Friday, May 15, 2020
yunohost@conference.lightwitch.org
May
Mon Tue Wed Thu Fri Sat Sun
        1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30 31
             
YunoHost support room | Don't ask to ask, just ask ! | Be patient and stay polite with everybody (this is a free software project ran by volunteers) | No answer? Post on the forum: https://forum.yunohost.org | This room is mirrored via Echo1 | Donate: https://liberapay.com/YunoHost

[05:45:59] <irc> <Pierre0412> salut o/
[06:47:50] <irc> <Pat|33460> Bonjour, est il possible de faire apparaitre le magasin d'applications de Nextcloud dans le bouton de droite? ou comment installer des applis? (Version
[06:47:51] <irc> <Pat|33460> 18.0.2~ynh1)
[07:54:41] <irc> <Pat|33460> Bonjour, Est-il possible d'installer des application dans Nextcloud? est-il possible de faire apparaitre le bouton du magasin d'appli normalement en haut à droite? Nextcloud Version: 18.0.2~ynh1
[07:58:16] <irc> <Pat|33460> Hello, Is it possible to install applications in Nextcloud? is it possible to bring up the app store button normally at the top right? Nextcloud Version: 18.0.2 ~ ynh1 //Google
[08:08:25] <irc> <autra[m]> <foobar|67093 "donc je suppose que cela vient d"> salut \o t'as généré des certificats letsencrypt pour tes sous-domaines ?
[08:12:20] <irc> <sim:lalter.net> Pat|33460: oui, es-tu bien connecté avec le compte qui est administrateur de Nextcloud ?
[08:25:32] <irc> <greee> bonjour, je cherche une procédure simple pour ajouter le support samba sur mon younohost (auquel j'ai raccordé un gros disque)
[08:25:57] <irc> <greee> je veux un truc simple, lecture/écriture depuis le réseau internet en guest
[09:50:46] <irc> <MadPanda[m]> good morning. is anyone using grafana? i have a problem with the standart dashboard, my netdata is up and running, but grafana shows me (in the netdata charts) network error 502
[10:12:02] <irc> <MadPanda[m]> nevermind, got it to work
[12:40:44] <irc> <foobar|89765> Hello
[12:41:03] <irc> <foobar|89765> Help
[12:41:21] <irc> <foobar|89765> Hihi
[12:42:59] <irc> <Aleks_> alright
[13:44:24] <irc> <guillaume-dupont:matrix.org> bonjour à tous... y a t-il un moyen simple via l'interface web de désactiver une application sans passer par le menu "service" qui reste limité aux process (dnsmasq, fail2ban...) mais pas les riot, pihole...
[13:48:53] <irc> <guillaume-dupont:matrix.org> Bonjour à tous
[14:04:54] <irc> <Aleks_> pas vraiment, ça dépends ce que tu veux dire par "désactiver une app"
[14:05:42] <irc> <Aleks_> certaines apps ont des services sous-jacent que tu peux désactiver ... ce qui veut dire que l'app va cesser de fonctionner mais tu auras toujours une tuile dans le SSO et c'est juste que quand tu cliques dessus il va te dire "erreur 500" ou "502" ou "504"
[14:06:27] <irc> <Aleks_> mais tu pourrais aussi vouloir désactiver le fait que l'app soit exposée pour le serveur web (la conf nginx quoi)
[14:06:52] <irc> <Aleks_> ou bien genre les apps PHP ont un bout de conf dans php fpm du coup tu pourrais vouloir l'enlever temporairement
[14:07:16] <irc> <Aleks_> (du coup pour la question "est-ce que y'a un moyen simple" : non, ça dépends de l'app, et ça dépends de l'objectif recherché)
[14:44:47] <irc> <frereneo:matrix.rf-lef.fr> Salut à tous, j'avais une petite question pour pi-hole. l'outil est vraiment sympa pour épuré les requêtes qui transite sur le réseau, toutefois vu que je travail parfois a l'extérieur via mon ordinateur portable je voudrai utiliser mon DNS depuis l'extérieur, mais je ne sais pas si c'est risqué ?
