My feedback on Yunohost
This blog is hosted on a Yunohost instance, I wanted to explain why I made that choice, how I made it work and what I thought about the Yunohost project…
What’s Yunohost?
I can’t say it better than the dedicated page on the topic. If I try my best to keep it short I would say that Yunohost (Ynh) is a tool set that has been integrated on Debian to make hosting easy.
This makes self-hosting available to some people that don’t have all the skills or time required to do so otherwise.
Ynh offers, amongst other things:
-
Central authentication and access filtering to your web applications
-
A simple web or command line administration interface
-
A catalog of applications that can be installed in a few clicks (or commands)
-
Automatic HTTPS certificate management with letsencrypt
-
A simplified system and applications update management
Before Yunohost
To better explain how I came to Yunohost, I must start with what I did before that.
I had some services — most of them web services but not only — installed on multiple servers, using multiple technologies (containers, virtual machines, physical servers), on multiple GNU/Linux distributions. At first those services were only used by me and most of them were the results of tests that kept going on forever. Some arose from the will to get out of the grip of google and co. So I started with Nextcloud, Piwigo, Zimbra then Kolab, Mumble and many others.
The de-google-ify Internet campaign from framasoft only brought more interesting tools to my knowledge, which led to more and more installations.
As time went on I opened those services to my family and friends. I also tried different ways to install and manage them and it all ended up being a giant mess.
Multiple issues came up:
-
It was impossible to keep everything up to date. Even with automation I had no central management system and keeping everything up to date would take way too much time and energy.
-
Too many accounts to handle. It’s a pain in the ass to keep seperate accounts for each application we want to use.
-
It was impossible to back everything up correctly. To many different environments, technologies, methods… Let’s not even talk about how to restore those backups
The decision and the technical choice
I had already tried Yunohost several years back, it was not good enough to my liking, there was not enough applications avaiblable and my self hosted services were not that messy yet. It was still a few web apps hosted on a virtual machine.
I have had a plan in mind for several months, better yet years: regroup all my applications, install a ldap server, make beautiful playbooks to deploy and manage all that stuff but that represented a mountain of work, skills to acquire, hours to spend (24 hours in a day is far too little)… I did not have the motivation to do it.
Then a few months ago I gave another shot at Yunohost and saw it as a solution to all my problems:
-
One simple way to install all the apps
-
One simple way to backup all the apps
-
A central user directory
-
A simple way to manage the updates
All that was left to do was choose where to host it and how to proceed.
The where, was quite simple: I already had two dedicated OVH servers.
As for the how, I first thought about lxc (well, lxd in fact) but I quickly understood that it was not going to work, at least not without some tweaking. Ynh does some of its magic by mounting and unmounting filesystems, that does not fit well with containers.
So I chose virtualization, that’s what I had done on one of my dedicated servers. It brings flexibility, being able to make a whole system snapshot before heavy maintenance operations is quite nice.
This time I would choose KVM over Esxi since I had grown quite accustomed to it over the years.
I chose to use two virtual machines, one for a test instance and one for my production. Each one available on a dedicated IP, thanks to OVH IP failover. I explain how to do it in another article of this blog.
The applications
Amongst the applications listed in the Ynh catalog, some were obviously going to end up on my instance since I had already installed them before going to Ynh:
-
Nextcloud for file sharing between all my devices
-
Piwigo to share photographs with my family and friends
-
Blogogtext which I first used as a blog but now I only use it for the links section, the blog engine being replaced by Hugo on this website.
-
Firefox sync to keep my firefox profiles close to me
-
Gitlab for … well, everything I do: development, ansible playbooks, scripts, dotfiles, …
-
Emails. That’s not really an application from the catalog, it’s installed by default. However I installed Sogo for its caldav and carddav features as well as its nice web interface. By the way the Ynh emails documentation is perfect, I followed it and received a perfect score on the mail testing site
-
Freshrss to handle all my favourite feeds
-
Several sharing tools: lutim, lufi, zerobin
-
Unattended-upgrades: for automatic system upgrade with an e-mail summary of the changes
-
Mumble for audio chat as a replacement of teamspeak
Some applications I installed for the first time:
-
Mastodon as a twitter replacement, which I never used, I did not want to get trapped. Now I could toot and stay free!
