[03:11:12]
<FbIN> The login mechanism for prosody shows as plain instead of hash or encrypted. Is this not vulnerable to hijacking of accounts? LDAP wise too, since there is no 2FA on YNH login.
[03:46:38]
<Chatpitaine Caverne> What is strange, I mount /home in fstab under yunohost and I never had any kind of trouble with the services units and I didn't do anything for that.
So maybe there is a global parameter somewhere.
Maybe you mount /home late in fstab and after some long start mount ? Mine is just after /boot and / mounts.
I found this page talking about the boot process and services waiting for some mount : https://unix.stackexchange.com/questions/246935/set-systemd-service-to-execute-after-fstab-mount
Your mount home service should be called `home.mount` (you can check it by listing the mount services : `sudo systemctl list-units --type=mount`)
Then you can add the After home.mount in the crashed services units definition (/etc/systemd/system/MYSERVICE.service
The bad point of this method could be that in case of upgrade of the app, Yunohost could replace or warning that the file is different than it should be.
I continue to search some informations.
[03:47:55]
<Solrac> Give me a it, and I'll show you my units and fdtab
[03:58:39]
<Solrac> ```sudo cat /etc/fstab
[sudo] password for redacted:
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# systemd generates mount units based on this file, see systemd.mount(5).
# Please run 'systemctl daemon-reload' after making changes here.
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/nvme0n1p2 during installation
UUID=REDA-CTED-REDA-CTED / ext4 errors=remount-ro 0 1
# /boot/efi was on /dev/nvme0n1p1 during installation
UUID=REDA-CTED /boot/efi vfat umask=0077 0 1
#ZFS Pool - Add it here i
myzpool/home /home zfs defaults,nofail,x-systemd.mount 0 0
# swap was on /dev/nvme0n1p3 during installation
UUID=REDA-CTED-REDA-CTED none swap sw 0 0
```
[03:59:03]
<Solrac> ```
sudo systemctl list-units --type=mount
UNIT LOAD ACTIVE SUB DESCRIPTION
-.mount loaded active mounted Root Mount
boot-efi.mount loaded active mounted /boot/efi
dev-hugepages.mount loaded active mounted Huge Pages File System
dev-mqueue.mount loaded active mounted POSIX Message Queue File System
home.mount loaded active mounted /home
myzpool.mount loaded active mounted /myzpool
proc-sys-fs-binfmt_misc.mount loaded active mounted Arbitrary Executable File Formats File System
run-credentials-systemd\x2dsysctl.service.mount loaded active mounted /run/credentials/systemd-sysctl.service
run-credentials-systemd\x2dsysusers.service.mount loaded active mounted /run/credentials/systemd-sysusers.service
run-credentials-systemd\x2dtmpfiles\x2dsetup.service.mount loaded active mounted /run/credentials/systemd-tmpfiles-setup.service
run-credentials-systemd\x2dtmpfiles\x2dsetup\x2ddev.service.mount loaded active mounted /run/credentials/systemd-tmpfiles-setup-dev.service
run-user-21969.mount loaded active mounted /run/user/21969
sys-fs-fuse-connections.mount loaded active mounted FUSE Control File System
sys-kernel-config.mount loaded active mounted Kernel Configuration File System
sys-kernel-debug.mount loaded active mounted Kernel Debug File System
sys-kernel-tracing.mount loaded active mounted Kernel Trace File System
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
16 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
```
[04:00:11]
<Solrac> I had considered, because a lot of the yunohost services, start after network; to have network-pre.target, run `After=home.mount`
[04:11:04]
<Chatpitaine Caverne> Solrac:
Well, IDK to much.
A ZFS mount is longer than classic partition. Maybe the difference with mine.
I have to investigate on x-systemd.mount tag in fstab, IDK this tag.
Of course network-pre.target is a good candidate for doing the trick without modifying all services definitions.
[04:14:28]
<Chatpitaine Caverne> I see the service myzpool.mount which, if I understand, is the pool on which is pointing /home
How is this pool mounted ?
[04:25:09]
<Solrac> I'll try removing the x-systemd.mount, but yeah, ZFS isn't exactly licesne-compatible with Debian, so you need to installed it manually
[04:39:59]
<Chatpitaine Caverne> Solrac:
I don't find any x-systemd.mount option, but I find x-systemd.automount which could be interesting (but I didn't read everything)
https://www.man7.org/linux/man-pages/man5/systemd.automount.5.html
[04:40:36]
<Solrac> funny enough, that actually added (not replace) home.automount
[04:41:24]
<Chatpitaine Caverne> Looks like it's not in the mount system. It's different process.
[04:42:10]
<Solrac> I'm thinking something similar. ..
[04:42:11]
<Chatpitaine Caverne> >Note that automount units are separate from the mount itself, so
you should not set After= or Requires= for mount dependencies
here. For example, you should not set After=network-online.target
or similar on network filesystems. Doing so may result in an
ordering cycle.
[04:42:44]
<Solrac> like its independent, not running at the same time as the other mounts
[04:43:31]
<Solrac> removing the x-systemd.mount did not do jack 🙃 not surprising though
[04:44:25]
<Chatpitaine Caverne> Investigate this x-systemd.automount in the link above. Looks not too bad.
