Oh dear god 🤦♂️ My stupid brain read:
I’m seeing lots of burn-ins on my screen lately
as:
I’m seeing lots of burn-ins on my street lately
🤣
@eldersnake@we.loveprivacy.club @movq@www.uninformativ.de Aren’t they called “burnouts” 🤣
@eapl.me@eapl.me yarnd is centralised if you run a large instance with a large number of users.The design of the software itself discourages an operator from doing this, the more users you have, the more resources the pod would consume. It was never designed for this.
yarnd is however strictly decentralised, with some distributed features that allow “peering pods” to talk to each other, often exchanging “missing Twts” among peers. This is useful to correct chains or fill in missing roots – Because the whole “network” is decentralised. This is one of the downsides of a decentralised system, so we had to figure out a “middle ground”.
The term decentralization gets thrown around a lot today, often referring to a paradigm shift in Internet technologies that’s just around the corner. You may have encountered it in a conversation or documentation about something weedy and technical like a blockchain technology or a federated social network.
@abucci@anthony.buc.ci Yeah thanks! 🙏 I think I’ve read this very paper myself, the difference between centralisation, decentralisation and distributed systems are basically summed up in the figure:
@lyse@lyse.isobeef.org Been using it for years 😅 highly recommend 😅
Really loving all the improvements in Gitea of late, as well as Gitea Actions 😍
@mckinley@twtxt.net Nice! 👌 This gives me great hope that we might be able to build something with similar pricing, different features of course, but the use-case of “website” hosting is definitely on the cards.
@xuu@txt.sour.is Mice! 👌 I like my stuff yo be rack mounted 😆 Probably gonna go for a couple of Mac Minis with a 1RU chassis you can get for ‘em from a 3rd party 🤞
@xuu I do! But not a whole rack, only 3x Intel Xeon(s) pizza boxes with 2x SSD(s) ea and 32GB RAM. I’m running out of resources, disk i/o is going up, etc. I need moooar 🤣 – But actually what I really need is just a couple of “build machines” for CI and add some additional memory to the hypervisor clsuter (I think they can take up to 64GB ea)
@abucci@anthony.buc.ci Is your expression one of a support or something else? 😅
I used to use MPD a lot in the past
Interesting 🤔
@shreyan@twtxt.net Any significant differences in logic with your program vs. mine? 🤔
What if I run my Gitea Actions Runners on some Vultr VM(s) for now? At least until I get some more hardware just for a “build farm” 🤔
Hmmm, is bip39 suppose to be reversible? I thought that’s what it was for?!
$ echo 59I0nDFYho4Hq4ps | ./bip39 -e | ./bip39 -d
353949306e444659686f344871347073
@stigatle@yarn.stigatle.no Ahhh! Like a scooter? 😅
Good question! 🤔 I’ll have a look around 👌
@stigatle@yarn.stigatle.no What’s a kick bike anyway? 🤔
@eapl.me@eapl.me You’re best bet then is BIP39 – That’s what it was created for 👌
@marado@twtxt.net Uggh sorry about that 😢 I’ll add it back. 👌 To be honest I didn’t think I’d have this much trouble running the workflow 😆
I am so excited 🤩 I’ve been woken up early this morning by my lovely wife, to let me know there’s a truck outside out house near the cabling pits doing something. Turns out, NBN have been laying the big fibre cables around our area and finally cleaning out the pits for fibre installation! 🥳 Its only a matter of time! 🤞
Finally, my 3 years of complaining and pushing NBN have paid off 😅 #NBN #Fibre
Also we’ve set-up an org over at https://git.mills.io/cas if you wanna contribute 👌
@jmjl@tilde.green We’re already able to do this for example:
https://hello-prologic.cas.run/
Which was just spun up using:
$ docker service create --name hello --network traefik --label traefik.enable=true --label traefik.http.services.hello.loadbalancer.server.port=80 nginxdemos/hello
It gets a bit weird when you do this in a Docker Stack using docker stack deploy though 🤣 e.g: https://prologic-prologic-prologic.cas.run/
Still trying to figure out the best default routing rule for the ingress proxy to make things easy.
@eapl.me@eapl.me QR code printed on paper?
@jmjl@tilde.green Figured out the bug and fixed it. Pushing a new version shortly 👌
podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
@abucci@anthony.buc.ci Yeah I think there’s a bit more work on the Docker-compat component of Podman. I’ll try to figure this out and work with the developers of the project. 👌
podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
And to be clear, we’re talking about TLS mutual authentication here too
podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
I really don’t think TLS is supported yet.
podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
See:
$ podman ps
Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: failed to connect: ssh: handshake failed: knownhosts: /Users/prologic/.ssh/known_hosts:43: address [host=tcp:]: missing port in address
podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
$ podman system connection add "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
Error: accepts 2 arg(s), received 1
I think this should be:
$ podman system connection add localhost "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
But now:
$ podman system connection list
Name URI Identity Default
localhost ssh://@[host=tcp:]:22 true
And this doesn’t work 😢
podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
@abucci@anthony.buc.ci Hmm I see! Let me trry that 👌
podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
Not in the same way docker context create does.
podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
But it doesn’t understand how to use TLS certs.
podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
It does have this flag:
$ podman context create --help
Record destination for the Podman service
Description:
Add destination to podman configuration.
