2026-04-05T12:47:43  <matrix-o-o> <Emma [it/its]> crameleon (acidsys) youve assigned me a ticket i cannot handle lol
2026-04-05T12:48:30  <matrix-o-o> <Emma [it/its]> oh wait, i read a bit closer... the linked issue has _nothing_ to do with the ticket
2026-04-05T12:56:49  <matrix-o-o> <Emma [it/its]> tl;dr issue is about fed invites still being blocked rather than any (long closed) synapse issue, will need some help to resolve as i dont know how to make packages that inherit other packages or whatever needs to happen
2026-04-05T14:17:26  <acidsys> Emma: I don't really understand the issue, originally I too thought it was related to what you referred to, but then it sounded like we already removed that again while the configuration still has /_matrix/federation/v2/invite as blocked
2026-04-05T14:20:24  <matrix-o-o> <SFaulken> yeah, the issue is the block of federated invites that we put in place during that big CSAM wave a year or so ago.
2026-04-05T14:21:54  <matrix-o-o> <Emma [it/its]> yeah, and the proper fix for that would be somehow getting more python modules in the PYTHON_PATH of synapse
2026-04-05T14:22:14  <matrix-o-o> <Emma [it/its]> particularly: https://github.com/maunium/synapse-http-antispam
2026-04-05T14:22:26  <matrix-o-o> <SFaulken> I'd submit a fix if I had any clue at all how to fix it.
2026-04-05T14:23:08  <matrix-o-o> <Emma [it/its]> the "proper" fix would be adding the synapse-http-antispam module and configuring it through synape's config to ask draupnir if a given invite is permitted
2026-04-05T14:24:01  <matrix-o-o> <Emma [it/its]> opensuse has a external ban appeal flow anyhow so that wouldn't be that big a problem to not be able to DM matrix admins
2026-04-05T14:28:40  <acidsys> I can package it for you
2026-04-05T14:30:18  <acidsys> upstream placing it directly under site-packages is rather unconventional but whatever
2026-04-05T14:30:45  <matrix-o-o> <Emma [it/its]> no it's pretty conventional
2026-04-05T14:31:00  <matrix-o-o> <Emma [it/its]> it's written with docker synapse images in mind, where synapse itself lives under site-packages anyways to the best of my knowledge
2026-04-05T14:31:11  <matrix-o-o> <Emma [it/its]> (or those installing synapse itself from pypi directly)
2026-04-05T14:31:20  <matrix-o-o> <Emma [it/its]> * directly without a venv)
2026-04-05T14:31:55  <acidsys> it's more common to have a module directory and place python files underneath instead of cluttering site-packages with .py
2026-04-05T14:32:22  <acidsys> but no difference
2026-04-05T14:32:26  <matrix-o-o> <Emma [it/its]> it just has to be wherever synapse's packages directory is (also see the reference to debian packages telling you _not_ to install globally)
2026-04-05T14:32:43  <matrix-o-o> <Emma [it/its]> as for module directories: im not sure that's hyper relevant with single-file packages?
2026-04-05T14:33:22  <acidsys> synapse is installed globally
2026-04-05T14:33:29  <acidsys> it's fine, don't worry about it, I was just pointing something out
2026-04-05T14:33:40  <matrix-o-o> <Emma [it/its]> ah, i see - i wasnt sure about opensuse synapse packaging
2026-04-05T14:34:18  <acidsys> I'm a bit confused, looks like I already did this 11 months ago? https://build.opensuse.org/package/show/openSUSE:infrastructure:matrix/synapse-http-antispam
2026-04-05T14:34:20  <matrix-o-o> <Emma [it/its]> its a 200 line python file that simply exposes synapse's antispam callbacks as webhook-style http requests anyhow :P
2026-04-05T14:34:28  <acidsys> is anything missing?
2026-04-05T14:34:34  <matrix-o-o> <Emma [it/its]> oh did you, might have missed it
2026-04-05T14:34:42  <acidsys> I will update to the latest version
2026-04-05T14:35:09  <matrix-o-o> <Emma [it/its]> yeah, 0.4 is quite interesting for us here btw
2026-04-05T14:35:14  <matrix-o-o> <Emma [it/its]> * 0.4.0
2026-04-05T14:35:52  <matrix-o-o> <Emma [it/its]> that includes my PR to SAH to allow loading the auth secret from a file (though ill need your help making one of those) rather than being plaintext in the config
2026-04-05T14:35:59  <matrix-o-o> <Emma [it/its]> * SHA
2026-04-05T14:40:26  <acidsys> https://gitlab.infra.opensuse.org/infra/salt/-/merge_requests/2744 you can add configuration to salt/profile/matrix/files/homeserver.yaml
2026-04-05T14:40:42  <acidsys> and is 0.5.0 now
2026-04-05T14:41:09  <matrix-o-o> <Emma [it/its]> how would i go about modifying the launch command of a service?
