#i2p-dev (irc2p) | 2.7.0-2 | Proposal 168 review Tues. Dec. 3, 8 PM UTC #ls2

eyedeekay I have seriously never hated any piece of software as much as I hate gitlab right now

eyedeekay I'm going to start calling the knot in my back gitlab

dr|z3d eyedeekay: blow it off, sounds like now's a great time to replace it with gitea.

eyedeekay 2 weeks before release? Pretty sure I'm not that crazy

eyedeekay It should not be this hard to get nginx to act as a client to i2pgit.org, then serve it back to the HTTP tunnel on 80

dr|z3d well, here's an idea. run gitea in parallel for now, see how you get on with it, and then when you're comfortable, switch.

eyedeekay Might give that a shot yeah

eyedeekay Just seems very ill-advised to suddenly migrate without a plan

dr|z3d are you giving nginx the correct SSL cert?

dr|z3d because nginx can't proxy_pass to https without a cert.

eyedeekay Even if the cert is in the global store?

eyedeekay Yeah that's probably it

dr|z3d you could alternatively proxy_pass to a private port, that's probably easier.

eyedeekay That's the really hilarious part

eyedeekay It isn't

eyedeekay It isn't even close

eyedeekay gitlab.com/gitlab-org/omnibus-gitlab/-/issues/1891

eyedeekay No dice on the cert configuration

dr|z3d ah, right, gotcha, http -> https or vice versa no workee on gitlab.

eyedeekay It can't even listen on both

eyedeekay Apparently it's some rails bullshit

dr|z3d see if this helps: cake.i2p/view/rsZeVhnXcT_Xd1vqegSCWLSpsnM3QwoFLfTncdWoa_i1eLrydsxK/rsZeVhnXcT.txt

dr|z3d gitlab itself shouldn't be listening on multiple ports, that's nginx's job.

eyedeekay Technically you're right but it's a little more complicated than that, there's gitlab the API and there's gitlab the webUI and then there all the little working components of it, what it actually does is starts an API server then serves a bunch of files with nginx(the webUI) then uses nginx to proxy them both, so by definition the thing you see is actually an nginx server sitting between you and the API

eyedeekay server serving you files

eyedeekay That's an oversimplification actually gitlab's this complicated behemoth

dr|z3d yeah, it's a monster, this much I know.

eyedeekay But part of the standard gitlab install is this nginx server which it configures for you

eyedeekay So on i2pgit.org there's the nginx in the VM where gitlab runs then there's the nginx on the host, the nginx on the host I configure by hand and it has no problems listening on multiple ports

eyedeekay But for the nginx in the VM when I try to make it listen on a second port it gets all confused

eyedeekay But that nginx and the nginx on the host both need to be using TLS or gitlab will think it's being served over HTTP and try to get a bunch of stuff over HTTP which will cause it to break ^^

dr|z3d it seems obvious to me that you're spending way too much time wrestling with it.

eyedeekay You have a point

dr|z3d if you like gitlab enough, use their servers.

eyedeekay I just need it to survive 13 days

eyedeekay And a plan

eyedeekay I don't

dr|z3d I think you can use a custom hostname with their servers.

eyedeekay I hate gitlab, I've hated it since before we deployed it

eyedeekay It is among my chief regrets that I didn't fight harder for gitea when the time was right

eyedeekay As far as I2P decisions

dr|z3d in your boat, I'd mirror the current repos to gitlab.com (while keeping your servers running)..

dr|z3d then when everything looks intact, I'd see about using your current domains with their servers. as an interim measure.

dr|z3d then I'd setup gitea on your vps, and mirror all the repos to it (initially).

dr|z3d then, when the dust has settled, you can tell gitea not to mirror anymore, you want it to be a "normal" repo. and then you've got gitlab.com and github as backup plans where you can also leverage their CI.

eyedeekay It's simple enough to add gitlab remotes to the mirror script

dr|z3d but if you want painless, just run a gitea instance and mirror the repos you want, then you can get a sense of how it functions without disturbing anything.

eyedeekay and I understand **exactly** how to make gitea honor proxy settings of any level of elaboration, gitlab I don't even bother trying to hide the physical location of the server but with gitea, I could actually achieve that

eyedeekay Not that we need to or should, but we could

eyedeekay it's really easy to get gitlab to contact other git servers and really hard to tell when it's following your proxy settings

dr|z3d gitlab works for me because I let them run it :)

dr|z3d I suspect I'd hate it as much as you if I was hosting it.

eyedeekay I dunno

eyedeekay jgit's easy, gitea's easy

eyedeekay presumably gogs is still easy

dr|z3d well, if maintenance gets in the way of doing stuff, then there's a problem, houston!

