaks. Let YunoHost handle it! 🚀" trust me bro is not convincing .. it said to also remove the 127.0.1.1 line
[17:36:03] <boz89> thank you!
[17:36:04] <jeroen 🇧🇪> lol
[17:36:05] <jeroen 🇧🇪> the more important domain setting is the one in LDAP when you add domains... that has an impact on postfix (so it knows for which domains to recieve) and nginx and other services
[17:36:06] <boz89> Thank you!!!
[17:36:06] <jeroen 🇧🇪> the setting in /etc/hostname needs to match with what you have in /etc/hosts so that this hostname is resolveable
[17:36:12] <jeroen 🇧🇪> it's all generic stuff....what AI generates
[17:36:59] <lautre> You asked for the content?
[17:36:59] <boz89> yes
[17:37:00] <lautre> Inside, I have the full hostname
[17:37:00] <boz89> just to double check should "cat /etc/hostname" be "hostname" or "hostname.domain.com" ?
[17:37:00] <boz89> yes
[17:37:00] <lautre> The file is `/etc/hostname`
[17:37:01] <boz89> I think yunohost overwrites them anyway but I just want to make sure
[17:37:01] <boz89> the VPS I am using now makes some weird changes to debian
[17:37:01] <lautre> At this time I always used the ISO from Yunohost
[17:37:02] <boz89> for example my vps changes the network of the debian install so /etc/network/interfaces is not used
[17:37:02] <boz89> so I had to change that back first
[17:37:02] <boz89> thank you my friend!
[17:37:02] <boz89> that is actually a good idea! I have never done that I always installed ontop of debian
[17:37:03] <boz89> I am doing a reinstall of a vps but I want to make sure that all my network and host settings are correct before I install yunohost
[17:37:03] <boz89> instead of interfaces it uses "50-cloud-init.cfg" .. which is so weird. it pulls the network settings from the cloud. so i had to disable that
[17:37:03] <boz89> anyway. I made all changes and I am now installing yunohost :)
[17:37:08] <boz89> it looks like yunohost install added the line
[17:37:08] <err404> no, it is good to have "127.0.0.1 localhost" in the /etc/hosts
[17:37:09] <boz89> however the first line "127.0.0.1 localhost" stayed in the file. Is that a problem?
[17:37:09] <boz89> 127.0.0.1 myhostname
[17:37:09] <boz89> to /etc/hosts
[17:37:10] <boz89> another thing which yunohost install didn't do so well is choosing my main IPv6. I have 4 ipv6 addresses defined. The last time I used yunohost install it used the first ipv6 address as my main ipv6, now it used the last one. It is not a big deal for me personally but maybe it should be noted
[17:37:10] <boz89> excellent. so I will replace that line with the line yunohost added
[17:37:11] <boz89> ohh you said it is good to have both lines
[17:37:11] <err404> > <@boz89:matrix.org> excellent. so I will replace that line with the line yunohost added

Keep both lines
[17:37:12] <boz89> gotcha.. keeping both
[17:37:15] <boz89> I also checked and the changes did propagate correctly when I use terminal tools to check the records manually
[17:37:15] <boz89> hmm the "diagnosis" page still shows issues for DNS even though i changed my dns records 30 minutes ago
[17:37:16] <boz89> i am trying "sudo rm /var/cache/yunohost/diagnosis/dnsrecords.json" now
[17:37:16] <boz89> i also tried running them from a different browser
[17:37:16] <boz89> never mind.. yunohost was correct. it was a propogation issue with my registrar. I deleted the records and added them back in and that helped!
[17:37:20] <boz89> hmm
[17:37:20] <boz89> everything in Diagnosis is okay. but it claims that my rDNS is wrong for ipv6. This isn't actually true because I made the change today and it seems to have propagated everywhere already
[17:37:22] <lautre> If you want, you can have 127.0.0.1 and 127.0.1.1
[17:37:22] <Willy> Dans les comptes utilisateurs de mon serveur, il reste le compte "admin"; faut-il le supprimer ?
[17:37:23] <Willy> Bonjour à tous,
[17:37:23] <Aleks (he/him/il/lui)> idéalement oui, en supposant que tu as bien d'autres comptes admins
[17:37:50] <Aleks (he/him/il/lui)> 👍️
[17:37:50] <Willy> Aleks (he/him/il/lui): la commande "sudo yunohost user group info admins" me renvoie 2 membres (dont admin)
[17:37:50] <Willy> je me lance 🙂
[17:37:51] <Willy> c'est fait... mon serveur a pas l'air d'exploser 🙂
[17:41:23] <boz89> this error is driving me crazy because my ipv6 rDNS is set correctly 🤣
[17:41:24] <boz89> i guess I will just press "ignore" and will have to live with one error
[17:41:24] <Aleks (he/him/il/lui)> could be DNS cache
[17:41:24] <boz89> woah that was it!
