2020-11-16T03:53:34  *** okurz_ is now known as okurz
2020-11-16T07:47:16  *** ldevulder_ is now known as ldevulder
2020-11-16T10:59:02  *** Martchus_ is now known as Martchus
2020-11-16T15:03:05  *** ldevulder_ is now known as ldevulder
2020-11-16T19:34:17  <cboltz> lcp: !453 looks good, just a question before I merge it:
2020-11-16T19:34:37  <cboltz> would it make sense to also list the IPs of anna and elsa?
2020-11-16T19:34:40  <lcp> I don't know if it works either >:D
2020-11-16T19:34:53  <lcp> hm, good question
2020-11-16T19:36:24  <darix> i found it very amusing that 389-ds moved from pagure to github
2020-11-16T19:43:06  <lcp> well, they are also using rust in their development, so I don't think they are any wiser when it comes to choosing good tooling
2020-11-16T19:43:31  <darix> rust is actually a good decision
2020-11-16T19:43:35  <darix> for future code
2020-11-16T19:43:47  <darix> i can highly recommend Williams talk about Rust and C
2020-11-16T19:44:08  <lcp> it's a horrible decision for a project that is willing to be shipped in distros though ;)
2020-11-16T19:44:28  <darix> naw
2020-11-16T19:44:29  * cboltz waits for someone to introduce the "iron" programming language, which will obviously obviously be better than rust ;-)
2020-11-16T19:44:40  <darix> distros need to sort packaging anyway
2020-11-16T19:44:42  <darix> because guess what
2020-11-16T19:44:46  <lcp> (and I'm very familiar with rust, I did write a bunch back in the days)
2020-11-16T19:44:51  <darix> you are *using* rust code already
2020-11-16T19:45:04  <darix> e.g. in your firefox
2020-11-16T19:45:13  <lcp> well, I am aware
2020-11-16T19:45:21  <lcp> very aware
2020-11-16T19:45:40  <lcp> that doesn't mean firefox didn't become a bigger pain to build
2020-11-16T19:46:39  <darix> with the pain level who need for browsers already
2020-11-16T19:46:42  <lcp> I understand why so many people wanna distros to stop using native packaging too, with this much of meme building, flatpaks do seem like way better option ;)
2020-11-16T19:46:49  <darix> that wasnt much of pain
2020-11-16T19:46:59  <darix> no it is not
2020-11-16T19:47:33  <lcp> yeah they do, imagine if factory didn't need to build firefox to run tests, openQA would be so much faster
2020-11-16T19:47:43  <lcp> and I mean SO MUCH faster
2020-11-16T19:48:50  <lcp> and if we dropped the whole rust toolchain and libreoffice with it, it would really be super fast
2020-11-16T19:49:06  <lcp> libreoffice is a sidenote here, since it's just generally a pain too ;)
2020-11-16T19:49:15  <darix> you know
2020-11-16T19:49:23  <darix> this is actually not my major pain with rust
2020-11-16T19:49:32  <darix> a shared object per crate
2020-11-16T19:49:35  <darix> now this would be awesome
2020-11-16T19:49:43  <darix> instead of static linking everything
2020-11-16T19:49:43  <lcp> ye, I agree
2020-11-16T19:50:10  <lcp> well, rust architects hate stable languages, so that's not gonna happen anytime soon
2020-11-16T19:50:21  <lcp> it's annoying
2020-11-16T19:50:41  <darix> they can change the ABI between releases
2020-11-16T19:51:09  <darix> and encode the ABI into the symbols for the library
2020-11-16T19:51:25  <darix> then a binary build with rust 1.49 cant load a shared library from 1.48
2020-11-16T19:51:44  <lcp> yup
2020-11-16T19:52:01  <darix> anyway
2020-11-16T19:52:30  <darix> libreoffice, Firefox, chromium ... are all crap fests with tons of intree libs
2020-11-16T19:52:38  <darix> so that is not an argument against rust
2020-11-16T19:52:44  <darix> the rust compiler itself is nicely fast
2020-11-16T19:52:45  <darix> so
2020-11-16T19:53:21  <lcp> yeah, as I said, I used it a bunch
2020-11-16T19:53:46  <lcp> the language by itself is great, it's just that it smells of terrible practices all around
2020-11-16T20:14:18  <lcp> cboltz: that would make sense since from the inside the requests done by proxy seem like they come from anna and elsa?