eyedeekay It's because I'm running it **and** because it's way too complicated

eyedeekay Like you can just throw the jgit war into the eepsite config and it works

eyedeekay is it jgit I'm thinking of

eyedeekay no it's gitbucket

eyedeekay gitbucket is based on jgit

eyedeekay Hey it's only 2:15 and I've finally got it down to just a stupid redirect loop

dr|z3d haha

dr|z3d well done

zzz eyedeekay, what I would give up on is http+https, which I thought you did give up several days ago

zzz and made the change two days ago

zzz but took another run at yesterday which seems to have been fruitless?

eyedeekay What I was trying to do yesterday was just to get comments to post, or at least get it to where I could see why they weren't

eyedeekay Which was indeed fruitless

eyedeekay I did get http->https redirects on the I2P side working

zzz hmph. baby steps

zzz oooh finally tracked down a good susimail bug

zzz I'm going to clean it up and get it in, eyedeekay ok if I bump afterward?

eyedeekay Yeah go right ahead

zzz susimail is going to be cherry

zzz I'm almost done with 2.5.0

RN If you want to test the dev version but don't want to build it youreself you can grab an updater file at I2Peek-a-Boo.i2p/i2pupdates.html 2.3.0-18-rc

dr|z3d cherry..

dr|z3d is that cherry with mail filters and multiple user-defined folders flavor of cherry, zzz? :)

dr|z3d also, I asked postman if there was an issue with mail retention on the server re the online reader (view online, no download).. apparently no issue at all.

dr|z3d eyedeekay's also interested in getting pgp integration working. would be good to see that happening, perhaps in conjunction with contacts feature, so you can attach a pgp key to a contact and susimail handles the pgp encryption / decryption transparently.

dr|z3d local disk encryption of the mail store also cherry flavored :)

RN Brand New Cherry flavor

RN (ugh that was a creepy movie)

dr|z3d Cherry wasn't bad.

dr|z3d Post-Iraq soldier adjusts to civilian life.

RN don't think that's the same movie

RN brand new cherry flavor has a character eat their eyeball

RN not really ontopic. LOL

eyedeekay Here's a question put after entirely too little consideration IMO...

eyedeekay What if there was an "EncryptedWorkingDir extends WorkingDir"

eyedeekay ?

eyedeekay i.e. use a password to unlock the config dir and actually start I2P with the config, treating it as a sort of "profile"

eyedeekay I've done zero research on it but maybe that's both better and potentially more straightforward than encrypting the susimail data only

zzz here's my proposed cherries for 2.5, mostly done: stats.i2p/docs/roadmap-2.5-zzz.html

dr|z3d eyedeekay: sure, works for me. a bit like firefox's optional password storage password.

dr|z3d looks good, zzz. plenty of time in the next release cycle for additional cherries, then :)

zzz not really as by the time all that gets in we will probably be close to big changes deadline, aka "merge window"

dr|z3d you can add another possible cherry there, maybe, your keepalive stuff?

zzz on there

dr|z3d I must be blind, then. Can't see it.

dr|z3d ah, there it is. my bad.

dr|z3d another thing that was mooted a while back.. blind dests for snark.. any more thoughts on that?

zzz requires a proposal/spec/postman involvement

zzz and bigly

dr|z3d roger that.

dr|z3d since you've been so busy, here's a gift..

dr|z3d body {text-align:center;font-family:sans-serif;background:#449;font-size:90%}

dr|z3d h1,h2,h3{color:#fff}

dr|z3d h3{margin:30px auto 0;width:50%;min-width:600px;background:#225;box-shadow:0 0 0 5px #225;padding-bottom:8px}

dr|z3d table,th,td {border:1px solid #ddf;border-collapse:collapse}

dr|z3d table{margin:auto;width:50%;min-width:600px;box-shadow:0 0 0 1px #ddd,0 0 0 5px #225}

dr|z3d th, td {padding: 4px 8px;text-align:left}

zzz re: encryption, seems like a howto writeup for fscrypt would be the thing

dr|z3d th{font-size:80%}

dr|z3d th:nth-child(n+2),td:nth-child(n+2) {text-align:center}

dr|z3d tr:nth-child(even){background:#eef}

dr|z3d tr:nth-child(odd){background:#fff}

zzz and where would I use that gift?

dr|z3d add it as a <style> block on that proposals page you just posted.

dr|z3d and anywhere else you need to throw up tabulated data.

zzz just notes but ok

dr|z3d also, don't be lazy. that html *chuckle*

dr|z3d you're making RN look good, and that's saying something :)

zzz next time I'll do text to not awaken the pnut gallery

dr|z3d :)

dr|z3d you can nuke this line, not optimal on that table: th:nth-child(n+2), td:nth-child(n+2) { ... }

dr|z3d left alignment on all cells probably what you want.

dr|z3d and if you convert the <p> above the table to an <h3> it'll sit nicely.

RN :P