[17:41:24] <Aleks (he/him/il/lui)> did you just fix it a few hours ago or is it there since a few days ?
[17:41:25] <boz89> https://aria.im/_bifrost/v1/media/download/AVIAS-BAlr9sqtRm8HdXOINlfC0TpPOfRJvd0cYKrnRNo80O9ppeGAE4Lfvmz0tQJCHIvJIm5M5mz7kkGQDbbrtCeZGvPWKAAG1hdHJpeC5vcmcvbmJXU0ZEVXpLVnhRYnVtcHhvSXR2Qnlp
[17:41:25] <boz89> it was the DNS cache
[17:41:25] <boz89> a few hours ago
[17:41:26] <boz89> reboot fixed it
[17:41:26] <boz89> I used "reboot"
[17:41:26] <Aleks (he/him/il/lui)> ah ? how did you cleanup the cache ?
[17:41:26] <Aleks (he/him/il/lui)> ooho ok
[17:41:27] <boz89> Thank you Aleks!!!
[17:41:27] <Aleks (he/him/il/lui)> np i didnt believe in it haha
[17:41:27] <boz89> "sudo systemctl restart dnsmasq" will also flush the dns without reboot
[17:41:27] <boz89> Amazingly it worked though! So all is good!
[17:43:48] <boz89> I think i see where I messed up the last time. When I install sogo it gives me the warning "Your file /etc/hostname should contains only the short hostname, not the FQDN. Having the FQDN (full hostname) in '/etc/hostname' will break the feature of this application and is not recommended. See https://github.com/YunoHost/issues/issues/2460 for more details.".
[17:43:49] <boz89> this time I ignored the warning though
[17:43:50] <boz89> and everything works as it should!
[17:44:27] <Tony> what am I missing about user onboarding? do you really have to create each user and send them a mail with the password you set? Is there no new user temporary password flow or at least a reset password link?
[17:44:28] <Tony> sorry if I missed it somewhere but it's not coming up in my searches
[18:14:32] <tituspijean[m]> Read it as "they have to change their password by themselves since the admins knows it too", there is no system to require the password change automatically.
[18:36:31] <boz89> why is google chrome reporting the yunohost login as phishing? Does this happen for anyone else too?
[18:36:32] <boz89> google chrome doesn't like servers which are safe.. it probably prefers that everyone uses backdoored websites like gmail 🙃
[18:36:32] <boz89> google chrome is the real spyware at this point
[18:36:32] <boz89> this is happening from an android phone. from the chrome desktop browser it seems to not registger like a "phishing site" from chrome
[18:36:33] <boz89> I am surprised google isn't doing anything about it
[18:36:33] <boz89> https://forum.yunohost.org/t/google-flags-my-sites-as-dangerous-deceptive-site-ahead/20361/194
[18:36:33] <boz89> ^other users who all had the same issue
[18:36:34] <boz89> I don't even use chrome myself, but a family member does.
[18:36:34] <tituspijean[m]> They do not care.
[18:36:34] <jeroen 🇧🇪> Vivaldi browser is your friend (does not do this)
[18:36:35] <boz89> What a world we live in eh? We live in an Orwellian 1984 world where "war is peace" and "freedom is slavery"
[18:36:35] <boz89> ^interesting article I found
[18:36:35] <boz89> https://spyware.neocities.org/articles/
[18:36:36] <boz89> https://spyware.neocities.org/articles/chrome
[18:36:43] <tripop> I don't understand how to use php AND composer on web app on yunohost and it starting to be a problem. Like how to do a simlple "composer install" seem to be quite a quest..
[18:36:46] <boz89> how did you install your app tripop? Did you use custom webapp?
[18:36:46] <boz89> "cd /var/www/your-app-name/
composer install"
[18:36:48] <boz89> If this is something that yunohost will implement then I am happy to code it. This will probably also require new Moulinette commands. Which commands should I propose for this?=
[18:36:48] <boz89> I would like to implement an "SSH Keys" sub menu in the tools section between "Firewall" and "Yunohost settings". This has been requested in the forums before. Will it be a waste of time if I write the code for it?