[16:53:10] <irc> <frereneo:matrix.rf-lef.fr> Ma question est peut être bête ? 😅
[17:37:15] <irc> <autra[m]> ou trop intelligente ? ;-)
[17:37:19] <irc> <autra[m]> Perso je vois pas de risque...
[17:37:26] <irc> <autra[m]> tu soupçonnais quel type de risque Frereneo ?
[17:43:20] <irc> <Aleks_> autra[m]: y'a des attaques par rebond sur le protocole DNS ou UDP en général qui permettent de DDOS une cible indirectement
[17:43:53] <irc> <Aleks_> genre quand tu fais une requete DNS (ou UDP en general, je sais pas trop), tu peux dire "envoie la réponse à telle IP"
[17:44:11] <irc> <autra[m]> aahah oui c'est vrai....
[17:44:15] <irc> <Aleks_> du coup si Alice veut attaquer Bob, elle peut envoyer une requêtes à pleins de serveur qui en fait vont rebondir et aller vers Bob
[17:44:23] <irc> <Aleks_> et y'a des histoires d'amplification je sais plus comment
[17:44:41] <irc> <autra[m]> mais pour frereneo ça change rien non ?
[17:44:46] <irc> <Aleks_> mais il me semble que c'est surtout le mDNS sur le port 5353 (m comme multicast, multi=moulte ?)
[17:44:49] <irc> <autra[m]> les "gros" serveurs DNS ont des mitigations ?
[17:45:56] <irc> <Aleks_> hmyep après naivement ouvrir le port 53 ca a pas l'air plus risqué que n'importe quel autre port
[17:50:31] <irc> <autra[m]> sur le net, ils disent que les mitigations c'est en gros : faire que ton DNS répondent pas à tout le monde (et que les ISP stoppent les paquets avec des fausses adresses ip, qui viennent pas de leur réseau)
[17:53:28] <irc> <autra[m]> oui, da'illeurs https://mangolassi.it/topic/18686/pi-hole-server-involved-in-a-dns-amplification-ddos-attack/19
[18:00:56] <irc> <autra[m]> Frereneo: pour moi si tu veux être vraiment safe, faut pas mettre ton pi-hole en accès ouvert sur internet. Tu peux utiliser un VPN ? Sinon, ya des pistes ici : https://freek.ws/2017/03/18/blocking-dns-amplification-attacks-using-iptables/
[18:01:08] <irc> <autra[m]> d'ailleurs la partie fail2ban pourrait être implémenté par pihole_ynh...
[18:01:21] <irc> <autra[m]> bon je comprends pas du tout la conf fail2ban par contre donc je peux pas dire si c'est bien :-D
[18:21:46] <irc> <frereneo:matrix.rf-lef.fr> > <@yunohost:matrix.org> [irc] autra[m]: tu soupçonnais quel type de risque Frereneo ?

Le risque que quelqu'un qui scan le serveur utilise après le DNS de mon serveur ?
[18:23:26] <irc> <frereneo:matrix.rf-lef.fr> bah j'utilise le Pi-hole pour eviter le tracking de la télémétrie
[18:23:41] <irc> <frereneo:matrix.rf-lef.fr> mais du coup ça ne fonctionne que sur mon local quand je sors, la télémétrie passe pour le coup 😁
[18:23:47] <irc> <frereneo:matrix.rf-lef.fr> et merci beaucoup pour vos réponses !
[18:24:13] <irc> <frereneo:matrix.rf-lef.fr> mais oui j'envisage du coup de monter un serveur VPN sur un serveur dédié
[18:24:40] <irc> <frereneo:matrix.rf-lef.fr> enfin bon merci 😁
[18:27:28] <irc> <frereneo:matrix.rf-lef.fr> y'a peut être moyen de permettre qu'une adresse mac soit autorisé aussi
[18:27:33] <irc> <frereneo:matrix.rf-lef.fr> une liste blanche d'adresse mac
[18:40:33] <irc> <autra[m]> mmhh je pense pas que tu ais l'adresse mac là
[18:41:00] <irc> <autra[m]> autre solution : si tu connais les ips que tu auras (par ex, maison + bureau), tu peux autoriser que certaines ips
[18:41:06] <irc> <autra[m]> mais ça va pas marcher en 3g par contre...