-
Wallabag as a pocket replacement that I never used in Firefox
-
Etherpad for note taking and collaborative edition. Note that the Mypads plugin can be installed as well and brings some very interesting features to Etherpad: access control and pads listing
Some applications I did not keep for a variety of reasons:
-
Matomo: seemed overcomplicated, and I decided I finaly did not need it
-
PeerTube: I wanted to use it to share personal videoclips to my friends and family, so I wanted to deploy it as a private app (requiring a Ynh account to be accessed), but a bug makes it only usable in public mode. I’ll try again later
-
Borg: I did not manage to make it work for my remote backups. In the end I created a restic package that better suits my needs. Restic does not offer compression as Borg does but that’s not what I am looking for. I just want a simple tool for my remote backups.
-
Synapse: overcomplicated, I rather use xmpp which comes installed by default and which I already know.
-
Calibre-web: I had some bugs when adding new users on my instance. I will probably try again in the future, I like the idea of sharing a digital library
-
Jitsi Meet: tried it, did not work, connection loss, sound problems, … maybe I did something wrong but I did not want to look into it. I will probably try again since I would like an alternative to skype to contact my family overseas. In the meantime I will use any other working instance
-
Minetest: it felt like this would bring to much load on my server. I will host it elsewhere.
-
Owntracks: to share GPS locations. The packaged version is missing the feature I wanted the most: friends management. Furthermore (or rather less), the android app uses google maps.
-
Pilea: To visualize and analyze my electricity consumption through my Linky. It does not seem to work, no data comes up
-
z-push for the mail, contacts and calendar active-sync synchronization. It seemed like a good idea at first then I decided caldav and carddav where good enough.
-
collabora-online: for libreoffice files edition in the browser. For now a bug prevents it from working on Nextcloud.
Regarding the data, I handled the migrations on a case-by-case basis. For some applications I did not care about the data, for others I chose the simplest solution.
I proceeded manually since I did not have lots of accounts and data to migrate. I also took the opportunity to clean up, going from about a hundred gitlab projects to less than fifty or about 300 links in blogotext to less than fifty.
It took some time but I think developing scripts for each tools would have taken a lot more time.
Issues
I had some issues with Yunohost, but nothing severe.
I encountered a connection error in thunderbird which I first ignored but it came up more and more frequently. It turns out it was an option in dovecot limiting the number of connections by IP/user couple. Since I often use multiple clients from the same IP, I was bound to reach the limit.
To fix that, I changed mail_max_userip_connections = 10
to mail_max_userip_connections = 50
in /etc/dovecot/dovecot.conf
I had tried to make the change in /etc/dovecot/conf.d/20-imap.conf
and /etc/dovecot/conf.d/20-managesieve.conf
but it never worked, this can be checked by running dovecot -a | grep 'mail_max_userip_connections
.
When I looked into dovecot.conf
I realized the /etc/dovecot/conf.d
directory was never sourced so I don’t think it was ever going to work.
I also had some trouble with Gitlab after a server restart.
It was caused by the gitlab-runsvdir service not starting.
When I tried to launch it manually it hung.
I had to kill the process and restart the service: killall runsvdir; systemctl start gitlab-runsvdir.service
An other issue is that the packaged version of Nextcloud is behind the upstream version because of the PHP version available in Debian Stretch. I don’t need more for now but I will be relieved when this issue is solved.
Generally speaking, this is a limitation of Yunohost. Since applications are repackaged, a new component comes into play when comes the time to debug an issue. But I think it has more pros than cons.
What next?
I am fully satisfied with Yunohost, I think its a great project with a nice community. I intend to contribute, there are lots of ways to do so:
-
Help testing the installation and upgrade to Debian Buster
-
Help package other apps or improve some apps integration. I would really like to know more about Single Sign On.
-
Help translate the documentation or the apps
-
Help fix bugs that prevented me from using some apps
-
Help on the forum
In short, only interesting stuff. I won’t be bored anytime soon!