[18:36:49] <Aleks (he/him/il/lui)> sooooo there are design questions about this in terms of what do you mean exactly
[18:36:49] <Aleks (he/him/il/lui)> hmmmmmmmmmmmmmm yes that would be pretty nice, i'm often thinking about this but urgh i juste have too many things in my todo
[18:36:50] <Aleks (he/him/il/lui)> so first there's already commands like `yunohost user ssh --help` if i remember correctly to handle SSH keys
[18:36:51] <Aleks (he/him/il/lui)> in we're talking about SSH keys for Yunohost users, imho the best place to have this would be directly in the "user card" in the Users section of the webadmin
[18:36:51] <Aleks (he/him/il/lui)> there's also `root` which is a special case, idk if we want to handle it or not, but this could be part of the global yunohost settings (similar to the virtual setting for the root password)
[18:36:51] <Aleks (he/him/il/lui)> it's just a bit unmaintained and not advertised and not integrated in the webadmin
[18:36:52] <Aleks (he/him/il/lui)> if we want to go one step further : I think currently the user ssh keys are not backed-up (because they're not in the LDAP and probably it's too painful to move them to LDAP) but we should try to somehow backup/restore the authorized_keys file
[18:36:52] <Aleks (he/him/il/lui)> imho integration the SSH key management in the user section would already be super great
[18:36:54] <boz89> When do non admin users require ssh keys? For something like git or forgejo for example?
[18:36:54] <boz89> I was thinking to do this for the admin user
[18:36:54] <boz89> I didn't think about user authentication for other users too! That too is interesting I think!
[18:36:55] <Aleks (he/him/il/lui)> there are only users member of the "admins" group
[18:36:55] <boz89> haha yes I meant the "admin group" users
[18:36:55] <Aleks (he/him/il/lui)> hmmm but there is no "admin" user anymoar 😬
[18:36:56] <boz89> but your approach makes sense
[18:36:56] <Aleks (he/him/il/lui)> and the "user edit" view in here (but that's uuuuh Vue JS which is not the most obvious thing when not familiar with it 😬 ) https://github.com/YunoHost/yunohost-admin/blob/dev/app/src/views/user/UserEdit.vue ... i was actually iterating on the UserEdit view a few weeks ago to try to list the groups the user is member of among other things : https://github.com/YunoHost/yunohost-admin/pull/644
[18:36:56] <boz89> Ahh, yes this project is more complicated than I thought
[18:36:57] <Aleks (he/him/il/lui)> btw the code corresponding to commands under the `yunohost user ssh` section is for example here : https://github.com/YunoHost/yunohost/blob/dev/src/ssh.py#L77
[18:36:58] <boz89> cool thank you! I will code an ssh key management UI today. For the root setting I think it should be a global setting with just a toggle switch with root account enable or disable. Many people like to use a root account for moving files around with an sftp client. "integration the SSH key management in the user section would already be super great". I agree with this. I will code something and then later on I will post a link to the github so everyone can have a look . About backup of keys that too is a great idea! I will think of something for that too
[18:36:58] <Aleks (he/him/il/lui)> good question ... i suppose strictly speaking we would want the option to manage ssh keys for any user with the "ssh.main" or "sftp.main" permission (and not just members of the "admins" group)
[18:36:59] <Aleks (he/him/il/lui)> yeah i think the current code (for yunohost user ssh) interfaces directly with the `authorized_keys` files so it's not a big deal
[18:36:59] <Aleks (he/him/il/lui)> (feel free to join #yunohost-dev:matrix.org btw)
[18:36:59] <miro5001> > <@boz89:matrix.org> cool thank you! I will code an ssh key management UI today. For the root setting I think it should be a global setting with just a toggle switch with root account enable or disable. Many people like to use a root account for moving files around with an sftp client. "integration the SSH key management in the user section would already be super great". I agree with this. I will code something and then later on I will post a link to the github so everyone can have a look . About backup of keys that too is a great idea! I will think of something for that too

Some users have already ssh keys manually set up
[18:42:44] <tituspijean[m]> (we could also use the helpers, I'll try that when I get home)
[18:42:45] <lautre> That is interesting, because Flarum need composer to pilote and add extensions. I not yet tried this in Yunohost.