[20:16:53] <irc> <bodtx> Hi I was looking for a post to follow the work on raspberry 4 image but I do not find news, do you have some? thx
[20:26:37] <irc> <Aleks_> it's confusing ... I saw somebody saying they installed yunohost on RPi4 less than 24 hours ago
[20:26:39] <irc> <Aleks_> what have you tried ?
[20:26:52] <irc> <Aleks_> (otherwise yes, https://github.com/YunoHost/issues/issues/1255 ...)
[20:31:47] <irc> <dvdspeler> Is there a beta for armbian buster? Else im downloading stretch for some testing tonite =)
[20:32:27] <irc> <Aleks_> there's an alpha
[20:32:35] <irc> <Aleks_> but soon™ ...
[20:33:21] <irc> <Aleks_> plan is to release 3.8 probably during next week, then one or two week after that we ~may~ be able to start a beta
[20:35:45] <irc> <dvdspeler> Can you point me to an install script for it? I have everything ready to run it on a bananapi =) Just for some testing.
[20:36:26] <irc> <dvdspeler> the /switchToTesting bash script is not getting anywhere hah
[20:44:08] <irc> <Aleks_> very first post : https://github.com/YunoHost/issues/issues/1255
[20:44:20] <irc> <Aleks_> "How to test the different parts", section "Testing stuff on a fresh install"
[20:46:54] <irc> <bodtx> Aleks_: did not try just saw that in the doc: https://yunohost.org/#/install_on_raspberry Raspberry Pi 0, 1, 2 or 3 (does not currently work on RPI 4);
[20:48:32] <irc> <Aleks_> that doc might be wrong but I can't be sure ... everybody was telling how RPi4 needs Buster but it's weird that hardware require a super-specific version of Debian (maybe that's related to the various hacks the RPi does on the kernel etc idk)
[20:48:53] <irc> <Aleks_> so if you're lucky maybe the existing image does work
[20:49:22] <irc> <taziden> Aleks_: to my knowledge, vanilla buster doesn't quite work on rpi4 yet (it's still a work in progress), so it's raspbian buster
[20:50:02] <irc> <Aleks_> yeah Debian don't really love RPi from what I heard
[20:50:31] <irc> <Aleks_> Hugo was telling us how RPi have quite a lot of dirty hacks all over the place and how everything is kind of not really transparent
[20:50:43] <irc> <Aleks_> (at Brique meeting monday)
[20:52:46] <irc> <dvdspeler> I'm now running from armbian buster so well see i guess =) Any interest in some results?
[20:54:17] <irc> <Aleks_> dvdspeler: sure yes
[20:54:38] <irc> <Aleks_> I was supposed to start testing the alpha on ARM board today but got caught up with other things
[20:56:07] <irc> <dvdspeler> Let me know if you want some specifics, its running its setup and Im new to yunohost recently =)
[20:56:16] <irc> <bodtx> Aleks_: thx for the news, I will stay tuned on the issue
[20:57:15] <irc> <Aleks_> dvdspeler: hmmmm already being able to go through the postinstall, create a user, check the webadmin, maybe install a simple app like ... hextris ? would be pretty nice
[20:58:49] <irc> <dvdspeler> Ill try and report how far I get :)
[20:59:10] <irc> <taziden> Aleks_: well, i'd say rpi doesn"t love debian :-)
[21:00:17] <irc> <Aleks_> indeed ;P
[21:00:32] <irc> <dvdspeler> Thats why I like armbian boards better actually ;)
[21:00:49] <irc> <Aleks_> it's just a shame that RPi is a special case and we can't just have everything on Armbian and that's it
[21:02:26] <irc> <Aleks_> (well Armbian ain't all rainbows though, c.f. that stupid issue about lsb-release)
[21:02:52] <irc> <Aleks_> all computers are broken (╯°□°)╯︵ ┻━┻
[21:03:13] <irc> <dvdspeler> Im really curious about yunohost though! Got stretch readily burned on SD if buster fails =D
[21:03:31] <irc> <dvdspeler> yeah thats why we make backups,,, right.......????? :P
[21:04:11] <irc> <Aleks_> paper and pencil is the only reasonable technology
[21:04:42] <irc> <Aleks_> all hail paper&pencil !
