It seems that one can setup an "automount" that will make systemd automatically mount when a mount is accessed . It's unclear if this also applies to mount failures or just "not ever mounted". If someone wants to try, I think we need something like this:

The systemd unit file must be named systemd-escape -p --suffix=automount <HOSTPATH>

Then, create a file /etc/systemd/system/<unit_filename_from_above_command>:

[Unit] Description=Automount of hostpath [Automount] Where=HOST_PATH_HERE [Install] WantedBy=multi-user.target systemctl enable <unit_filename>

If that works, I can put this in our code (for volumes and backups).

@dylightful Not yet. It's implemented, but we didn't merge into 7.4. So, we will put it in 7.5.

@Neluser Good idea. But it's quite complicated to automate things like this, that's what it's not done. But something to keep in mind. In the meantime, following https://docs.cloudron.io/storage/#docker-images is the way to go.

@marcusquinn installed on my Mac locally
works nicely
although their example fetch me a joke fails on awk step

Hi @JOduMonT,

I ran Cloudron with a combination of Tailscale & Cloudflared for two weeks without a public IP at my home setup. So far, everything was working well and I didn't encounter any significant issues. Below is the process that I followed:

1# I had two servers - one for Cloudron and the second with docker and docker-compose. Tailscale was installed and configured with Tailscale IP on both servers. The automatic domain configured was disabled in Cloudron and was set manually.

2# I ran the docker-compose.yml file on the second server using the following:

version: '3.8' services: tunnel: image: 'ghcr.io/shmick/docker-cloudflared' container_name: tunnel hostname: tunnel restart: unless-stopped user: 1000:1000 env_file: - $PWD/tunnel.env volumes: - /etc/timezone:/etc/timezone:ro command: tunnel run network_mode: host TUNNEL_TOKEN={TUNNEL-TOKEN}

3# I set up and configured the domain in the Cloudflared UI, and used HTTPS for the Cloudron Tailscale IP with No TLS Verify enabled.

Yeah, imho it makes lots of sense to me for there to be an option to have all app update automatically, but for the platform to not auto update.

@lukas Forgot to link to the docs - https://docs.cloudron.io/user-management/#openid-connect

Fixed in 7.4.1 - https://git.cloudron.io/cloudron/box/-/commit/cc811522e0a629dae894bbb5d0573f3c0f2bad0a

@girish Yes, Thunderbird supports WKD.

From the Thunderbird FAQs it is explained like this:

Currently, it will search for published keys using the WKD protocol, and it will search for keys in the keys.openpgp.org keyserver.

Source:
https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_how-do-i-get-the-public-keys-of-my-correspondents

Slightly off-topic, but related:
Provider posteo also offers to publish public Keys via wkd, as described in this FAQ:

https://posteo.de/en/help/easygpg-how-do-i-publish-my-public-pgp-key-in-posteos-key-directory-via-web-key-directory-wkd

Stil have to document this, but for the moment the currently supported claims can be seen at https://git.cloudron.io/cloudron/box/-/blob/master/src/oidc.js#L529

So mostly the (Oauth2) clients will want to be setup with those scopes: openid profile email

@privsec I moved your thread here.

While this has STILL not been addressed by docker upstream, there is a proposed solution that works:
https://hub.docker.com/r/willfarrell/autoheal

Alternatively a simple cron script checking for unhealthy containers to restart them.

@staff what do you think?

@marcusquinn I had used that before but unfortunately didn’t seem to work for my Office365 migration, which I was surprised to see. Kept throwing me a generic error when I tried. It’s definitely a helpful tool otherwise though! 🙂

@skmgo Haraka feature requests have to go upstream - https://github.com/haraka/Haraka . This is a feature request for Cloudron (which uses Haraka internally).

This is in 7.4

@girish :dance-party:

Thank you.

@mehdi my thoughts / use case exactly.

Doing so with ipchains is a pain (thanks Docker's intervention to firewall); and ufw just doesn't handle all of the use cases (thanks Docker again).