2026-04-05T14:41:17  <acidsys> why would you want to do that
2026-04-05T14:41:59  <matrix-o-o> <Emma [it/its]> i need an extra secret for this
2026-04-05T14:42:35  <matrix-o-o> <Emma [it/its]> draupnir takes the path to a secret file via the CLI _only_ ("--http-antispam-authorization-path $PATH")
2026-04-05T14:43:30  <matrix-o-o> <Emma [it/its]> alternatively i need to somehow get it into the config file without exposing it in plaintext in git
2026-04-05T14:44:22  <matrix-o-o> <Emma [it/its]> alternatively #2: we ignore that issue and put it in the config in plaintext while assuming draupnir isnt reachable over HTTP directly
2026-04-05T14:44:48  <acidsys> for draupnir-bot.service you could add an override to edit Environment=ARGS, but if it can be placed in the configuration file that would be preferable
2026-04-05T14:44:56  <acidsys> and you want to track secrets in git anyways, we have encryption
2026-04-05T14:45:16  <matrix-o-o> <Emma [it/its]> didnt that require having functional pgp?
2026-04-05T14:45:24  <acidsys> sure
2026-04-05T14:46:14  <matrix-o-o> <Emma [it/its]> acidsys: can systemd even modify ExecStart depending on whether a variable is set or not?
2026-04-05T14:46:49  <matrix-o-o> <Emma [it/its]> because if the arg is there, its argument must be a valid path
2026-04-05T14:47:17  <acidsys> sure, and draupnir-bot.service working is a good example for it
2026-04-05T14:48:55  <matrix-o-o> <Emma [it/its]> huh?
2026-04-05T14:49:51  <acidsys> well if it was not working already someone would have complained, no? :)
2026-04-05T14:50:08  <acidsys> in any case configuration incl secrets should be tracked in git/salt, whichever approach is chosen
2026-04-05T14:50:10  <matrix-o-o> <Emma [it/its]> well, by default the argument isnt specified :)
2026-04-05T14:51:24  <matrix-o-o> <Emma [it/its]> i just meant that you cant do "--http-antispam-authorization-path $SECRET_PATH" and then not specify SECRET_PATH :P
2026-04-05T14:51:39  <acidsys> well I wasn't suggesting that
2026-04-05T14:52:17  <acidsys> but of course correct, so it's not so useful for shipping in the default unit file
2026-04-05T14:54:05  <matrix-o-o> <Emma [it/its]> i _could_ just post configuration snippets here for synapse and draupnir if you'd be willing to implement them
2026-04-05T14:59:51  <matrix-o-o> <Emma [it/its]> for the record, the following is what i think is valid YAML, i may be wrong... i usually only use json lol
2026-04-05T15:00:25  <matrix-o-o> <Emma [it/its]> ah, bridge truncated it to one line - the config isn't very complicated, just a lot of variables im unsure about as far as Salt goes
2026-04-05T15:00:38  <acidsys> keep in mind heisenbridge matrix snippet to irc link is still broken too
2026-04-05T15:00:46  <matrix-o-o> <Emma [it/its]> argh
2026-04-05T15:00:53  <matrix-o-o> <Emma [it/its]> moment
2026-04-05T15:01:08  <acidsys> I can open element for you
2026-04-05T15:02:01  <matrix-o-o> <crameleon (acidsys)> yawn
2026-04-05T15:02:47  <matrix-o-o> <Emma [it/its]> oh i was putting it on p.o.o lol, just had to deal with matrix clients not faithfully replicating my quotes lol
2026-04-05T15:03:32  <matrix-o-o> <Emma [it/its]> but sure
2026-04-05T15:12:49  <acidsys> check https://gitlab.infra.opensuse.org/infra/salt/-/merge_requests/2744
2026-04-05T15:34:51  <matrix-o-o> <Emma [it/its]> on it
2026-04-05T15:35:58  <matrix-o-o> <Emma [it/its]> oh, seems i forgot to mention that the base url in the homeserver.yaml should point at draupnir, not the matrix server
2026-04-05T15:36:16  <matrix-o-o> <Emma [it/its]> one sec, digging up the default port
2026-04-05T15:37:46  <matrix-o-o> <Emma [it/its]> left a comment on gitlab
2026-04-05T16:19:24  <acidsys> thanks