I have begun to package this today. Hope to have something for comment in the next few days.
This app is now up and functional. Please test! I'll submit to the appstore for WIP in a day or so after some more cleanup and testing.
Note: inbound mail is enabled, but you have to configure it yourself in paperless config. I haven't tested that yet and from the looks of the repo, there are lots of issues with mail at the moment, so we may ship unstable without inbound mail.
Hey all, I just obtained my LLC status for The Doodle Project! If you're looking for assistance in Cloudron help or are interested in some of my services I offer, <insert shameless plug here>. Delighted to be working with several of you on hosting Nextcloud Talk High Performance Backend, Big Blue Button (both of those offered in both US and EU), as well as a bunch of other shiny fun things. Holler if you need anything!
Of course, if you have questions about the LLC'ness, happy to answer any time. Especially important if you're considering setting up shop in the US with a Mastodon (or similar) instance to provide coverage for the ugliness out there. Have also been thinking about offering a service to help customers host their own instances of that underneath my 'umbrella' - let me know if interested.
I ran some traps on this thread posted by a law group that had set up their own instance. Also @girish echo'ed the DCMA business in another thread. Thought I'd share:
"Do Future You a huge favor, mitigate your potential liability, and register with the copyright office and designate an agent to receive DMCA reports right now. https://copyright.gov/dmca-directory/
It costs $6 a year. Use a forwarding phone # and a PO Box or other address you check frequently, not your home address: it will be public. Without this registration, you WILL be held liable for any copyright violation on your instance.
I also strongly recommend that if you run an instance, incorporate as a LLC and -- this is the critical part -- take out an umbrella liability insurance policy with coverage of at least $2m per incident and covers attorney costs and fees.
(If you have homeowners or renters' insurance, and you should, this should be a very cheap rider on the policy. 99% of the time it will be unnecessary and the other 1% it will save your ass completely.)
I am somehow not surprised that only two Mastodon instances have registered designated agents and one of them is the Lawprofs instance.
<tweak by Derek>Also: "I found someone on my instance posting CSAM" is not the time to have to learn the reporting process for that vileness. Learn and report ASAP via NCMEC in case of CSAM posted to your service. Legally mandated.</tweak by Derek>
But yeah, for copyright, feel free to steal our DMCA policy, it's CC-BY-SA. (Note that we willingly accept a level of potential risk around repeat offender account termination that may be outside your risk tolerance.) https://dreamwidth.org/legal/dmca
The relevant section of copyright law is 17 USC §512 and you can read it here: https://law.cornell.edu/uscode/text/17/512 You are protected from liability for your users' copyright violations, but ONLY if you follow this process, and the process includes registering a designated agent.
I can't give you legal advice and none of this is intended as such, but if you're absolutely at sea and have never heard of any of this before, I can try to answer general questions.
I have posted the "guide to familiarize you with various legal obligations involved in hosting a server that accepts user-generated content such as a Mastodon instance"! It's here: https://denise.dreamwidth.org/91757.html
Original thread: https://twitter.com/rahaeli/status/1593819064161665024 Tweaked by me for clarity.
Net - if you're running an instance that's open - be aware. If you're running a closed or single user instance, still not a terrible idea. I'm going to be doing it myself for my single user instance because I also run an open relay to help folks out.
@robi Here's the recording yall if you like:
The encoding was a bit off between audio and video. Not sure what that was about.
As for tech used to produce this glorious (haha) event - writing up a blog entry on that today/tomorrow and will publish if anyone was curious.
Goodnight all - and go paperlessng!
@doodlemania2 If anyone is still interested, I'm game to doing another event. Maybe only loosely related to app packaging, maybe we do an educational series or something about how to use the CR.
As an aside, you are all now welcome to use my BBB/Greenlight I have up and running!
I have a Nextcloud Talk High Performance Backend and BBB (for your Greenlight app) available for your use.
If you'd like to use it, I'm offering it for free*. Just DM me for details.