[04:49:09]
<Solrac> So...it's parallel to the rest of the system? 🤔 cuase fstab's auto (which is part of defaults) --
> auto - file system will mount automatically at boot, or when the command 'mount -a' is issued.
[04:50:20]
<Chatpitaine Caverne> If you didn't try auto yet, then yes, try it first.
[05:11:35]
<Solrac> Sorry for my delay; but the same odd load order keeps popping up. Coturn fails, and so does homeassitant (or rather, remains dead)
[05:12:40]
<Chatpitaine Caverne> Is there anything in dmesg command talking about your /home mount ?
[05:16:34]
<Solrac> ```
sudo dmesg | grep mount
[ 6.573016] EXT4-fs (nvme0n1p2): mounted filesystem with ordered data mode. Quota mode: none.
[ 6.844351] systemd[1]: Set up automount proc-sys-fs-binfmt_misc.automount - Arbitrary Executable File Formats File System Automount Point.
[ 6.846929] systemd[1]: Mounting dev-hugepages.mount - Huge Pages File System...
[ 6.847949] systemd[1]: Mounting dev-mqueue.mount - POSIX Message Queue File System...
[ 6.848846] systemd[1]: Mounting sys-kernel-debug.mount - Kernel Debug File System...
[ 6.849650] systemd[1]: Mounting sys-kernel-tracing.mount - Kernel Trace File System...
[ 6.866864] systemd[1]: Starting systemd-remount-fs.service - Remount Root and Kernel File Systems...
[ 6.870367] systemd[1]: Mounted dev-hugepages.mount - Huge Pages File System.
[ 6.870481] systemd[1]: Mounted dev-mqueue.mount - POSIX Message Queue File System.
[ 6.870556] systemd[1]: Mounted sys-kernel-debug.mount - Kernel Debug File System.
[ 6.870629] systemd[1]: Mounted sys-kernel-tracing.mount - Kernel Trace File System.
[ 6.877616] EXT4-fs (nvme0n1p2): re-mounted. Quota mode: none.
[ 6.889671] systemd[1]: Finished systemd-remount-fs.service - Remount Root and Kernel File Systems.
[ 6.890959] systemd[1]: Mounting sys-fs-fuse-connections.mount - FUSE Control File System...
[ 6.892040] systemd[1]: Mounting sys-kernel-config.mount - Kernel Configuration File System...
[ 6.898844] systemd[1]: Mounted sys-fs-fuse-connections.mount - FUSE Control File System.
[ 6.898949] systemd[1]: Mounted sys-kernel-config.mount - Kernel Configuration File System.
sudo dmesg | grep home
[ 6.662540] systemd[1]: Hostname set to <redacted.lol>.
[ 6.777917] systemd[1]: Configuration file /etc/systemd/system/homeassistant.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
```
[05:16:38]
<Solrac> seems not?
[05:17:36]
<Solrac> but;
```
sudo dmesg | grep pool
[ 0.276139] DMA: preallocated 4096 KiB GFP_KERNEL pool for atomic allocations
[ 0.276518] DMA: preallocated 4096 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
[ 0.276897] DMA: preallocated 4096 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
[ 2.738844] zswap: loaded using pool lzo/zbud
[ 9.058342] ZFS: Loaded module v2.1.11-1+deb12u1, ZFS pool version 5000, ZFS filesystem version 5
```
9 is greater than 6, so it is loaded later?
[05:28:11]
<Chatpitaine Caverne> IDK if it's THE solution, but this article describe better the systemd automount process :
https://itsfoss.gitlab.io/blog/automount-with-fstab-and-systemd/
[08:23:56]
<Chatpitaine Caverne> Souci avec Mobilizon :
Dans le service mobilizon, j'ai cette erreur :
`[info] {"error":"** (File.Error) could not write to file \"/var/lib/mobilizon/sitemap/sitemap-00001.xml\": permission denied"`
Je suis tombé sur ce post dans le forum : https://forum.yunohost.org/t/mobilizon-souci-pour-se-connecter/37315/3
J'ai donc modifié le propriétaire:groupe :
`sudo chown -R mobilizon:mobilizon /var/lib/mobilizon`
Mais l'erreur continue.
Je me demande si ça ne pourrait pas venir de la définition du service systemd qui n'a pas de mention de ce répertoire :
```
[Unit]
Description=mobilizon Service
After=network.target postgresql.service
[Service]
Type=simple
User=mobilizon
Group=mobilizon
Environment=MOBILIZON_CONFIG_PATH="/var/www/mobilizon/config.exs"
WorkingDirectory=/var/www/mobilizon/live/
ExecStart=/var/www/mobilizon/live/bin/mobilizon start
ExecStop=/var/www/mobilizon/live/bin/mobilizon stop
KillMode=process
Restart=on-failure
Environment=MIX_ENV=prod
SyslogIdentifier=mobilizon
; Some security directives.
; Use private /tmp and /var/tmp folders inside a new file system namespace, which are discarded after the process stops.
