<bashterm>
i'm having difficulties getting beyond setup phase with my install
<bashterm>
I'm self hosting on a vm in my house
Jan\ has joined #sandstorm
ShalokShalom_ has joined #sandstorm
ShalokShalom has quit [Ping timeout: 240 seconds]
harish has joined #sandstorm
Guest84422 has quit [Changing host]
Guest84422 has joined #sandstorm
Guest84422 is now known as JonTheNiceGuy
ShalokShalom_ has quit [Remote host closed the connection]
ShalokShalom has joined #sandstorm
ShalokShalom has quit [Remote host closed the connection]
ShalokShalom has joined #sandstorm
ShalokShalom has quit [Read error: Connection reset by peer]
ShalokShalom has joined #sandstorm
ShalokShalom has quit [Read error: Connection reset by peer]
ShalokShalom has joined #sandstorm
ShalokShalom has quit [Remote host closed the connection]
ShalokShalom has joined #sandstorm
ShalokShalom has quit [Remote host closed the connection]
ShalokShalom has joined #sandstorm
afuentes has joined #sandstorm
jemc has joined #sandstorm
ShalokShalom has quit [Remote host closed the connection]
ShalokShalom has joined #sandstorm
xet7 has quit [Quit: Leaving]
ecloud has quit [Ping timeout: 260 seconds]
ecloud has joined #sandstorm
bashterm has quit [Ping timeout: 260 seconds]
sandirid has joined #sandstorm
<sandirid>
I want to use SS it as a collaboration platform between our company and clients. However user management is a problem as my clients do not have domains that match the organization. Thus without allowing guest access getting them into their respective grains is too open. Is there a way to require users to login but the users not be part of the organ
<sandirid>
ization?
<guest3456>
man wekan on sandstorm is so bad on mobile
<guest3456>
cant even scroll right/left
<guest3456>
oh i guess its the same even not on sandstorm
<guest3456>
yikes
<sandirid>
your at the mercy of the projects developers
<dwrensha>
sandirid: does it work if you explicitly invite your clients to the Sandstorm server?
<dwrensha>
you can invite users by going to /admin/users/invite and generating an account creation link
<dwrensha>
... but I'm not sure whether that works when the "organization disallow guests" option is enabled
<sandirid>
no, if guest access is turned off and the user is not part of your organization it will not let you login
<sandirid>
even with invite link
<dwrensha>
darn, then I don't think there is good way to do what you want right now
<sandirid>
that's what I'm thinking. If it could only do that one thing it would work great for the way I want to use it.
<sandirid>
Im looking at other options like Cozy and Coudron, but they are not as package integrated as Sand is so they are probably out too. : (
<dwrensha>
could you explain more about why you need to disable guest access?
<dwrensha>
note that guests can't really do anything unless someone shares something to them
<sandirid>
The share links that I send to a client may need to be active/available for quite some time. If were to inadvertently shared then I have no way of managing access
<dwrensha>
you can see everyone who has access to a grain in the "who has access" view under the "share access" button
<sandirid>
Also It would be nice to revoke access at user level.
<dwrensha>
the "who has access" view also has some basic ways to revoke access
<dwrensha>
but it needs some work
<dwrensha>
correction: you can see everyone who has access *downstream* of you in the sharing graph
<sandirid>
but if guest access needs to be enabled for non organization users to get access to a grain then someone could view a grain anonymously thus negates the whole reason Im looking to add some security to it.
<dwrensha>
yeah, I could imagine having "disallow anonymous access" as a grain-level sharing policy option
<sandirid>
Man even a simple mechanism where I could enable guest access but just add a grain level password would at least be workable for now. Just to keep people out that don't have the pw.
<dwrensha>
hm. maybe our current "disallow guests" option could be decomposed...
<dwrensha>
one part of it is "disallow anonymous shares"
<dwrensha>
the other is "you must be part of the org or explicitly invited in order to have an account"
<dwrensha>
hm... would that help?
<dwrensha>
I think I'm missing something in what the current option means
<dwrensha>
oh, right it currently means "only the org members can create accounts"
<dwrensha>
so maybe we could add a way to relax that requirement to "you can also login if you are invited by an admin"
<sandirid>
yep, if you are not in the org. and guest access is not enabled then there is no way for others outside of the org to gain access to a grain
<sandirid>
If I had my way, It would be great to be able to send a user a share link, then no matter who they are (regardless of organization) they could signin. Then that grain is assigned to them. If they are sent another share link then that grain is assigend to their account. Under users you would see that user and all the associated grains (revoke/suspen
<sandirid>
d, possibly add grain to another user)
<sandirid>
Users signing in via a share link would have a different role
<sandirid>
yes, that workflow has a similar concept.
<sandirid>
are you a SS dev?
<TimMc>
("define 'is'")
<sandirid>
I like the idea of a share link that the first time it is used it allows for a user to sign up/register, then subsequent uses only links to the grain (requiring login)
<dwrensha>
I was a Sandstorm employee until we ran out of money six weeks ago. :(
<sandirid>
oh crap. so is SS a dead project?