*I will likely start charging in the not terribly distant future, but am open to understanding:
I'm thinking $1-2 US / mo for up to 10 users. Eh? Really the only expense is bandwidth and just a hair of admin overhead. Would welcome your thoughts. Not in it to make $$$, just cover costs.
@doodlemania2 If anyone is interested - I know some of you weren't keen on my original service cause it was US based (Latency being the top questions).
So, happy to announce I'm now up and running in Frankfurt, so if you'd like to leverage either of those tools (or anything else I offer hosting for), let me know. See www.thedoodleproject.com for details if you are curious.
Before I go thinking too much about this, wanted to see if there was a simple way baked in to take, say, paperless-ng which I was running as custom app and swap to the new store version without a full port/reinstall?
Thinking like cloudron upgrade --image..."cloudron's image url"?
@doodlemania2 Here's my blog on packaging, love of cloudron, and how I set up my broadcast. https://www.derekmartin.org/my-favorite-way-to-host/
https://github.com/StreisandEffect/streisand implements an outstanding VPN (more than just OpenVPN) solution for dummies to use. Full Ansible scripts available to construct VMs.
Other features include:
L2TP/IPsec using Libreswan and xl2tpd
A randomly chosen pre-shared key and password are generated.
Windows, macOS, Android, and iOS users can all connect using the native VPN support that is built into each operating system without installing any additional software.
Monitors process health and automatically restarts services in the unlikely event that they crash or become unresponsive.
Windows and Android SSH tunnels are also supported, and a copy of the keypair is exported in the .ppk format that PuTTY requires.
Tinyproxy is installed and bound to localhost. It can be accessed over an SSH tunnel by programs that do not natively support SOCKS and that require an HTTP proxy, such as Twitter for Android.
An unprivileged forwarding user and SSH keypair are generated for sshuttle and SOCKS capabilities.
OpenConnect / Cisco AnyConnect
OpenConnect (ocserv) is an extremely high-performance and lightweight VPN server that also features full compatibility with the official Cisco AnyConnect clients.
The protocol is built on top of standards like HTTP, TLS, and DTLS, and it's one of the most popular and widely used VPN technologies among large multi-national corporations.
This means that in addition to its ease-of-use and speed, OpenConnect is also highly resistant to censorship and is almost never blocked.
Self-contained "unified" .ovpn profiles are generated for easy client configuration using only a single file.
Both TCP and UDP connections are supported.
Client DNS resolution is handled via Dnsmasq to prevent DNS leaks.
TLS Authentication is enabled which helps protect against active probing attacks. Traffic that does not have the proper HMAC is simply dropped.
The high-performance libev variant is installed. This version is capable of handling thousands of simultaneous connections.
A QR code is generated that can be used to automatically configure the Android and iOS clients by simply taking a picture. You can tag '188.8.131.52' on that concrete wall, or you can glue the Shadowsocks instructions and some QR codes to it instead!
AEAD support is enabled using ChaCha20 and Poly1305 for enhanced security and improved GFW evasion.
The simple-obfs plugin is installed to provide robust traffic evasion on hostile networks (especially those implementing quality of service (QOS) throttling).
Sslh is a protocol demultiplexer that allows Nginx, OpenSSH, and OpenVPN to share port 443. This provides an alternative connection option and means that you can still route traffic via OpenSSH and OpenVPN even if you are on a restrictive network that blocks all access to non-HTTP ports.
Listens for and wraps OpenVPN connections. This makes them look like standard SSL traffic and allows OpenVPN clients to successfully establish tunnels even in the presence of Deep Packet Inspection.
Unified profiles for stunnel-wrapped OpenVPN connections are generated alongside the direct connection profiles. Detailed instructions are also generated.
The stunnel certificate and key are exported in PKCS #12 format so they are compatible with other SSL tunneling applications. Notably, this enables OpenVPN for Android to tunnel its traffic through SSLDroid. OpenVPN in China on a mobile device? Yes!
A bridge relay is set up with a random nickname.
Obfsproxy is installed and configured with support for the obfs4 pluggable transport.