[18:47:14] <tituspijean[m]> in the case of Flarum, the helpers already install composer
[18:47:14] <tituspijean[m]> (thinking about it, it's precisely for this use case that I initially wrote the `yunohost app shell` command)
[18:47:14] <tituspijean[m]> aaaaactually this bit of documentation is not up to date : https://github.com/YunoHost-Apps/flarum_ynh/blob/master/doc/ADMIN.md#adding-extensions
[18:47:45] <\> hello - I've been having recurring open resolver dns issues and I don't know what 's overwriting my configs every time ☹️
[18:47:45] <tituspijean[m]> @nino:matrix.libre.brussels are you on a VPS?
[18:47:46] <tituspijean[m]> my guess: if on a VPS, `/etc/resolv.conf` gets overwritten by cloudinit with the providers' own DNS instead of `127.0.0.1`
[18:47:46] <Aleks (he/him/il/lui)> (there was firewall issues in the early 12.1 which should be fixed now)
[18:47:46] <lautre> What config is overwrited?
[18:47:48] <tituspijean[m]> if not by cloudinit, by the network configuration
if not on a vps, hell if I know 🫠
[18:47:51] <lautre> I think, you have a DHCP isn't it?
[18:47:57] <\> ```
at /etc/dnsmasq.d/local.conf
bind-interfaces
listen-address=127.0.0.1
listen-address=::1
```

maybe like this won't be overwritten
[18:47:57] <\> dnsmasq.conf was overwritten
my understanding of this magic is limted
[18:47:58] <\> I'm on a baremetal
[18:47:58] <\> it's networkmanager or what?
[18:47:59] <\> no dhcp enabled it seems
[18:47:59] <\> nah the resolv.conf is a symlink I think
[18:47:59] <\> I'm every time getting my mails blocked, somehow close to realtime

once I close the open resolver it goes through wut
[18:48:20] <\> new feature of blocklists? why didn't i notice this before
no clue really, i don't have many users but both complain for a while now 😆
[18:48:20] <\> anyway, let me just tell you all that i'm still super happy and grateful using yunohost, you've made my life so much more easy
[18:48:20] <\> much luvz ❤️
[18:48:21] <\> yep it's in the www
[18:48:21] <\> inbe4 layer8 🙂
[18:48:22] <lautre> How the IP for your server is configured? Can you show us the `/etc/networks/networking` file? (may be it's another one, but like this
[18:48:22] <\> it's owrking too yes 😆
[18:48:23] <\> https://paste.debian.net/1394356/
[18:48:23] <lautre> Like this one : `/etc/network/interfaces`
[18:48:23] <\> there's not dns configs there
[18:48:23] <\> whoa I'm not using NM here 😲
[18:48:24] <\> and then it's pointing to all the domains in .d folder
[18:48:24] <\> https://paste.debian.net/1394357/
[18:48:24] <lautre> But, if there is DHCP, it will overwrite you /etc/resolv.conf by default. (so, you will need to add some seting in your dhcp client to add what you want in your config file)
[18:48:25] <\> or something like that
[18:48:25] <\> I've had this for a while now - it's really annoying
[18:48:25] <\> I did run regenconf etc
[18:48:26] <\> as it should no, localhost stub
[18:48:26] <\> did I get hacked yes
[18:48:26] <\> it was
[18:48:27] <\> I re-applied the cnfig an hour ago
[18:48:27] <\> probably I created the rest of the issue myself though the regenconf should bring me back in line imo
[18:48:27] <\> if only we were more interesting, our sysadmin life would be easy 😆
[18:48:27] <\> apaprently that bind-interfaces configi s what does that
[18:48:28] <\> yeah I know right 😆 but I didn't touch this shit since forever and then I started once having like broken dns resolvers or something
[18:48:28] <\> backups - right
[18:48:28] <lautre> I don't think. Hackers want a server working properly. May be there is one will fix it!
[18:48:29] <\> I tested ríght after I restarted dnsmasq and it immediately worked again
that's a head scratcher too
[18:48:29] <\> a joke yes - fingers crossed not right lolol would you know 😆
[18:48:29] <\> even iwth backups
[18:48:30] <\> also if you get hacked and you have like 4tb data
gg
[18:48:30] <\> btw you don't appear in the "real" blocklists, so no need for applying
[18:48:30] <\> but imo I am running default except the postfix mailman3 duplicates
[18:48:31] <\> which imo could indicate a more broad issue?
[18:48:31] <\> who'll know 😆
[18:48:31] <miro5001> 53 and 5353 should be closed on a vps
[18:48:31] <\> OR layer8
[18:48:51] <lautre> Depending what you are doing. If you don't host a "public" DNS server, the 53 must be closed
[18:49:52] <tituspijean[m]> @lautre:matrix.orgthey are static
[18:49:52] <tituspijean[m]> (yet again using "online" too broadly 😅 )
[18:49:52] <tituspijean[m]> sorry, so that means your server is online? (I may have written "VPS" too broadly)
[18:49:53] <tituspijean[m]> what's its content?