PrivateTmp=true
; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
ProtectSystem=full
; Sets up a new /dev mount for the process and only adds API pseudo devices like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled by default because it may not work on devices like the Raspberry Pi.
PrivateDevices=false
; Ensures that the service process and all its children can never gain new privileges through execve().
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
```
[09:47:15]
<Chatpitaine Caverne> J'oubliais suis en 5.1.5 car en architecture ARM64. D'ailleurs, je ne sais pas s'il y aura de futures versions pour cette plateforme.
[12:52:38]
<Chatpitaine Caverne> Il y a `/var/lib/mobilizon/geo/GeoLite2-City.mmd` aussi qui manque. Vais passer sur github issue de l'app-ynh
[13:15:28]
<Chatpitaine Caverne> Found where it should come from :
From https://docs.mobilizon.org/3.%20System%20administration/install/release/ :
[13:15:34]
<Chatpitaine Caverne> https://aria.im/_bifrost/v1/media/download/AZOtnSUY2XB4iEhONvX8tC78W3Hp_wcchyFSE31LVApAAdajRMmA3CnqSw4hAnGMxXydWaWB3yBYhuwYIuXMcSlCecR7FmgAAGNpcmthdS5hcnQvSVRKT0VNSm9ITW1rY3dRTlh3U3d3QU1M
[13:58:27]
<Chatpitaine Caverne> Désolé, j'aurais dû chercher avant. Il ne s'agit que du répertoire d'accueil et de la commande shell utilisée.
[14:00:59]
<Chatpitaine Caverne> Est ce que ceci dans /etc/passwd veut dire que le user mobilizon est chrooté dans /var/www/mobilizon et /bin/bash ?
`mobilizon:x:988:984::/var/www/mobilizon:/bin/bash`
Et donc pourrait expliquer le fait que je sois non autorisé à `/var/lib/mobilizon/sitemap/sitemap-00001.xml` malgré les droits mobilizon:mobilizon 660
[15:04:11]
<sefaria> Hello,
I have set my own logo in the theming options of Nextcloud and it is showing it correctly in the top navigation and favicon.
Howerver on the sign-in page the official Nextcloud logo is shown.
Is this a common issue or a default setting?
[15:36:23]
<tituspijean> @sefaria:tchncs.de You can change an app's logo in the sign-in page from its configuration page in the YunoHost webadmin
[15:36:37]
<tituspijean> (section "Tile and permissions")
[15:45:02]
<sefaria> https://aria.im/_bifrost/v1/media/download/AS_z0tp1qVNrClwDUIMlFUUJpylRcaMqpOXXrqANfMgBFxxtrWFSjwslT9KgMjuoA6qAfbxo_oXjxhjsMPdc4FpCecSDov8QAHRjaG5jcy5kZS85YWQ3NDk5M2E2M2MxOGFkNjhjNDVlYmRjMmZhNGFmYjkwMWRiOGY3MjAyMDg4NjY0NjkyMDA1MjczNg
[15:45:04]
<sefaria> Yes thank you. But I didn’t mean the YunoHost Portal rather Nextcloud’s own login-page
[15:47:27]
<tituspijean> @sefaria:tchncs.de looks like this is the related documentation: https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/theming.html#modify-the-appearance-of-nextcloud
[16:37:57]
<sefaria> Yes that’s the documentation I followed and set my logo accordingly.
I see my logo everywhere but the login page.
Therefore was wondering if it could be a Yunohost-specific config that is overriding it. Similar to [this persons issue](https://help.nextcloud.com/t/custom-logo-doesnt-work/166703) with a Hetzner managed Storage.
[18:44:17]
<Loicoooo> Hello , fresh install on debian12 of yunoHost , try to degooglize and install nextcloud. The install failed with this => ERROR - provision_or_update failed for apt : An error occured inside the script snippet : Unable to install apt dependencies (php8.3-xxxx..) Any help is welcome
[18:45:17]
<Chatpitaine Caverne> For fresh install, I'd say, proceed to an upgrade of Yunohost. The repositories aren't updated for now.
[18:49:00]
<orhtej2> > <@loicoooo:matrix.org> Hello , fresh install on debian12 of yunoHost , try to degooglize and install nextcloud. The install failed with this => ERROR - provision_or_update failed for apt : An error occured inside the script snippet : Unable to install apt dependencies (php8.3-xxxx..) Any help is welcome
If xxx is litesail install php8.3-fpm
[18:49:18]
<orhtej2> or litespeed or whatever that thing is called
[19:02:50]
<Loicoooo> apt update / upgrade / reboot And nextcloud is installed .. Try to connect to with android app failed with inthe diags => WebDAV / AppAPI endpoint error I digging :)
[19:43:14]
<Chatpitaine Caverne> Loicoooo: Check if nextcloud(API is ion visitors group in menu Groups and permissions
[19:43:35]
<Chatpitaine Caverne> Loicoooo: Check if nextcloud(API) is in visitors group in menu Groups and permissions
[22:15:01]
<Loicoooo> Yes! put visitor in access; and WebDAV / AppAPI endpoint error disapear.