RE: Papermerge - Scan & OCR

I have begun to package this today. Hope to have something for comment in the next few days.

cc: @marcusquinn

This app is now up and functional. Please test! I'll submit to the appstore for WIP in a day or so after some more cleanup and testing.

https://git.cloudron.io/doodlemania2/paperless-ng/

Note: inbound mail is enabled, but you have to configure it yourself in paperless config. I haven't tested that yet and from the looks of the repo, there are lots of issues with mail at the moment, so we may ship unstable without inbound mail.

cc: @girish

@robi Here's the recording yall if you like:
https://video.apps.thedoodleproject.net/videos/watch/e7125134-fca9-4c0a-9d29-69cf19eb2464

The encoding was a bit off between audio and video. Not sure what that was about.

As for tech used to produce this glorious (haha) event - writing up a blog entry on that today/tomorrow and will publish if anyone was curious.

Goodnight all - and go paperlessng!

All - I have begun packaging this based on instructions found here as well as basing it off of PHP Lamp. It's still VERY rough (IE, doesn't fully build yet), but would appreciate some eyes on it.

https://git.cloudron.io/doodlemania2/pixelfed

Currently, I'm trying to decide whether the initial setup goes in Dockerfile (would think so) or in start.sh in the uninitialized section. It's been a VERY long while since I attempted to package something, so am more than a little rusty

Also, my run.sh is doing an artisan migrate force on each run - thinking that is a good thing cause run wouldn't know if the container updated, but maybe there's another pattern somewhere that is better.

cc: @girish

@doodlemania2 If anyone is still interested, I'm game to doing another event. Maybe only loosely related to app packaging, maybe we do an educational series or something about how to use the CR.

As an aside, you are all now welcome to use my BBB/Greenlight I have up and running!

@doodlemania2 I've got this thing to a heartbeat status but it has lots of dependencies flying around - trying another approach to packaging to squash em. Will advise on first checkin.

@doodlemania2 Latest checking (simple one tonight) - I switched from supervisor to the build in gunicorn runner and was able to create a username/password and log in! Woot

Now, it's throwing errors about attempt to write to a read only database, so I suspect the auth mechanism is doing something in /app/code that I'll need to symlink.
After that is:
Get the supervisors to work (some weird ini file error)
Test the app
Cleanup
Final commit before handing it off for cloudron test dev in case anyone wants to see it in the app store.

@doodlemania2 Here's my blog on packaging, love of cloudron, and how I set up my broadcast. https://www.derekmartin.org/my-favorite-way-to-host/

@bubonicfred I am starting to package this fork since I am stuck on Papermerge. Hopefully this one will be a bit more cooperative. Will post link when I get something resembling functional.

@doodlemania2 My initial commit is here: https://git.cloudron.io/doodlemania2/paperless-ng

THIS DOES NOT YET WORK

But - I need to do these things and I think it's done:

1. sed in the environment variables to the config
2. create the start.sh (with #1 above)
3. setup the three services in systemd

I've done all of the above previously, I just am short on time, so, if anyone can give me an assist, would greatly appreciate it! If not, will continue just as quick as I can.

@doodlemania2 just an fyi - this is working well, but the "consumption" directory isn't polling so still tinkering with that. I am able to upload manually and auto tagging and pdf extraction is working. so, we're about 95% there I think.

@jimcavoli alrighty - that seems to have worked (running it with cloudron scheduler). now just need someone to help me with tests and it can ship!

If you are running Mastodon and would like to leverage an open relay I'm running to help ... relay, please reach out to me and I'll share the address.
Open relays are allow smaller instances to become more connected by relaying their traffic to other participants. The biggest one, mastodon.host recently went offline which severely hampered smaller shops.

BTW - this relay also works for any app that uses ActivityPub, so almost everyone.

