Archive of

Trilium Notes

Written by Simone

A screenshot of the web app

I'm super impressed by Trilium Notes, a wonderful note-taking app and self-hostable service.

Used docker to host it and web to manage my notes. It saves instantly, no button to press, has a lot of useful functions, it's scriptable, does backups automatically and it offers extensions for chrome and firefox.

Two issue though:

  • chrome extension will become unsupported later on in 2024, because it uses manifest v2
  • developers just posted a couple days ago about putting the project into maintenance mode :(

Although this is kinda sad, I have used the app for the past 2 days and it works very well, so much that I finally ditched MS One Note (yes I use Windows on my Desktop - shame! shame! shame!)

XMPP Network Graph

Written by Simone

Setting up IPv6 in Windows

Written by Simone

Found this post quite useful to set up Hurricane Electric's IPv6 on a Windows machine and serve the connection over LAN (Windows machine must stay on, obviously)

Legend of variables:
$ipv4a   = tunnel server's IPv4 IP
$ipv4b   = user's IPv4 IP
$ipv6a   = tunnel server's side of point-to-point /64 allocation
$ipv6b   = user's side of point-to-point /64 allocation
$ipv6c   = first address of user's routed /64 allocation
$ipv6d   = user's routed /64 allocation
$adapter = name of local area network connection (where your IPv4 address is configured now)

netsh int teredo set state disabled
netsh int ipv6 add v6v4tunnel IP6Tunnel $ipv4b $ipv4a
netsh int ipv6 add address IP6Tunnel $ipv6b

netsh int ipv6 set interface IP6Tunnel forwarding=enabled
netsh int ipv6 set interface "$adapter" forwarding=enabled advertise=enabled
netsh int ipv6 add address "$adapter" $ipv6c
netsh int ipv6 set route $ipv6d "$adapter" publish=yes
netsh int ipv6 add route ::/0 IP6Tunnel $ipv6c publish=yes

Thunderbird Autoconfiguration

Written by Simone

Set up Thunderbird autoconfiguration for my lil mail server. Working good.

nginx config:

server {
        listen [::]:443 ssl http2;

        ssl_certificate /etc/letsencrypt/live/;
        ssl_certificate_key /etc/letsencrypt/live/;

        root /var/www/mail/;
        location / {
                try_files /.well-known/autoconfig/mail/config-v1.1.xml =404;

    access_log /var/log/nginx/autoconfig.log;
    error_log /var/log/nginx/autoconfig_error.log;


<?xml version="1.0"?>
<clientConfig version="1.1">
    <emailProvider id="">

      <displayName>Woodpeckers Mail</displayName>

      <!-- type=
           "imap": IMAP
           "pop3": POP3

      <incomingServer type="imap">
           <!-- "plain": no encryption
                "SSL": SSL 3 or TLS 1 on SSL-specific port
                "STARTTLS": on normal plain port and mandatory upgrade to TLS via STARTTLS
            <!-- Authentication methods:
                          Send password in the clear
                          (dangerous, if SSL isn't used either).
                          AUTH PLAIN, LOGIN or protocol-native login.
                           A secure encrypted password mechanism.
                           Can be CRAM-MD5 or DIGEST-MD5. Not NTLM.
                           Use NTLM (or NTLMv2 or successors),
                           the Windows login mechanism.
                           Use Kerberos / GSSAPI,
                           a single-signon mechanism used for big sites.
                           The server recognizes this user based on the IP address.
                           No authentication needed, the server will require no username nor password.
                           On the SSL/TLS layer, the server requests a client certificate and the client sends one (possibly after letting the user select/confirm one), if available. (Not yet supported by Thunderbird)
                           OAuth2. Works only on specific hardcoded servers, please see below. Should be added only as second alternative.
                           No authentication