2020-11-16T20:18:55  <cboltz> yes, anna and elsa are the two servers behind proxy (active/passive, with a failover IP)
2020-11-16T20:27:34  <darix> haproxy has 2 ways to forward the real external IP to the backend server
2020-11-16T20:27:35  <lcp> hm, ok
2020-11-16T20:27:47  <darix> X-Forwarded-For: if it is http
2020-11-16T20:27:59  <darix> haproxy proxy protocol for plain tcp things
2020-11-16T20:28:38  <lcp> ah, and vpn connections come from another set of addresses entirely
2020-11-16T20:28:46  <lcp> ok, that solves that thing
2020-11-16T20:29:41  <lcp> we don't really need to know the external address
2020-11-16T20:29:48  <lcp> just that it's coming from the proxy
2020-11-16T20:30:24  <darix> in the past we had the rule that VMs should only accept traffic from the proxy hosts
2020-11-16T20:30:38  <darix> so one bugged VM can not be used to jump or interfer with other VMs
2020-11-16T20:32:01  <darix> oh and btw: if you dont like firewalld like me ... we now have a package to start nftables rules :)
2020-11-16T21:11:00  <cboltz> lcp: !453 merged - keep a root shell open when deploying ;-)
2020-11-16T21:11:30  <lcp> good point >:D
2020-11-16T21:19:18  <lcp> I'm running reindex on mailman3, it will take a few days :/
2020-11-16T21:19:39  <lcp> it may run out of space too, eh
2020-11-16T21:27:38  * lcp sent a long message:  < https://matrix.org/_matrix/media/r0/download/matrix.org/YMkssKQieUNWGdCmeRXIOqve/message.txt >
2020-11-16T21:27:48  <lcp> that doesn't seem correct
2020-11-16T21:28:23  <cboltz> indeed, there are too many spaces in   g i t   ;-)
2020-11-16T21:29:25  <lcp> how did that happen
2020-11-16T21:29:57  <cboltz> give me a minute to check the formula
2020-11-16T21:32:29  <cboltz>       {%- if keyword in ['AllowUsers', 'DenyUsers', 'AllowGroups', 'DenyGroups'] -%}
2020-11-16T21:32:35  <cboltz>             {{ option_collapselist(keyword, ' ', config_dict=match['options']) | indent(4, true) }}
2020-11-16T21:33:19  <cboltz> I'd need to follow what option_collapselist does, but my _guess_ is that you should use a list instead of a string value
2020-11-16T21:33:33  <cboltz>   AllowUsers:
2020-11-16T21:33:34  <lcp> yeah, that seems about right
2020-11-16T21:33:35  <cboltz>     - git
2020-11-16T21:33:54  <lcp> I'm surprised that's not a requirement for address ;)
2020-11-16T21:35:02  <lcp> actually, would you look up if that's the case for address? it would make it a touch neater to have as a list
2020-11-16T21:38:11  <darix> uhm
2020-11-16T21:42:07  <lcp> the answer seems to be there is nothing special, so it probably won't render righ
2020-11-16T21:42:09  <lcp>  * the answer seems to be there is nothing special, so it probably won't render right
2020-11-16T21:42:33  <cboltz> the code in the formula (actually the jinja template) is interesting[tm]
2020-11-16T21:42:48  <cboltz> it seems there's a join_to_string() involved, whatever that does
2020-11-16T21:43:08  <darix> you want my simple ssh.sls?:)
2020-11-16T21:43:22  <cboltz> ah,   {%- macro join_to_string(src, keyword, sep=',') -%}
2020-11-16T21:43:42  <cboltz> looks like you can use lists and get it joined with a comma
2020-11-16T21:44:15  <cboltz> BTW, I'm talking about openssh-formula/openssh/files/sshd_config
2020-11-16T21:44:36  <cboltz> darix: yeah, sometimes I really prefer simple self-made salt code over formulas ;-)
2020-11-16T21:44:42  <darix> well
2020-11-16T21:44:45  <lcp> hm, well, I missed that
2020-11-16T21:47:27  <darix> well one could make a formular out of my code
2020-11-16T21:47:32  <darix> and it would still be short :P
2020-11-16T21:48:46  <cboltz> the usual problem with formulas is that they try to be egg-laying woolly milk sheeps ;-)
2020-11-16T21:49:19  <cboltz> so yes, any "limited" (but still good-enough) custom code will always be shorter
2020-11-16T22:06:57  <darix> cboltz lcp: https://git.nordisch.org/-/snippets/245
2020-11-16T22:07:26  <darix> cboltz: i might actually do a formular out of our profile/base :)
2020-11-16T22:07:33  <darix> which does all kinds of nice things
2020-11-16T22:08:26  <darix> reload to have the shell script on top
2020-11-16T22:14:09  <darix> lcp: does that help?:)