A BridgeQR code is generated that can be used to automatically configure Orbot for Android.
Firewall rules are configured for every service, and any traffic that is sent to an unauthorized port will be blocked.
Your Streisand server is configured to automatically install new security updates.
Linux users can take advantage of this next-gen, simple, kernel-based, state-of-the-art VPN that also happens to be ridiculously fast and uses modern cryptographic principles that all other highspeed VPN solutions lack.
All - I have begun packaging this based on instructions found here as well as basing it off of PHP Lamp. It's still VERY rough (IE, doesn't fully build yet), but would appreciate some eyes on it.
Currently, I'm trying to decide whether the initial setup goes in Dockerfile (would think so) or in start.sh in the uninitialized section. It's been a VERY long while since I attempted to package something, so am more than a little rusty
Also, my run.sh is doing an artisan migrate force on each run - thinking that is a good thing cause run wouldn't know if the container updated, but maybe there's another pattern somewhere that is better.
Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost effective and easy to operate. It does not index the contents of the logs, but rather a set of labels for each log stream.
Initial functional version located here for comment: https://git.cloudron.io/doodlemania2/loki
@bubonicfred I am starting to package this fork since I am stuck on Papermerge. Hopefully this one will be a bit more cooperative. Will post link when I get something resembling functional.
THIS DOES NOT YET WORK
But - I need to do these things and I think it's done:
I've done all of the above previously, I just am short on time, so, if anyone can give me an assist, would greatly appreciate it! If not, will continue just as quick as I can.
@doodlemania2 Latest checking (simple one tonight) - I switched from supervisor to the build in gunicorn runner and was able to create a username/password and log in! Woot
Now, it's throwing errors about attempt to write to a read only database, so I suspect the auth mechanism is doing something in /app/code that I'll need to symlink.
After that is:
Get the supervisors to work (some weird ini file error)
Test the app
Final commit before handing it off for cloudron test dev in case anyone wants to see it in the app store.
@doodlemania2 just an fyi - this is working well, but the "consumption" directory isn't polling so still tinkering with that. I am able to upload manually and auto tagging and pdf extraction is working. so, we're about 95% there I think.
@jimcavoli alrighty - that seems to have worked (running it with cloudron scheduler). now just need someone to help me with tests and it can ship!
As many of you know, I offer a few services to fellow Cloudron folks. Wanted to let you all know that I've recently added full Jitsi Meet + Jibri to my portfolio. If you're interested, DM me. Or you can check my website at https://www.thedoodleproject.com. I'll start advertising in about 3 weeks after some smoke tests.
This joins other services like:
Open Mastodon Relay
Big Blue Button for your Greenlight app
Nextcloud Talk High Performance Backend
few other goodies
Note that Nextcloud Talk HPBE and BBB are available in US and EU, but Jitsi/Jibri will be US only till I get at least a few customers that want it over there
Time to rip the bandaid off!
I'll start at 3PM EST this Friday and broadcast for one hour. Might even record it if I can find a button for that. Will send out a link later in the week to this thread on how to join. Will walk through how I package, what I'm currently packaging and how (paperlessng), my current state, and where I'm currently at. Can crowdsource after the fact.
@neurokrish definitely using cloudron backup and have had to use it (both recently to move from custom app to cloudron store app) and previously corrupted my db on purpose and did a restore to test - works amazing.
I generally wouldn't recommend multiple copies of backups of the same data laying around (security concerns), but cloudron backups have been here a long time, are solid, and restores the app EXACTLY like it was from the backup point. It's really quite fabulous.
Just a quick update to those watching this space. I've got the app loading the DB and getting up and running now. Last things to deal with are:
@d19dotca I also noticed an increase in performance. One thing I did notice though - my public buckets were part of the beta and included anonymous root "viewing" of sorts - it generated an XML file of the contents of each public bucket. A quick email to support and they had me turn the bucket to private, then back to public to correct. Something to check if you or someone you love may be an early public bucket adopter there!
