Sandstorm.io – Personal Cloud Platform

raucao · August 17, 2014, 10:23am

Sandstorm is similar to Cozy in many regards. Would be great to have remoteStorage integrated either directly in core or as an installable server app:

I just played around with the demo and it already works quite nice. Also, should be easy to port a server app for now.

michielbdejong · August 17, 2014, 7:08pm

I would say sandstorm, arkos, yunohost, and turnkeylinux are lower-level because they are programming language agnostic, whereas Cozy (nodejs) and ownCloud (php) are not. It might make sense to try to create a debian package around e.g. reStore, and then use that to create minimal wrapper packages for sandstorm, docker, arkos, etc.

raucao · August 17, 2014, 7:23pm

Yes, but that would obviously require reStore to gain app/token and user management UI.

frankrousseau · August 22, 2014, 8:00am

Yunohost handles the auth for your app. And probably ArkOS too.

michielbdejong · August 22, 2014, 10:10am

In ArkOS, centralized user management is a long-term goal, for which they are considering LDAP as a possible route https://lists.citizenweb.is/pipermail/arkos/2014-March/000067.html

In Yunohost, there is indeed LDAP-based SSO, combined with hooks like post-user-create (see https://yunohost.org/#/packaging_apps). I didn’t know that, that’s actually supercool!

Reading this post about draw.io on sandstorm gives a good idea of how things work on sandstorm - it’s kind of novel and different. in fact, i think given they run apps inside ad-hoc containers, based on wildcard DNS (the container listens on https://youruser-longunguessablehash.example.com/) using a sandstorm instance as your remoteStorage server would actually break their security model a bit.

raucao · August 22, 2014, 10:48am

How so? If you can host a public WordPress instance with your own domain easily, you can do the same with a remoteStorage server. No?

michielbdejong · August 22, 2014, 12:47pm

good question - i tried it and the answer turns out to be that wordpress admin panel also runs inside a grain, to which you get temporary access, but then there is also a public interface, e.g. I just used https://alpha-rbt6gbxb2wdqwm2infg7.sandstorm.io/ to publish https://alpha.sandstorm.io/grain/Av3HccWRndkmSqMdtK73nM

so we could run the OAuth dialog in a grain, and then the remoteStorage API should be public in the way of the wordpress public page.

michielbdejong · August 22, 2014, 12:59pm

so it looks like Av3HccWRndkmSqMdtK73nM is my permanent identifier, and if I visit that page again without being logged into sandstorm, it iframes a new grain https://alpha-rbt6gbxb2wdqwm2infg7.sandstorm.io/ (which is problably only temporary and will disappear after being idle too long). On there, https://alpha-rbt6gbxb2wdqwm2infg7.sandstorm.io/wp-admin/ is blocked. I didn’t find anything about this in https://github.com/sandstorm-io/sandstorm/wiki/Porting-Guide though. Will post here if I find out more about the topic.

michielbdejong · August 22, 2014, 1:10pm

Ah, found it design proposal from Kenton from last week: how to publish a http api (with cors, even!) from a sandstorm app - so it probably makes sense to wait for that to be implemented.

raucao · August 22, 2014, 1:21pm

Sounds good!