Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
acme-dns
Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
There aren't so many ways to run Ansible. Every Linux distro packages their own version, so by creating a virtualenv and installing a specific set of versions ( https://github.com/alexpdp7/frtcuop/blob/main/requirements.txt ), it's easier to ensure that it works for everyone. I could use distro packages, but that would require me to a) require some specific distros or b) spend a lot of effort making the playbooks compatible with multiple Ansible versions, neither of which is really attractive. Or I could use Docker/Podman- but I don't think it really adds a ton.
2) Mostly fixed (not upstream): It has a bunch of default settings and behaviours that are problematic for new users. We've been changing defaults and removing settings that make little sense for our use case.
3) Mostly fixed: Push notifications are unreliable on most servers. Tigase (the organization behind Siskin) developed some custom extensions for their push notification service to help improve things on iOS, which is very strict on applications not remaining connected/running while not in the foreground. Unfortunately these extensions are not supported by most servers, and the fallback mechanisms are not 100% reliable in my experience. We've been implementing these extensions for Prosody (they are bundled with Snikket) and discussing how to get the extensions standardized. In summary push notifications with Siskin are now reliable with Snikket or another Prosody server running the new modules. With the small exception of group chat notifications... which is next on my list.
Yeah, I'm planning to add support for DNS challenges. But rather than depending on the user using a supported DNS provider, instead I'm planning to bundle acme-dns. That should be a much simpler setup... the only downside is that it only works if nothing else is also using DNS challenges for that domain. But I think that's a safe bet for most deployments.