[18:50:02] <tituspijean[m]> ok *now*, I'm flabbergasted
[18:50:03] <tituspijean[m]> (or a joke?)
[18:50:03] <tituspijean[m]> these elusive things
[18:50:03] <tituspijean[m]> is your port 53 publicly accessible?
[18:50:04] <tituspijean[m]> because that's litteraly it: your resolver was open. :/
[18:50:04] <tituspijean[m]> how long ago?
[18:50:04] <tituspijean[m]> if that's not a joke, I hope you trashed the server and started anew with a sane backup
[18:50:05] <tituspijean[m]> that's good then :)
[18:50:05] <tituspijean[m]> Make sure port 53 stays closed, and try again in a few days. You may try to apply for allowlists again with the blocklists providers that flagged you.
[18:50:05] <tituspijean[m]> That might be enough yes, but maybe some blocklisters simply try to test for port 53 openness, so better safe than sorry and close it on the firewall
[18:50:05] <tituspijean[m]> is that true?
[18:59:44] <Aleks (he/him/il/lui)> this command ... ? you mean DNS record ?
[18:59:44] <Aleks (he/him/il/lui)> does the diagnosis complain about anything related to mail ? or about manually modified configuration files ?
[18:59:44] <yvanq> Hello everybody, since a last update (but not sure witch files), I lost all email possibility on my server
just this message in aquamail or thunderbird "Temporary lookup failure"
even mailing list mailman 3 is not able to send email anymore.
Any idea ?
[18:59:45] <Aleks (he/him/il/lui)> anything else in the diagnosis related to email or manually modified file ?
[18:59:45] <yvanq> yes
[18:59:45] <yvanq> yes but from a long time because of gmail adress in mailing list, I've put this command
`3600 IN TXT "v=spf1 mx ptr include:_spf.google.com -all"`
it works perfectly since 3 years
[18:59:46] <yvanq> https://aria.im/_bifrost/v1/media/download/AR7NE9BjkRtbxfHfOVm1jd3hU9XNOPzcgebKr2utObX9jbQ0EURyyDPCsDBzm3ggXVD-Ebc_fBV8OlZyTOtuC5ZCeZGzykEwAG1hdHJpeC5vcmcvcmFRemRmeVBMbG1jSW5JUFBnV3pYUHpJ
[18:59:46] <yvanq> those errors are from years too
[18:59:46] <Aleks (he/him/il/lui)> then you probably want to `yunohost tools regen-conf postfix --dry-run --with-diff` and propagate the changes
[18:59:47] <Aleks (he/him/il/lui)> and `systemctl restart postfix` once you're done
[18:59:47] <yvanq> ok, I try
[18:59:47] <Aleks (he/him/il/lui)> in particular the virtual_mailbox_maps one
[18:59:48] <yvanq> nope, no changes
[18:59:48] <Aleks (he/him/il/lui)> then can you share the output of `yunohost tools regen-conf postfix --dry-run --with-diff`
[18:59:48] <yvanq> https://elemac.fr/nextcloud/s/c3AHcJypDzSntSJ
[18:59:48] <Aleks (he/him/il/lui)> the file is empty ... can you use paste.yunohost.org instead
[19:20:01] <tonton> Hi, trying to get the nextcloud whiteboard collaboration working. I see I can run the backend with node (npm) or docker. I have so far not setup something like this on yunohost before so I thought I'd check in here and check about best practices or other tips.

So should I run npm or docker? And should I somehow make it run outside of the nextcloud app?
[19:20:37] <tonton> Okay, searching the docs and then the filesystem for npm, I found npm is installed in /opt/node_n/... That I will call directly for now. This is a bit hacky, but seems to work for now.
[19:23:27] <miro5001> > <@tonton:envs.net> Okay, searching the docs and then the filesystem for npm, I found npm is installed in /opt/node_n/... That I will call directly for now. This is a bit hacky, but seems to work for now.

Did you create a user for it?
[19:42:20] <tonton> @miro5001:matrix.org Not yet. But I didn't get farther with it either. 🙂
[19:42:28] <\> I saw that the yunohost.app audiobookshelf permissions were changed to converse - very weird
[19:42:29] <\> anyone had something similar?
