Smaller comment, besides that, looks good to me, thanks!
I would like to set main as the default branch actually. Or maybe you can do that after this one is merged, would be much appreciated.
Aha I knew there was something in float, float/docs/reference.md Doesn't that removes my comment?
All DNS entries are served under an internal domain domain.
Smaller comment, besides that, looks good to me, thanks!
Clever to not use the name. But can we go with 12-slim ? #1
Can we do that without sgk
? I presume there's something missing elsewhere?
Testing against black.bitmask.net? Let's discuss quickly what your plan is.
Nitpicking, but it's quite a long name: does it make sense to just call it float-run-validation
or something similar?
kwadronaut (4d60a468) at 28 Mar 08:49
Update provider_config.yml
If you have IPv6 DNS resolvers configured, they seem to be leaking. I asked someone else about 216.127.227.21.
The question: is it trivial to build against Debian 11 or not?
ar -x bitmask-vpn_0.24.03-rc.1-3-g98005eb_amd64.deb
zstd -d < control.tar.zst| xz > control.tar.xz
zstd -d < data.tar.zst| xz > data.tar.xz
ar -m -c -a sdsd bitmask-vpn_0.24.03-rc.1-3-g98005eb_amd64-replaced.deb debian-binary control.tar.xz data.tar.xz
dpkg -i bitmask-vpn_0.24.03-rc.1-3-g98005eb_amd64-replaced.deb
# dpkg -i bitmask-vpn_0.24.03-rc.1-3-g98005eb_amd64-replaced.deb
Selecting previously unselected package bitmask-vpn.
(Reading database ... 376537 files and directories currently installed.)
Preparing to unpack bitmask-vpn_0.24.03-rc.1-3-g98005eb_amd64-replaced.deb ...
Unpacking bitmask-vpn (0.24.03-rc.1-3-g98005eb) ...
dpkg: dependency problems prevent configuration of bitmask-vpn:
bitmask-vpn depends on libc6 (>= 2.34); however:
Version of libc6:amd64 on system is 2.31-13+deb11u8.
bitmask-vpn depends on libqt6core6 (>= 6.4.0); however:
Package libqt6core6 is not installed.
bitmask-vpn depends on libqt6gui6 (>= 6.1.2); however:
Package libqt6gui6 is not installed.
bitmask-vpn depends on libqt6qml6 (>= 6.2.0); however:
Package libqt6qml6 is not installed.
bitmask-vpn depends on libqt6widgets6 (>= 6.1.2); however:
Package libqt6widgets6 is not installed.
bitmask-vpn depends on libqt6svg6; however:
Package libqt6svg6 is not installed.
bitmask-vpn depends on qml6-module-qtquick; however:
Package qml6-module-qtquick is not installed.
bitmask-vpn depends on qml6-module-qtquick-controls; however:
Package qml6-module-qtquick-controls is not installed.
bitmask-vpn depends on qml6-module-qtquick-dialogs; however:
Package qml6-module-qtquick-dialogs is not installed.
bitmask-vpn depends on qml6-module-qtquick-layouts; however:
Package qml6-module-qtquick-layouts is not installed.
bitmask-vpn depends on qml6-module-qtqml-workerscript; however:
Package qml6-module-qtqml-workerscript is not installed.
bitmask-vpn depends on qml6-module-qtquick-templates; however:
Package qml6-module-qtquick-templates is not installed.
bitmask-vpn depends on qml6-module-qtquick-window; however:
Package qml6-module-qtquick-window is not installed.
bitmask-vpn depends on qml6-module-qt-labs-platform; however:
Package qml6-module-qt-labs-platform is not installed.
bitmask-vpn depends on qml6-module-qtcore; however:
Package qml6-module-qtcore is not installed.
bitmask-vpn depends on qml6-module-qt5compat-graphicaleffects; however:
Package qml6-module-qt5compat-graphicaleffects is not installed.
dpkg: error processing package bitmask-vpn (--install):
dependency problems - leaving unconfigured
Processing triggers for gnome-menus (3.36.0-1) ...
Processing triggers for desktop-file-utils (0.26-1) ...
Processing triggers for mailcap (3.69) ...
Processing triggers for hicolor-icon-theme (0.17-2) ...