<dwrensha>
kentonv has said that he will continue to work on Sandstorm in his free time
<sandirid>
that stinks. I tinkered with SS many months ago, it was rough but I saw potential. Revisited it just yesterday to see many of the issues were smoothed out. If this user issue was fixed up I would probably be using it. The package integration is what makes it standout
NapoleonWils0n has joined #sandstorm
<NapoleonWils0n>
hi all
<NapoleonWils0n>
just installed sandstorm on digital ocean
<NapoleonWils0n>
to set up email should i install postfix and set the domain to my sandcats subdomain
<NapoleonWils0n>
also does the install script set up any iptables rules, or do i need to do that manually
<sandirid>
Opening up the flexibility of user management would make this platform more appealing. The package integration is very good, just access control/flexibility to the grains needs improvement.
<sandirid>
NapoleonWilsOn - I installed SS on a local VM, all I needed to do manually was install Postfix and the rest worked out of the box.
<NapoleonWils0n>
cheers sandirid
<NapoleonWils0n>
instructions on the email page are a little confusing
<NapoleonWils0n>
wasnt sure if you had to use an external stmp relay or just install postfix
<sandirid>
would be nice if the install could check for a local smtp server and drop it in (or ask).
<NapoleonWils0n>
or change the docs to say install postfix or use an external smtp relay
<sandirid>
; )
mnutt_ has joined #sandstorm
<NapoleonWils0n>
ill install postfix and see how i get on cheer mate
<sandirid>
Im not familiar with the SS framework but that looks like it could be a key part of what I we are chatting about.
Telesight has joined #sandstorm
mnutt_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
mnutt_ has joined #sandstorm
FredFredFred_ has joined #sandstorm
FredFredFred has quit [Ping timeout: 252 seconds]
NapoleonWils0n has joined #sandstorm
<NapoleonWils0n>
hi all
<NapoleonWils0n>
i need to install postfix to send outgoing mail and use my sandcats subdomain for postfix
<NapoleonWils0n>
does that sound right
<kentonv>
NapoleonWils0n, that's one option. Another is to use a mail delivery service like Sendgrid or Mailgun. Although at present that may not be possible with sandcats due to there being no way to set SPF records (a known problem we want to fix...)
<NapoleonWils0n>
postfix should be able to send outgoing mail
<kentonv>
yes -- if you're on a network that doesn't block outgoing SMTP and isn't on any blacklists
<NapoleonWils0n>
inbound mail to grains looks a bit of a pain
<NapoleonWils0n>
also cant seem to find anything about iptables
<NapoleonWils0n>
do you know if sandstorm adds any iptable rules, and what ports need to be open
<kentonv>
hmm, inbound is usually easier in my experience
<NapoleonWils0n>
im using free subdomain on my server
<kentonv>
sandstorm does not touch iptables. By default it tries to use ports 80, 443, and 25, but if those are already in-use by other services it will use other ports.
<NapoleonWils0n>
so thought that might be an issue
<kentonv>
/opt/sandstorm/sandstorm.conf should tell you what ports it chose
n8a has quit [Ping timeout: 268 seconds]
<NapoleonWils0n>
cheers mate, only installed yesterday on digital ocean
<NapoleonWils0n>
ill give the server some iptables love then
<NapoleonWils0n>
safari throws an error on the admin panel about websocket, but chrome is fine
<NapoleonWils0n>
kentonv can i ask how you set up inbound email
<kentonv>
NapoleonWils0n, regarding safari, have you installed all updates? WebSockets in safari were broken for a while due to Apple bugs.
<NapoleonWils0n>
email section of the docs isnt that cleat
<NapoleonWils0n>
it was my dad using safari, told him to use chrome so not an issue just thought i mention it
<NapoleonWils0n>
i saw apple broke websocket, thats so unlike apple to break open source projects with updates, not
<NapoleonWils0n>
thats why i switched from mac to linux acouple of years ago
<kentonv>
I think the websocket bug was fixed in a recent OSX update, though.
<kentonv>
but not sure
<kentonv>
NapoleonWils0n, regarding inbound, first note that inbound e-mail is not very useful right now. Honestly it may not be worth the effort to set up. The only app that uses it is Roundcube but it's pretty janky -- I would not recommend trying to use it, honestly.
<kentonv>
(janky because of Sandstorm not being very good at e-mail, not because of Roundcube)
<NapoleonWils0n>
kentonv great good excuse to not have to set it up
<NapoleonWils0n>
one less thing to do
<NapoleonWils0n>
just need to set up postfix and iptables, im writing notes as i go and will post them on github
NapoleonWils0n has quit [Quit: WeeChat 1.7]
n8a has joined #sandstorm
mnutt_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
mnutt_ has joined #sandstorm
FredFredFred has joined #sandstorm
FredFredFred_ has quit [Ping timeout: 264 seconds]