Discuss
Hello, all.
I am new to YunoHost and have been having a great experience so far.
I appreciate everything that YunoHost represents in terms of decentralization and control of personal data.
On the topic of personal data, I am trying to understand two things that I have been unable to find on the forum after searching:
1.) In the case of hosting on a VPS with Debian 12 (bookworm) as the host OS, I am wondering how YunoHost handles data persistency. In other words, as an example, if I install the SearXNG app and conduct searches on the corresponding webpage that becomes available after installation, does YunoHost log all of the queries to any of the log files? I do understand I can make tweaks to an app like SearXNG at the app level within the YAML file, but I want to know if YunoHost logs anything else in the background. I prefer to keep zero logs and leave trails of my usage clean, especially since I am hosting on a remote server that I do not own.
2.) Does YunoHost implement any encryption at-rest for certain apps, such as anything related to Contact or Calendar storage using WebDAV or CalDAV protocols? Similar to point #1 above, if I choose to sync sensitive contacts to my VPS to be hosted by YunoHost and pushed to my devices, I prefer that the access of sensitive information contained within my contacts be obscured or obfuscated in the event I lose control of the VPS. At-rest encryption solves this problem for me.
Is the best way for me to handle keeping logging/data private by installing a LUKS-encrypted instance of Debian on my VPS? Or, is it best for the functionality of YunoHost that I instead encrypt directories? Best to not encrypt at all?
I am not concerned about information in-transit, as Let’s Encrypt/HTTPS solves this, but more so information at rest.
Any help or guidance around this would be helpful as I do not wish to break the functionality of a well-working server configuration. However, I understand that sometimes there are tradeoffs.
Thank you.