#dev 2024-08-08

2024-08-08 UTC
box4641, bret, beanbrain, AramZS, [Adam_Wier], jjuran, ttybitnik, GuestZero and barnaby joined the channel
# 15:10 
beanbrain i've been trying to use rsync to push my site build to my server, and i'm really confused about how to do it securely.  can i have some help?
# 15:13 
beanbrain it's confusing, because i have disallowed ssh-ing into root, which has the permissions to modify my files in the site directory, /usr/local/www
# 15:14 
beanbrain the site directory itself is owned by a user www, but that is not a login user, also for security,
# 15:15 
beanbrain ssh and rsync are both allowed through pf
# 15:16 
beanbrain ah -- it's a freebsd server
# 15:16 
Loqi ah has -1 karma over the last year
# 15:18 
beanbrain i can't seem to understand rsyncd for the life of me
# 15:18 
beanbrain when i set up a module, i can't see it listed with `rsync rsync://mysite::
# 15:42 
[tantek] ah++ undo unintended negative karma
# 15:42 
Loqi ah has 0 karma over the last year
[jacky] and rjomara5857 joined the channel
# 16:23 
ptramo[d] rsync:// is the insecure protocol, only usable to pull
# 16:23 
ptramo[d] You will need ssh to push as it's the only transport that allows secure authentication
# 16:26 
ptramo[d] You'll want a user that can run the rsync command over ssh, read and modify the files
# 16:42 
beanbrain thanks ptramo[d]
# 16:43 
beanbrain i was talking with a friend, and they suggested a ci/cd pipeline for this
# 16:43 
ptramo[d] Sure thing 🙂 one fewer daemon, yay
# 16:43 
ptramo[d] How do they suggest the files land on the server?
# 16:44 
beanbrain cause the user that receives the rsync on the server should be (and is) an underprivileged user
# 16:45 
beanbrain they suggested ansible or something similar, but that's almost 800 MiB i don't need
# 16:45 
ptramo[d] What's the problem you're trying to solve? 🙂
# 16:45 
ptramo[d] Ansible is more configuration management, and typically runs privileged
# 16:45 
beanbrain i just need to push the site i build locally to the directory it's served from
# 16:46 
ptramo[d] Ok, so on the host that serves the files, there will be a unix user that can write those files
# 16:46 
aaronpk you should be able to rsync over ssh too, rather than run the rsyncd daemon
# 16:46 
ptramo[d] Either it'll pull from somewhere or get pushed to, and then it'll write the files
# 16:46 
aaronpk that's what i use for backups between my servers
# 16:47 
ptramo[d] rsync and git are both viable ways to pull or push
# 16:47 
beanbrain yeah, i think what i may end up doing is writing some code to run as a daemon and verify the files i push into the unprivileged ssh user's homedir
# 16:47 
beanbrain then if they pass push them into the site dir
# 16:48 
ptramo[d] Both need to be secured, typically via ssh
# 16:48 
beanbrain but i'll have to sort it after i come back from work tomorrow
# 16:48 
ptramo[d] That seems like a layer of indirection you don't need. I don't see how that's more secure than writing the files directly
# 16:48 
beanbrain well i wouldn't be ssh-ing in as root, that's why
# 16:49 
ptramo[d] You should never ssh as root, but you also shouldn't need root to write to a directory served by your web server
# 16:50 
Loqi yea
# 16:50 
beanbrain the site dir is owned by a user www, but that's not a login user
# 16:50 
beanbrain should i give www the perms to login and ssh?
# 16:50 
aaronpk your site dir doesn't need to be owned by the www user as long as the www user can read it
# 16:51 
ptramo[d] If that's the user running your http server then no
# 16:51 
ptramo[d] Make a new user for writes, make its default group www, and have the files group-readable?
# 16:51 
beanbrain so the login user tim is the only one that has ssh
# 16:52 
beanbrain eh -- i have to go to work now anyway
# 16:52 
Loqi eh has -1 karma over the last year
# 16:52 
aaronpk so make your www folder owned by tim, but readable by all users (755/644)
# 16:52 
beanbrain what is it with ah and eh ??
# 16:52 
beanbrain eh ++
# 16:52 
aaronpk karma++
# 16:52 
Loqi karma has 2 karma over the last year
# 16:52 
ptramo[d] Its minus minus and plus plus
# 16:52 
ptramo[d] They're a way to give and take points of karma
# 16:52 
beanbrain oh -- i thought it was the user
# 16:52 
Loqi oh has -1 karma over the last year
# 16:52 
beanbrain oh ++
# 16:53 
aaronpk lol
# 16:53 
beanbrain nvm i have no more time lol
# 16:53 
beanbrain thanks for your help!
# 16:53 
beanbrain i'll be back tomorrow
# 16:53 
ptramo[d] happy to keep the discussion going whenever
# 16:53 
beanbrain thank you
# 17:02 
[tantek] oh++ because you can't dekarma then pluskarma
# 17:02 
Loqi oh has 0 karma over the last year
# 17:06 
aaronpk there are some...rate limits
gRegor, GuestZero and jeremycherfas joined the channel
# 18:57 
donthatedontkill Hello, all. I normally folllow with slack on work but posting from discord.
# 18:57 
donthatedontkill I have a question that surely other people have dealt with and would have some input.