You can reach me on mastodon (at)derek(at)toot.thedoodleproject.net

Time to rip the bandaid off!
I'll start at 3PM EST this Friday and broadcast for one hour. Might even record it if I can find a button for that. Will send out a link later in the week to this thread on how to join. Will walk through how I package, what I'm currently packaging and how (paperlessng), my current state, and where I'm currently at. Can crowdsource after the fact.

https://github.com/StreisandEffect/streisand implements an outstanding VPN (more than just OpenVPN) solution for dummies to use. Full Ansible scripts available to construct VMs.
Other features include:
L2TP/IPsec using Libreswan and xl2tpd
A randomly chosen pre-shared key and password are generated.
Windows, macOS, Android, and iOS users can all connect using the native VPN support that is built into each operating system without installing any additional software.
Monit
Monitors process health and automatically restarts services in the unlikely event that they crash or become unresponsive.
OpenSSH
Windows and Android SSH tunnels are also supported, and a copy of the keypair is exported in the .ppk format that PuTTY requires.
Tinyproxy is installed and bound to localhost. It can be accessed over an SSH tunnel by programs that do not natively support SOCKS and that require an HTTP proxy, such as Twitter for Android.
An unprivileged forwarding user and SSH keypair are generated for sshuttle and SOCKS capabilities.
OpenConnect / Cisco AnyConnect
OpenConnect (ocserv) is an extremely high-performance and lightweight VPN server that also features full compatibility with the official Cisco AnyConnect clients.
The protocol is built on top of standards like HTTP, TLS, and DTLS, and it's one of the most popular and widely used VPN technologies among large multi-national corporations.
This means that in addition to its ease-of-use and speed, OpenConnect is also highly resistant to censorship and is almost never blocked.
OpenVPN
Self-contained "unified" .ovpn profiles are generated for easy client configuration using only a single file.
Both TCP and UDP connections are supported.
Client DNS resolution is handled via Dnsmasq to prevent DNS leaks.
TLS Authentication is enabled which helps protect against active probing attacks. Traffic that does not have the proper HMAC is simply dropped.
Shadowsocks
The high-performance libev variant is installed. This version is capable of handling thousands of simultaneous connections.
A QR code is generated that can be used to automatically configure the Android and iOS clients by simply taking a picture. You can tag '8.8.8.8' on that concrete wall, or you can glue the Shadowsocks instructions and some QR codes to it instead!
AEAD support is enabled using ChaCha20 and Poly1305 for enhanced security and improved GFW evasion.
The simple-obfs plugin is installed to provide robust traffic evasion on hostile networks (especially those implementing quality of service (QOS) throttling).
sslh
Sslh is a protocol demultiplexer that allows Nginx, OpenSSH, and OpenVPN to share port 443. This provides an alternative connection option and means that you can still route traffic via OpenSSH and OpenVPN even if you are on a restrictive network that blocks all access to non-HTTP ports.
Stunnel
Listens for and wraps OpenVPN connections. This makes them look like standard SSL traffic and allows OpenVPN clients to successfully establish tunnels even in the presence of Deep Packet Inspection.
Unified profiles for stunnel-wrapped OpenVPN connections are generated alongside the direct connection profiles. Detailed instructions are also generated.
The stunnel certificate and key are exported in PKCS #12 format so they are compatible with other SSL tunneling applications. Notably, this enables OpenVPN for Android to tunnel its traffic through SSLDroid. OpenVPN in China on a mobile device? Yes!
Tor
A bridge relay is set up with a random nickname.
Obfsproxy is installed and configured with support for the obfs4 pluggable transport.
A BridgeQR code is generated that can be used to automatically configure Orbot for Android.
UFW
Firewall rules are configured for every service, and any traffic that is sent to an unauthorized port will be blocked.
unattended-upgrades
Your Streisand server is configured to automatically install new security updates.
WireGuard
Linux users can take advantage of this next-gen, simple, kernel-based, state-of-the-art VPN that also happens to be ridiculously fast and uses modern cryptographic principles that all other highspeed VPN solutions lack.

@marcusquinn Thank you all so much! That was so much fun I'll post more, including replay and "how I did that" in a while.
We also have a volunteer for next session "Tomer" - I'll work with them to firm up the tooling.

Just a quick update to those watching this space. I've got the app loading the DB and getting up and running now. Last things to deal with are:

1. An apache error that throws out a 403, probably my .htaccess
2. Moving the logs to /run
3. Try one more time to leverage /app/code but at least this way works!

@doodlemania2 ahaha!

So apparently if you DONT click that button, it doesn't get saved in PeerTube. Let that be a lesson for ya. Suffice to say - I did a secondary recording just in case. And it's uploading now

It's destined to be a standard app for Cloudron so will support server reboots, etc. Some tweaks will need to be made by the CR teams for it to move into the app store but will work with them on those over the coming days.

Could we get per app bandwidth consumption graphs!? Pretty please!!!!