Errors were encountered while processing:
bitmask-vpn
Should we support Debian 11 or not. zst support for apt was added in bookworm, Debian 12.
dpkg -i /tmp/deploy/bitmask-vpn_0.24.03-rc.1-3-g98005eb8_amd64.deb dpkg-deb: error: archive '/tmp/deploy/bitmask-vpn_0.24.03-rc.1-3-g98005eb8_amd64.deb' uses unknown compression for member 'control.tar.zst', giving up dpkg: error processing archive /tmp/deploy/bitmask-vpn_0.24.03-rc.1-3-g98005eb8_amd64.deb (--install): dpkg-deb --control subprocess returned error exit status 2 Errors were encountered while processing: /tmp/deploy/bitmask-vpn_0.24.03-rc.1-3-g98005eb8_amd64.deb
I was having some issues when trying to deploy from old stable (11, bullseye). 12, bookworm current stable works fine.
Need to test if this is a general thing or an odd case here. If general we should either fix it or update the readme/requirements.
fatal: [cod]: FAILED! => {"changed": false, "msg": "AnsibleError: template error while templating string: unable to locate collection ansible.utils. String: # Create a number of general-purpose chains to allow traffic from\n# specific sets of hosts.\n\n{% macro allow_host_ips(h, chain) %}\n{% for ip in hostvars[h]['ips'] | ansible.utils.ipv4 | sort %}\nadd_rule4 -A {{ chain }} -s {{ ip }} -j ACCEPT\n{% endfor %}\n{% for ip in hostvars[h]['ips'] | ansible.utils.ipv6 | sort %}\nadd_rule6 -A {{ chain }} -s {{ ip }} -j ACCEPT\n{% endfor %}\n{% endmacro %}\n\n{% macro create_chain_from_host_group(chain, group) %}\ncreate_chain {{ chain }}\n{% for h in groups.get(group, [])|sort %}\n{% if h != inventory_hostname %}\n{{ allow_host_ips(h, chain) }}\n{% endif %}\n{% endfor %}\n{% endmacro %}\n\n# Chain that allows traffic from all hosts in the inventory.\n{{ create_chain_from_host_group('allow-cluster', 'all') }}\n{% for port in float_enabled_services | map('extract', services) | selectattr('ports', 'defined') | map(attribute='ports') | flatten | sort %}\nallow_port tcp {{ port }} -j allow-cluster\n{% endfor %}\n\n# Chain to allow traffic from hosts running monitoring probers.\n{% if 'prometheus' in services %}\n{{ create_chain_from_host_group('allow-monitoring', services['prometheus'].group_name) }}\n{% for network_name in net_overlays | map(attribute='name') if hostvars[inventory_hostname].get('ip_' + network_name) %}\n{% for host in services['prometheus'].hosts | sort if hostvars[host].get('ip_' + network_name) %}\nadd_rule4 -A allow-monitoring -s {{ hostvars[host]['ip_' + network_name] }} -j ACCEPT\n{% endfor %}\n{% endfor %}\n\n# Allow traffic from monitoring probers to local services (on the\n# public IP).\nallow_port tcp 3909 -j allow-monitoring # cgroups-exporter\nallow_port tcp 3903 -j allow-monitoring # mtail\nallow_port tcp 9004 -j allow-monitoring # auth-server\nallow_port tcp 9100 -j allow-monitoring # node-exporter\nallow_port tcp 9106 -j allow-monitoring # rsyslog-exporter\nallow_port tcp 9323 -j allow-monitoring # docker\nallow_port tcp 5331 -j allow-monitoring # backup-agent (tabacco)\n{% for port in float_enabled_services | map('extract', services) | selectattr('monitoring_endpoints', 'defined') | map(attribute='monitoring_endpoints') | flatten | map(attribute='port') | sort %}\nallow_port tcp {{ port }} -j allow-monitoring\n{% endfor %}\n{% endif %}\n\n{% if ssh_port != 22 %}\nallow_port tcp {{ ssh_port }}\n{% endif %}\n"}
This is a nice-to-have. Requires a working platform on Debian 11, dist-upgrade or deploy to different machines a Debian 12 with the same secrets. It's something to try out when Calyx, Riseup or another provider want to go that path.
@sgk I believe you were working on this. Can you create seperate sub-issues and move to the next cycle whatever needs to be moved?
Bummers: float-runner#2
There's a main branch as well, with some changes that are not in master
See https://0xacab.org/leap/container-platform/float-runner/-/tree/main?ref_type=heads
We need to merge both, and set main
as the default and protected.
kwadronaut (5e76cafb) at 21 Mar 13:46
Merge branch 'fix/gitlab-ci' into 'master'
... and 2 more commits
IYDM I'll merge with my fix.