Just tracking note here so others can see. I'm starting to package InfluxDB. Probably will get 1.x before 2.0 as 2.0 is wildly different and seems to have some issues changing the default storage path (working through that though) Will see. Stay tuned if you are interested.
If you are running Mastodon and would like to leverage an open relay I'm running to help ... relay, please reach out to me and I'll share the address.
Open relays are allow smaller instances to become more connected by relaying their traffic to other participants. The biggest one, mastodon.host recently went offline which severely hampered smaller shops.
BTW - this relay also works for any app that uses ActivityPub, so almost everyone.
You can reach me on mastodon (at)derek(at)toot.thedoodleproject.net
@scooke So I heard back from email based support - they turned public buckets on for my account!
Today at 3PM Eastern US Time, I'll be hosting (or trying to - it's the first one!) an app packaging event.
If you'd like to join, I will be on chat here:
And the livestream will be here:
Again, this may or may not work, but I've practiced a few times and will be around to show what I do and we can chat.
Hope to see you there!
This is something I've personally been looking for forever! So, great find. Given the proprietary bits, we likely CAN package it as CE and then one would need to just 'upgrade' it per their terms. CR does this with another package (Confluence maybe?) already.
The compose file looks like we could take it apart for CR based use decently, but we'd really need the original Dockerfile files to really do it. Those don't appear to be published anywhere accessible. If you find them, I'd be happy to take a closer look at packaging it for you.
The alternative looks VERY promising, but they are brand new (baserow) and haven't published a repo yet.
You can clone the repo locally and deploy it with the Cloudron CLI: https://cloudron.io/documentation/custom-apps/cli/#installing
Chronograf is an open-source web application written in Go and React.js that provides the tools to visualize your monitoring data and easily create alerting and automation rules.
An initial packaging of Chronograf is now available for comment: https://git.cloudron.io/doodlemania2/chronograf
@murgero hi yall, storj miner here. Great solution, works just fine. I'm currently sharing about 5TB out of an allotted 8TB and earn about $10/mo. Packaging this for Cloudron would certainly be interesting. It's obviously a Docker container, but would feel "weird" in the context of cloudron. I don't see any major gotchas on doing it - there is even a web interface to show stats that you could throw behind the new auth addon.
All - I wanted to report back and not just be a flake - I've been saddled with a crazy go nuts project at work and won't be able to work on this for a while. I've really very sorry, I had gotten everything loaded and was about to start
I hope another app_dev person can pick this up!
@alwynispat A lot of the fediverse apps are being tried by different appdev folks (myself included) - there are some challenges getting some (like lemmy et al) into a single container, but progress is happening! I helped with Pixelfed and Mastodon a bit. Now working on writefreely, lemmy, and bookwyrm as time permits
I've packaged this here: https://git.cloudron.io/doodlemania2/pixelfed it's just waiting for review but works if you'd like to try it out.
@luckow Given the issue with BBB and recording, I've got that disabled on my service. Great points all around. Again, this is for the small shops that need a place.
@shanelord01 (waves) it auto-approves after a few minutes assuming your side is set up cleanly - I see you and welcome!
Many people have tried to relay over the past few weeks. Some don't have SSL (hard pass), some are using fake FQDN (hard pass), and then of course, we had a few bad actors come along and I had to boot em.
Be mindful of your blocks and mutes - whole instance blocking is a big sledgehammer unless it's just a whole instance of bad. Also, if you see someone on my relay and you're like, ewe, Derek should know about that, please ping me (at)derek(at)toot.thedoodleproject.net - I am watching but it's a LOT to watch and any visibility on bad instances is appreciated - let me know and I'll block em at the relay.
This isn't an endorsement, but I got a "feels too good to be true" deal from ssdnodes.com if anyone wants to check them out. I'm putting my purchase through its paces to see if it holds up to the advertised specs now. Here's my reference link if you are interested.
I'm a volunteer app packager but avid user of Cloudron - it's the simplest thing I've ever done and a great community of folks working to enhance the catalog of apps. It's built to just work!