[21:05:15] <irc> <dvdspeler> Every five years or so I have this phase that i'm like - computers will serve me - but after trying I always get back to pen and paper
[21:05:36] <irc> <dvdspeler> bulletnote philosophy helped me much !
[21:05:55] <irc> <Aleks_> x)
[21:19:12] <irc> <Sigi100> Hello I would like to install YunoHost on an Odroid, XU4. Is that possible and recommended
[21:20:37] <irc> <Aleks_> yes
[21:21:06] <irc> <Aleks_> I think you need to find the latest *Stretch* (not Buster) Armbian image for your board
[21:21:35] <irc> <Aleks_> then follow section "Install on top of Armbian" here https://yunohost.org/#/install_on_arm_board
[21:22:20] <irc> <Aleks_> https://www.armbian.com/odroid-xu4/#kernels-archive-all
[21:22:41] <irc> <Aleks_> "Stretch server" I guess ...
[21:22:51] <irc> <Amgine[m]> <hmms> I just got ArchLinuxArm up and running on an RPi.
[21:37:17] <irc> <Sigi100> my first idea was to install the YunoHost on an Intel NUC, then I read something about the Odroid XU4. Which is the better choice or easier
[21:50:27] <irc> <dvdspeler> I was thinking about getting the pine64.org rock60pro - but I'm still playing and learning
[21:52:26] <irc> <Doum[m]> <Sigi100 "my first idea was to install the"> I have it install on Odroid XU4
[21:55:20] <irc> <Doum[m]> But I think it's not thé Best choice for Nextcloud
[21:59:23] <irc> <Doum[m]> Specially if you don't have the fan on it.
[21:59:32] <irc> <Doum[m]> When I load picture from Album, the temperature increase up to 90°
[22:01:48] <irc> <Sigi100> and what would be your recommendation for Nextcloud and piwigo
[22:02:16] <irc> <Doum[m]> I think the best choice for the moment is the NanoPi M4, specially with the 4 SATA hat
[22:03:02] <irc> <Doum[m]> For 50 $ you have already 4 usb3 port
[22:03:34] <irc> <Doum[m]> And it run in 64bit instead of 32bit for XU4
[22:04:54] <irc> <Doum[m]> And they build it with a big heat sink so no trouble with temperature
[22:07:02] <irc> <Sigi100> Ok i will buy me the NanoPi M4 an try to install YinoHost.
[22:07:38] <irc> <Doum[m]> * [NanoPi M4 - 2G DDR3](https://www.friendlyarm.com/index.php?route=product/product&product_id=234)
[22:07:39] <irc> <Doum[m]> * [NanoPi M4v2 - 4G DDR4](https://www.friendlyarm.com/index.php?route=product/product&product_id=268
[22:07:41] <irc> <Doum[m]> * [NanoPi M4 - 2G DDR3](https://www.friendlyarm.com/index.php?route=product/product&product_id=234)
[22:07:41] <irc> <Doum[m]> * [NanoPi M4v2 - 4G DDR4](https://www.friendlyarm.com/index.php?route=product/product&product_id=268)
[22:08:42] <irc> <Doum[m]> [4 SATA hat](https://www.friendlyarm.com/index.php?route=product/product&product_id=254)
[22:11:18] <irc> <Doum[m]> Yes I think it's a good product for self-hosting for 100$ that can handle Yunohost very easily
[22:13:50] <irc> <dvdspeler> Aleks_ man, yunohost is freaking awsome! Ive tried so many ARM compatible hosting managers but this is something else =) Im already using my IP adress in another server with forwarded ports though. Can thiss still work? Anyhow, everything installed fine!
[22:16:43] <irc> <Aleks_> wait until you see the 3.8 ;P
[22:17:03] <irc> <dvdspeler> I was planning to use FreedomBox as a router, it has the service BIND (wich i dont understand much yet) to handle domains I hoped.