"destination" is one of the form:
[user@]hostname (will default to ssh)
ssh://[user@]hostname[:port][/path] (will obtain socket path from service, if not given.)
tcp://hostname:port (not secured)
unix://path (absolute path required)
Usage:
podman context create [options] NAME DESTINATION
Options:
--default-stack-orchestrator string Ignored. Just for script compatibility
--description string Ignored. Just for script compatibility
--docker string Description of the context
--from string Ignored. Just for script compatibility
--kubernetes string Ignored. Just for script compatibility
podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
I’ve already tried, it doesn’t quite work (yet).
podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
Not quite.
[22:51:47] <prologic> bkhl you misunderstand what I'm asking :( I'm asking whether we can add TLS support to Podman the CLI / client? It looks like it doesn't understand how to connect to a typical Docker TCP service over TLS
[22:52:52] <prologic> e.g: Error: --docker additional options "ca=/Users/prologic/.docker/certs.d/localhost/ca.pem,key=/Users/prologic/.docker/certs.d/localhost/key.pem,cert=/Users/prologic/.docker/certs.d/localhost/cert.pem" not supported
[22:53:03] <prologic> When running: podman context create localhost --docker "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
@abucci@anthony.buc.ci I think it only supports SSH is the problem. If it supported TLS we’d be good to go 👌 Might ahve to file a feature request? 🤔
@jmjl@tilde.green What do you mean? 🤔 Open to alternative ideas 🙏
@jmjl@tilde.green Confirmed:
$ dke -t 6cf690c08e6b /bin/sh
unable to upgrade to tcp, received 500
I’ll try to fix this today 👌
@xuu@txt.sour.is Yeah a lot of local data is transferred around 👌
@jmjl@tilde.green I’ll look into this a bit later today. You mean docker exec ... right into an existing container? 🤔
You then automatically get a route to http://jmlj.cas.run pinting at this service.
@jmjl@tilde.green Right now:
docker stack deploy -c jmlj.yml jlmj
Where jmlj.yml is:
---
version: "3.8"
services:
prologic:
image: r.mills.io/prologic/zs
networks:
- traefik
deploy:
mode: replicated
replicas: 1
labels:
- "traefik.enable=true"
- "traefik.http.services.prologic.loadbalancer.server.port=8000"
resources:
reservations:
memory: 16M
limits:
memory: 32M
restart_policy:
condition: any
networks:
traefik:
external: true
podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
@abucci@anthony.buc.ci I asked the folks over at #pormdn on IRC and this is what they said:
[01:47:58] <Remco> prologic: The podman executable doesn't understand anything docker, but podman does offer a compatibility api for the docker executable. So it would be the second in your or statement
I don’t think Podman is compatible with the Docker API, onl the Docker CLI.
Hmmm if Podman can talk to a remote Docker API over SSH, this isn’t going to work 😢
prologic@JamessMacStudio
Tue Aug 08 01:20:43
~/Projects/docker-proxy
(main) 0 0
$ podman context list
Name URI Identity Default
localhost tcp://localhost:2376 true
prologic@JamessMacStudio
Tue Aug 08 01:20:57
~/Projects/docker-proxy
(main) 0
$ podman --help | grep id
--identity string path to SSH identity file, (CONTAINER_SSHKEY)
I was never able to get the SSH version of the intercepting proxy working. I spent a couple of years on/off trying to get it to work, but there are limitations with the standard library and/or the ssh library or something that prevented the SSH Proxy from fully working See Issue #2 which I’ve now closed as “won’t fix”.
I guess Podman needs to learn how to do TLS?
Hmmm trying this locally:
$ sh setup.sh
Error: --docker additional options "ca=/Users/prologic/.docker/certs.d/localhost/ca.pem,key=/Users/prologic/.docker/certs.d/localhost/key.pem,cert=/Users/prologic/.docker/certs.d/localhost/cert.pem" not supported
Not support for TLS?
dockerd is 96M and has to run all the time. You can't use docker without it running, so you have to count both. docker + dockerd is 131M, which is over 3x the size of podman. Plus you have this daemon running all the time, which eats system resources podman doesn't use, and docker fucks with your network configuration right on install, which podman doesn't do unless you tell it to.
@abucci@anthony.buc.ci Yeah okay, you make some excellent points 👌 😅