-
mjk
> Am I talking crazy, here? I never used Movim, but I speculate it's how its Tenor integration works. At least it totally could work that way
-
mimi89999
Establishing a secure connection from lebihan.pl to joinjabber.org failed. Certificate hash: 9f340cb01d56d2858109b9a11143a0e834b4da4689769c493e227d07d957cb0c. Error with certificate 0: certificate has expired.
-
rob
Anyone running coturn, see a lot of connection reset by peer in logs? Just wondering if that's reflection nonsense or what
-
Licaon_Kter
rob: was discussed last month, move ports to random non standard, as XMPP clients get the port by XEP-0215
-
rob
I have done that, just wondering if that's what the logs are caused by
-
Licaon_Kter
Oh, you still get hits? I guess they could scan you and refind it Maybe a script to change the port daily in cron? :))
-
xorman
are them that dangerous to even bother?
-
xorman
maybe a netfilter rule would be more appropiate, like filtering away any IP without an already established TCP session
-
rob
Not so much dangerous as contribute to a bigger problem
-
rob
I can just change ports again
-
Licaon_Kter
xorman: you can't, see backlog, your contact from the other server might endup using your STUN/TURN so you'll reject them?
-
xorman
oh right
-
rob
The only thing for now is hiding behind different ports
-
rob
I was thinking automating as well though, every day or so even. But would require communicating to and restarting the xmpp server
-
Licaon_Kter
rob: ejabberd can reload, others dunno
-
MattJ
Prosody too
-
rob
Prosody only when run as a daemon or no? I'm running in docker
-
Licaon_Kter
MattJ: tell us more :)
-
Menel
Of course then you have to reload it "inside" the docker.
-
rob
Which means may as well just restart the container
-
Menel
If you don't mind restarts its perfectly fine of course
-
rob
I guess I could try to change the container to run the server as a daemon instead of an init service
-
rob
Then things like reload would work
-
moparisthebest
rob, `docker exec container-name prosodyctl reload` ?
-
rob
moparisthebest: doesn't work because in the container it's run with the init system
-
moparisthebest
rob, presumably it's just a SIGHUP or something you can send with kill ? probably even from outside docker
-
rob
Could be, I'll do some investigating
-
rob
For now I've just changed ports again
-
rob
But some automated script would be handy
-
Menel
Sighub sounds right. And then add what should be reloaded here: https://modules.prosody.im/mod_reload_modules.html
-
rob
Oh nice, thanks
-
rob
I finally got my smartd setup going with xmpp notifs
-
xorman
rob: care to share your setup?
-
rob
The smartd part?
-
rob
Or everything 🤓
-
xorman
yes
-
xorman
smartd+xmpp notifs roughly
-
xorman
are you using sendxmpp or what?
-
rob
Yes I went with go-semdxmpp✎ -
rob
Yes I went with go-sendxmpp ✏
-
rob
And I'll share the script and config in a few
-
rob
But roughly the info on Arch Linux wiki
-
rob
So the bash script is just: echo "$SMARTD_FAILTYPE: $SMARTD_MESSAGE" | /home/robbie/go/bin/ go-sendxmpp -f /home/robbie/sendxmpprc rob@loranger.xyz
-
rob
And in /etc/smartd.conf: DEVICESCAN -m rob@loranger.xyz -M exec /home/robbie/smartnotify .sh However I think the -m address is unnecessary as the script has it hard-coded.
-
ch1234
i need help
-
ch1234
my employer gave me an adress to use to log on to the xmpp chat
-
ch1234
and it isn't working
-
ch1234
gave me two dofferent passwords and i believe one of them may have worked if the address was right
-
moparisthebest
That's probably something only your employer could help you with
-
mjk
rob: > I finally got my smartd setup going with xmpp notifs I assume, using your own server? Is it running on the same system that smartd notifies about? :))
-
rob
It is on both accounts mjk
-
mjk
I'm trying to setup pgp-encrypted notifications using a _public_ server. The xmpp part was working when I made some manual tests a few months ago, but now that I returned to the project, the (resumably) same setup sends me a message that Conversations can't decrypt. Oh well, back to debugging pgp. *muffled swearing*
-
jonas’
mjk, keys expired? :)
-
jonas’
I have a thing sending pgp emails and it breaks every few months when peoples keys expire. gpg error messages and exit codes are not helpful there.
-
mjk
rob: if/when I'll run my own server, I'll likely still rely on a third party for redundancy
-
mjk
Or is it 'second party' in this case? The sender and receiver technically being me. :D
-
rob
Haha maybe 2nd
-
rob
I have redundant disks plus off-site backups, but no redundancy for the server itself. However prosody does not support clustering afaik anyway
-
rob
I might add some backup power soon, after I upgrade the internet connecting to fiber✎ -
rob
I might add some backup power soon, after I upgrade the internet connection to fiber ✏
-
mjk
jonas’: I _think_ my test key doesn't have expiration date set (or it's in very distant future), but I'll check that, thanks
-
mjk
rob: oh I merely meant sending (critical) notifications using accounts on two servers, at least one of which isn't on the same physical machine
-
rob
Oh yes, that makes sense
-
rob
Maybe we can trade accounts with other operators
-
mjk
That's an idea
-
moparisthebest
mjk, isn't your XMPP server going down notice enough that your server is dead or :)
-
rob
Haha ya
-
mjk
:D
-
mjk
Well there may be even more critical things needing attention than an xmpp server :shrug:
-
rob
True, like a dead disk
-
mjk
So, "my xmpp server is down? Meh, probably power failure"
-
mjk
"Will deal with that later". Meanwhile, the disk are on fire :D✎ -
mjk
"Will deal with that later". Meanwhile, the disks are on fire :D ✏
-
moparisthebest
but if the disks are on fire, it's not sending you that message anyway
-
Харпер
Had a drive fail, xmpp kept running somehow, didn't realize until I rebooted around 7 hours after failure
-
Харпер
Big gradient
-
mjk
moparisthebest: in my particular case, I'll likely run on a pi, with the server not depending on the usb-attached spinning rust. As an example
-
moparisthebest
mjk, just a much-more-prone-to-failure sd card ? :P
-
mjk
Yes, lol
-
moparisthebest
my rpi's all run diskless, nfs root on a server with SSDs
-
mjk
Nice
-
x0n
moparisthebest: I plan on doing that, but with a pi as an nfs server. i know i know...
-
moparisthebest
x0n: rpi4 actually has real gbit nic, real USB3, and real pcie so it's not a bad choice
-
x0n
moparisthebest: indeed, the cm4 even exposes pci-e
-
moparisthebest
Before rpi4 it was a pretty bad setup :)
-
x0n
i'm going with dual ssds in a zfs mirror pool for the root on that machine. over usb ofc ;)
-
Харпер
Can you do mirrored boot?
-
Харпер
btrfs raid1 can, but the system won't boot if a drive fails
-
x0n
have not yet tried that, boot from zfs does work though and the volume manager is built into the storage layer so my guess is yes
-
moparisthebest
Харпер: yes it will, you have to pass a boot option though
-
Харпер
moparisthebest: the degraded flag?
-
moparisthebest
Sounds right
-
Харпер
But your efi won't boot the other drive iirc
-
Харпер
Because grub will update default flag to primary drive everyboot
-
moparisthebest
Without choosing the boot drive manually?