# 18:57 
donthatedontkill I currently have my site as a github repo that Netlify deploys when it sees pushes. This is obviously fine for text and I want to start publishing photos to my site. With a github profile, as I understand, this would bloat the size, even if I delete old pictures, so my question is : Is anyone else using a github repo/netlify combo? If you post pictures, what did you use a solution for hosting the pictures?
# 18:57 
IWDiscord <d​onthatedontkill>
# 18:57 
IWDiscord <d​onthatedontkill>
# 18:57 
donthatedontkill My first thoughts are a google drive kind of situation that they'd link to, but I wanted to see if anyone else had solutions that didn't involve having my content hosted at google, microsoft, etc. Probably too big of an ask but before I settled, I wanted to exhaust my options. Thanks for any hints/ideas/suggestions you might have!
# 18:58 
catgirlin.space git lfs maybe?
# 18:58 
gRegor what is git lfs
# 18:58 
Loqi Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server https://indieweb.org/git_lfs
# 19:03 
donthatedontkill catgirlin_space0[d]: Yeah, I had seen that. I've never used it though. I see myself posting a decent amount of photos and even with better management, having some issues with repo size but maybe I should just consider that a "deal with it when we get there" kind of problem
# 19:03 
donthatedontkill Thanks for the nudge!
# 19:05 
[snarfed] this has come up before, we should document it on https://indieweb.org/GitHub or nearby
# 19:06 
[snarfed] LFS is good for very large files but it's generally overkill for images. lots of community members here are storing their sites in GH repos, including lots of images at even a few MB each, and it works fine, no LFS or other special hacks
# 19:06 
donthatedontkill [snarfed]: Okay so basically I'm making a bit of a mountain out of a mole hill with his?
# 19:07 
[snarfed] yeah probably
# 19:07 
[snarfed] eg my site has ~1300 image files in https://github.com/snarfed/snarfed.org and it's fine
# 19:07 
[snarfed] oh actually more, that's just the count in the top level dir
# 19:07 
donthatedontkill [snarfed]: Okay, then in that case, I'll just not worry too much about it.
# 19:08 
donthatedontkill [snarfed]: Haha Okay this is ver reassuring
# 19:08 
donthatedontkill *very
# 19:08 
donthatedontkill Rosalina Saige (catgirlin.space)++
# 19:08 
donthatedontkill Adam_Wier[d]: I tried to do the karma thing but I guess I didn"t quite understand how it worked
# 19:09 
donthatedontkill [snarfed]++
# 19:09 
Loqi [snarfed] has 53 karma in this channel over the last year (98 in all channels)
# 19:09 
donthatedontkill Rosalina++
# 19:09 
Loqi Rosalina has 1 karma over the last year
# 19:09 
donthatedontkill In any case, thanks for your help, both of you
# 19:10 
jimw GitHub recommends keeping repositories under 1GB, and under 5GB is strongly recommended. Files have be under 100 MiB and it warns if one is over 50 MiB.
# 19:10 
gRegor [snarfed]++ sounds like a good blog post someone could write and add on there! :)
# 19:10 
Loqi [snarfed] has 54 karma in this channel over the last year (99 in all channels)
# 19:12 
donthatedontkill By the way I second a blog post or addition to the wiki. I looked at the phot page on the wiki before coming here. It seemed the natural place to look (I never though to check the github page) For whatever that's worth
# 19:12 
donthatedontkill jimw: Yeah, that's what started this whole thing for me :/
# 19:20 
jimw Yeah, I think if I had my whole site in GH I'd be well under the 5GB limit, and that's 1700+ photos, so I wouldn't sweat it unless you're particularly prolific with images or videos.
# 19:29 
[snarfed] no parens
[jamietanna] joined the channel
# 20:22 
[jamietanna] Anyone seen issues with Bridgy Fed not loading OK? https://fed.brid.gy/web/www.jvt.me shows "page isn't redirecting correctly" in Firefox 🤔
# 20:23 
[jamietanna] Looking at my feed in IndiePass, I can't see any updates since Tuesday so may have been bust since then?
# 21:00 
capjamesg[d] I see the same in Firefox.
ttybitnik joined the channel
# 21:13 
[jamietanna] On Monday I did a site redesign, not sure if that may have messed anything up? Didn't do anything structural though, only CSS 🤔
# 21:14 
[jamietanna] Seem to see a similar issue in Chrome too
# 21:32 
[jamietanna] More on https://github.com/snarfed/bridgy-fed/issues/1244 (to avoid polluting chat)
# 21:32 
Loqi [preview] [jamietanna] #1244 Bug: infinite redirects on my user page `www.jvt.me`
# 21:40 
[snarfed] whee, the http://www.jvt.me special case strikes again. sorry [jamietanna]! will fix
# 21:45 
[jamietanna] Haha it's fun being the special case to keep you on your toes 😂 ta!
# 23:54 
catgirlin.space curious like, does anyone know of any other websites using rel-sweetheart? found it the other day (i forget how…) and i keep thinking abt it lol https://microformats.org/wiki/rel-sweetheart
# 23:54 
catgirlin.space [edit] curious like, does anyone know of any other websites using rel-sweetheart? found it the other day (i forget how…) and i keep thinking abt it lol https://microformats.org/wiki/rel-sweetheart