[22:17:06] <irc> <Aleks_> ugh if you want multiple server behind the same IP it's doable but hmpf that adds a layer of complexity
[22:17:17] <irc> <Aleks_> (it's called "reverse-proxy")
[22:17:27] <irc> <dvdspeler> yeah Ive postponed it much haha
[22:18:02] <irc> <dvdspeler> Maybe I should leave ARM behind and get a real server then :P But I love ARM!
[22:19:23] <irc> <Aleks_> for a reverse proxy setup, ideally I'd say it's easier if you have yunohost as the "front" server because then you can add the redirect_ynh app that will handle the reverse proxy configuration for you ... but it really depends on what exactly is your setup and intention
[22:22:01] <irc> <dvdspeler> I want to secure my net while being able to host stuff in any way i'd like, dont we all? ;) Maybe I should switch things up. I thought modem -> freedombox -> LAN (yunohost, nextcloud, other arm projects)
[22:22:28] <irc> <dvdspeler> Maybe the freedombox has just been surpassed by YunoHost though xD
[22:24:12] <irc> <Aleks_> ¯\_(ツ)_/¯
[22:24:58] <irc> <Bram> while being in the same field both projects aren't exactly the same thing
[22:25:38] <irc> <dvdspeler> thats why i was planning on using both, since ARM is awesome
[22:26:06] <irc> <dvdspeler> I like seperating my "virtualboxes" with hardware
[22:38:57] <irc> <dvdspeler> Aleks_ Installed hextris, forwarded 443 and 80 to my device IP in router, but cannot get to it. Locally, user interface isn't loading either. Need anything more? Im gonna check out stretch otherwise :)
[22:42:37] <irc> <Aleks_> user interface, you mean the webadmin ?
[22:43:04] <irc> <Aleks_> (did you try using the local IP ?)
[22:43:23] <irc> <dvdspeler> <ip>/hextris?
[22:43:37] <irc> <Aleks_> hmmmm or even just <ip>...
[22:43:43] <irc> <Aleks_> should redirect you to the webadmin
[22:43:48] <irc> <dvdspeler> yeah sure just admin
[22:44:19] <irc> <Aleks_> oh but yeah to access apps you gotta go use the domain name (I know, not very intuitive...)
[22:44:22] <irc> <dvdspeler> right top area "user interface" button doesnt load
[22:45:07] <irc> <Aleks_> you could try to tweak /etc/hosts so that the domain would correctly resolve to your local IP but nevermind
[22:45:25] <irc> <Aleks_> if you got that far as installing apps that's already a pretty nice test and result
[22:45:51] <irc> <Aleks_> (it means there's no shitty dependency issue or whatever technical thingy preventing install and postinstall and app install)
[22:45:52] <irc> <dvdspeler> yeah ok thnx anyway. So good news, its running. U want some notes I made of the outputs? dmesg journalctl
[22:46:27] <irc> <Aleks_> uh not really except if you noticed anything weird in particular x)
[22:47:15] <irc> <dvdspeler> Yeah sure! Im gonna be hanging around in the channel to see when the beta is out :) good luck
[22:47:51] <irc> <Aleks_> alrighty thanks for the tests that really helps !
[22:48:59] <irc> <dvdspeler> I can do a run on pine64 or rock64 tomorrow if you'd like =)
[22:49:43] <irc> <Aleks_> well if you feel like it I have nothing against it ¯\_(ツ)_/¯
[22:50:35] <irc> <dvdspeler> only if it helps, otherwise ill be there with 3.8 ;)
[22:53:08] <irc> <Aleks_> i think it does help if it's an ARM64 architecture but that's not really the super-top-notch-testing-priority either
[23:01:13] <irc> <dvdspeler> Allwinner A64 and Rockchip RK3328 is what I can offer you a test and some notes from, I'll see what I can do =)
[23:09:47] <irc> <Amgine[m]> The RPi3 and the RPi4 are 64, but Raspbian is not. That is why I am testing Arch.
[23:15:28] <irc> <wbk:osba.nl> > <@yunohost:matrix.org> [irc] Aleks_: for a reverse proxy setup, ideally I'd say it's easier if you have yunohost as the "front" server because then you can add the redirect_ynh app that will handle the reverse proxy configuration for you ... but it really depends on what exactly is your setup and intention

Thanks for that suggestion! :-)