      <outgoingServer type="smtp">
         <socketType>STARTTLS</socketType> <!-- see <incomingServer> -->
         <username>%EMAILLOCALPART%</username> <!-- if smtp-auth -->
            <!-- smtp-auth (RFC 2554, 4954) or other auth mechanism.
                 For values, see incoming.
                 Additional options here:
                     authenticate to incoming mail server first
                     before contacting the smtp server.
                  Compatibility note: Thunderbird 3.0 accepts only "plain",
                  "secure", "none", and "smtp-after-pop".
                  It will ignore the whole XML file, if other values are given.
            <!-- If the server makes some additional requirements beyond
                 "client-IP-address": The server is only reachable or works,
                     if the user is in a certain IP network, e.g.
                     the dialed into the ISP's network (DSL, cable, modem) or
                     connected to a company network.
                     Note: <authentication>client-IP-address</>
                     means that you may use the server without any auth.
                     <authentication>password-cleartext</> *and*
                     <restriction>client-IP-address</> means that you need to
                     be in the correct IP network *and* (should) authenticate.
                     Servers which do that are highly discouraged and
                     should be avoided, see {{bug|556267}}.
                Not yet implemented. Spec (element name?) up to change.
         <!-- remove the following and leave to client/user? -->


    <!-- This allows to access the webmail service of the provider.
         The URLs are loaded into a standard webbrowser for the user.
         Specifying this is optional. -->
      <!-- Webpage where the user has to log in manually by entering username
           and password himself.
           HTTPS required. -->
      <loginPage url="" />

      <!-- Same as loginAutomaticDOM, but the website makes checks that
           the user comes from the login page. So, open the login page
           in the browser, get the page's DOM, fill out name and password
           fields for the user, and trigger the login button.
           The login button might not be an HTML button, just a div, so
           to trigger it, send a click event to it.
           HTTPS is required for the URL. -->
      <loginPageInfo url="">
        <!-- What to fill into the usernameField.
             Format is the same as for <username> within <incomingServer>,
             including placeholders. See below for valid placeholders. -->

    <clientConfigUpdate url="" />


Slixfeed RSS XMPP BoT

Written by Simone

Interesting project, features' rich and almost complete. Thanks goes to its main developer Schimon AKA "sch".

Here is the support room

prosodyctl commands and examples

Written by Simone

prosodyctl shell

Launch the shell:

# prosodyctl shell

Delete pubsub node (the ">" sign at the beginning is important):

>prosody.hosts["pubsub.example.tld"].modules.pubsub.service:delete("blog", true)

Delete ALL pubsub nodes

>local service = prosody.hosts["pubsub.example.tld"].modules.pubsub.service; for node in pairs(select(2, assert(service:get_nodes(true)))) do service:delete(node, true); end

Check subscription by user:


Change affiliation on pubsub nodes (make user owner):


Unsubscribe from node


Subscribe to node


prosodyctl commands

Asking for help:

# prosodyctl shell help

List registered users:

# prosodyctl shell user list example.tld

Activate a component:

# prosodyctl shell host activate some.component.example.tld

Generate Invites: create a new invite using an ad-hoc command in an XMPP client connected to your admin account, or use the command line:

# prosodyctl mod_invites generate example.tld

Reset forgot passsword: "doesn't seem to work - see below"

# prosodyctl mod_invites generate example.tld --reset <USERNAME>

Automatic Certificates Import: prosodyctl has the ability to import and activate certificates in one command:

# prosodyctl --root cert import HOSTNAME /path/to/certificates

Certificates and their keys are copied to /etc/prosody/certs (can be changed with the certificates option) and then it signals Prosody to reload itself. –root lets prosodyctl write to paths that may not be writable by the prosody user, as is common with /etc/prosody. Multiple hostnames and paths can be given, as long as the hostnames are given before the paths.

This command can be put in cron or passed as a callback to automated certificate renewal programs such as certbot or other Let's Encrypt clients.

Import All:

# prosodyctl --root cert import /etc/letsencrypt/live

Reset forgot password

# prosodyctl install --server= mod_password_reset

Reload prosody configuration then use ad-hoc commands to generate a reset link for given JID

IPv6 Certification by Hurricane Electric

Written by Simone

Not really that hard of a certification, but still.. Here we are 😀