From f88923090503ad64a4cb0237c710a6b2504f9b17 Mon Sep 17 00:00:00 2001 From: inexcode Date: Wed, 2 Feb 2022 23:39:03 +0300 Subject: [PATCH] Add a summary of problems --- src/SUMMARY.md | 3 +++ src/problems.md | 70 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 src/problems.md diff --git a/src/SUMMARY.md b/src/SUMMARY.md index c779f12..5f5c2c2 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -6,3 +6,6 @@ - [Migrations](rest-api/migrations.md) - [Testing, linting](rest-api/testing.md) - [Vulnerabilities](rest-api/vulnerabilities.md) + +# Other +- [ ] [Known problems](problems.md) \ No newline at end of file diff --git a/src/problems.md b/src/problems.md new file mode 100644 index 0000000..6fdd316 --- /dev/null +++ b/src/problems.md @@ -0,0 +1,70 @@ +# Reproted problems +## No check for invalid DNSSEC setup +If DNSSEC is set up incorrectly, app won't tell user why server can't be set up. + +## NixOS fails to upgrade +We have to deploy our own channel with verified builds. + +## Master user password +Can't use anything but [a-zA-Z0-9]. Problem is in the way we pass variables to nixos-infect script from the app side. String escaping is needed, but it turned out to be not trivial. Use base64 in transit instead? Would have to keep compatability with the old app versions. + +## Email can only use [a-z] +Some users wanted emails in format name.surname@domain.tld, but couldn't. As we create unix users, we have to use `r"^[a-z_][a-z0-9_]+$"`. User documentation needs explanations on this? + +## Ability to change user passwords +Has to be implemented on both server and app side. + +## Server restoration from backup +There are several problems +### We don't backup current userdata from nixos-config +So settings and users are not restored. +### App don't check for the current users list +But we already have an endpoint for that. +### Services are not stopped during restoration +Leads to files corruption? +### User is not notified that they may have to add a credit card to b2 +Free limits are pretty small and restoration may easily spend them all, and after that, everything is broken. + +## Jitsi +Not working. when fix? + +## DKIM +Is not deployed to Cloudflare. Inex working on it right now. + +## Problems with international domains +I can't determine the scope of the problems it causes, without having one. But it surely creates a lot of problems on many stages, starting at server creation. +Should we buy an international domain? + +## RSA keys generated in app not working +No idea why. + +## VPN +Still looking for another protocol. + +## Volumes are not used properly +We need a controller which will detect them, format them, expand them and also move apps between them. Probably app should use Hetzner API to expand volume automatically. + +## Disk storage is not monitored +Which leads to big problems for the server. API has to control available space, and how each app uses it. App should alert user and give options on storage management. + +## Server control is lost when losing app's storage +Solution implemented on API side as recovery tokens in [[changelog#authorization_tokens branch|1.2.0]]. We need to implement this on app side. + +## HTTP headers on nextcloud are not optimal +X-Content-Type-Options is not set to "nosniff" and X-Frame-Options not set to "SAMEORIGIN". + +## Need more info and logs on... everything? +Especially on server creation. If we could display real-time logs of server setup, it would be perfect. + +## Free TLDs don't work +Reported as [#84](https://git.selfprivacy.org/kherel/selfprivacy.org.app/issues/84). + +## Servers are only deployed in Germany +Probably we should allow choosing the datacenter for the server. Also, in the future, provide more service providers. + +## ACME sometimes fails +We should at least start by exposing logs. + +## Some users want an in-depth video +I think we should make it after we handle major features of our upcoming release. +