[19:42:29] <\> now when I fixed permissions (during install because the audiobookshelf user was removed) I am still seeing a failing systemd startup at the end
[19:42:29] <\> hello all - on last converse update it failed and uninstalled my converse installation and somehow it corrupted my audiobookshelf install -_-
[19:42:30] <\> which then uninstalls the app again
[19:42:30] <\> like --please-let-me-see-before-removing-again
[19:42:30] <\> is there a flag to not uninstall on failing systemd startup so I can debug / see what's wrong? there's not much in the logs tbh
[20:01:20] <tituspijean[m]> #yunohost:matrix.org as a consequence of https://forum.yunohost.org/t/matrix-apps-vulnerability-discovered-and-fixed/38105 and now that all main apps and servers have been updated, we will proceed with a room upgrade tomorrow (2025-09-04) around 19:00 CEST (if there's no important debugging session ongoing at that time here).

Make sure that your clients are up-to-date to be able to load the upgraded room. Your client needs to be compatible with Matrix rooms in version 12.
[22:06:56] <Martin> Hello, has anyone had experience transferring a synapse from yunohost to a separate VM?
[22:06:56] <jeroen 🇧🇪> Yes, I've moved a small one from YH to a docker based one
[22:07:14] <Luc (he/him)> Salut! J'essaye de reinstaller immich, mais ca ne marche pas. J'ai desinstallé depuis l'admin, puis réinstallé (entre temps j'avais supprimé toutes les photos directement sur le serveur car je les avais uploadées sans les exifs, j'ai vu que apres coup qu'il y avait l'outil immich-go). L'install ne donne pas d'erreur, mais ne termine pas, elle bloque sur "Making install". Cependant l'icone Immich arrive dans les app, mais si je l'ouvre je tombe sur la page d'acceuil de NGINX
[22:07:14] <Luc (he/him)> et si je vais dans tools > services je ne vois pas immich-server comme avant
[22:07:15] <Aleks (he/him/il/lui)> peut-être que dans le diagnostique il y a un warning a propos d'un out of memory récent par ex.
[22:07:15] <Aleks (he/him/il/lui)> (a vue de nez ça ressemble à une install qui plante à cause de manque de RAM)
[22:07:15] <Luc (he/him)> ah oui, je viens de trouver les logs: https://paste.yunohost.org/raw/pemururaju
[22:07:16] <Luc (he/him)> je vois rien comme erreur dans les logs, ca detecte bien que j'ai 4Go de ram
[22:07:16] <Aleks (he/him/il/lui)> et dans Outils > Journaux (Tools > Logs), il y a un log d'install ou bien ?
[22:07:33] <Luc (he/him)> Non, rien non plus dans le diagnostique, ca dit que 2,2 Go de ram sur 3,3 sont utilisé
[22:07:34] <Luc (he/him)> J'ai essayé de réinstaller depuis la ligne de commande, on a quelques details de plus:
Info: DEBUG - web build: rendering chunks...
Info: DEBUG - web build: Killed
Info: DEBUG - web build: Failed
Info: DEBUG - /var/www/immich/source/web:
Info: DEBUG - ERR_PNPM_RECURSIVE_RUN_FIRST_FAIL immich-web@1.140.1 build: `vite build`
Info: DEBUG - Exit status 137
Info: DEBUG - + ynh_exit_properly
Warning: Removing the app after installation failure…

Et apres ca desinstalle
[22:07:35] <Luc (he/him)> (je reviens dans une heure)
[22:07:35] <Aleks (he/him/il/lui)> "Killed" c'est typiquement un manque de RAM
[22:07:52] <Luc (he/him)> Merci! j'ai arreté quelques services et relancé, ca a marché
[22:07:52] <montaropdf> So I am looking at what YUNOHOST has to offer.
[22:07:53] <montaropdf> Hello, Bonjour,

Which applications in the catalog couuld allow me to expose a kind of shared clipboard between any device with at least a web browser?

I have tried KDE connect between my 2 linuux boxes, but for some reasons they are not finding each other. I don't think firewall are the issue and the docuumentation is not very clear for such use case.
[22:07:55] <hercut> Je m'auto repond
[22:07:55] <hercut> Bonjour, Je me pose une question, certain apps deamnde a etre en visitors pour fonctionner, est il possible de faire en sorte a ce quelle ne s'affiche pas sur le portail visitor quand meme ?
[22:07:56] <hercut> :/
[22:07:57] <hercut> Oui en cliquant sur Afficher la tuile dans le portail