2Fauth app loses its configuration after every restart of NS8

transocean · September 15, 2025, 10:58am

NethServer Version: 8
Module: 2-FAuth

Hello friends from Team Genius,

I am currently testing your 2-Fauth app and have noticed that the registered users disappear completely after every restart of my NS8 instance. The same applies to the users registered authentication devices. Is this a ‘special security feature’ of the app, or am I doing something wrong?

Regards…

Uwe

LayLow · September 15, 2025, 11:25am

Maybe debug helps to understand the root cause?

transocean · September 15, 2025, 11:40am

I don’t see anything there that could provide me with an explanation.

LayLow · September 15, 2025, 11:41am

I was thinking that the data is not saved to a persistant volume, but to a wrong volume.

transocean · September 15, 2025, 11:44am

echo $PATH
/home/2fauth1/.config/bin:/var/lib/nethserver/node/bin:/usr/local/agent/pyenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/usr/local/agent/bin

LayLow · September 15, 2025, 11:56am

cc @oneitonitram

mrmarkuz · September 15, 2025, 12:55pm

@LayLow is right, the volumes are wrong so the sqlite database isn’t saved.

@transocean you could edit the service file…

runagent -m 2fauth1 systemctl --user edit --full 2fauth-app

… and adapt the ExecStart line to just use the volume 2fauth-app:/2fauth:Z:

ExecStart=/usr/bin/podman run --conmon-pidfile %t/2fauth-app.pid \
    --cidfile %t/2fauth-app.ctr-id --cgroups=no-conmon \
    --pod-id-file %t/2fauth.pod-id --replace -d --name  2fauth-app \
    --volume 2fauth-app:/2fauth:Z \
    --env-file=%S/state/key.env \
    --env-file=%S/state/app.env \
    ${I2FAUTH_IMAGE}

Restart the service to apply the changes which means the data is lost once more:

runagent -m 2fauth1 systemctl --user restart 2fauth

From now on the data should be persistent.

transocean · September 15, 2025, 1:00pm

Thanks Markus. I will test it.

transocean · September 15, 2025, 2:45pm

Thanks @LayLow and @mrmarkuz

Now it works.

transocean · September 15, 2025, 3:56pm

Does the configuration of the app’s mail function work in the same way as password-pusher?

oneitonitram · September 15, 2025, 4:19pm

pushing an update shortly, with the changes..

mrmarkuz · September 15, 2025, 4:52pm

It’s a similar way to setup mail, see https://hub.docker.com/r/2fauth/2fauth#mail-settings

transocean · September 15, 2025, 7:21pm

I dont find the way to the .env for editing

mrmarkuz · September 15, 2025, 7:33pm

In this case you could use the app.env file.

runagent -m 2fauth1 nano app.env

To check for available env files:

runagent -m 2fauth1 ls -l | grep env

Following settings worked in 2fauth to get no error but it wasn’t sent by the mail instance due to missing authentication.
I didn’t find a way to disable authentication and I’m afraid it’s not possible in the docker version of 2fauth.

MAIL_FROM_ADDRESS=user@domain.tld
MAIL_FROM_NAME=2FAuth
MAIL_ENCRYPTION=
MAIL_HOST=10.5.4.1
MAIL_MAILER=log
MAIL_PASSWORD=
MAIL_PORT=25
MAIL_USERNAME=

Sources:

transocean · September 15, 2025, 7:35pm

LayLow · October 10, 2025, 6:52am

@oneitonitram just for the record, was this fixed please?

oneitonitram · October 10, 2025, 7:53am

As of version 1.0.1 released 5 days ago, yes the issue was fixed, are youu experiencing any challenges still?

LayLow · October 10, 2025, 8:05am

Nope, just some housekeeping on the wiki, thanks!