DasSkelett
Repos
45
Followers
13
Following
2

The Comprehensive Kerbal Archive Network

1587
324

Current Codebase (Python /Flask)

66
31

NetKAN Infrastructure Repo

3
4

Validate the KSP-AVC .version file of your mod for correct syntax and against the schema!

2
0

Metadata files used by the NetKAN/CKAN indexer

67
328

Metadata files for the CKAN

59
183

Events

issue comment
curl segfaulting since build on 2022-11-23

Looks like this got fixed with the 2022-11-27 build. 2022-11-23 to 2022-11-26 were broken.

If you still want to investigate it:

  • Yes, the segfault occurs reliably on every attempt
  • The segfault occurs in all three variants, quiche, ngtcp2, msh3.
  • Happens both in GitLab CI, and my amd64 Ubuntu 22.04 machine
  • https://nginxquic:443 corresponds to a container from my self-built nginx-quic image, see https://gitlab.com/DasSkelett/nginx-quic-docker and https://gitlab.com/DasSkelett/nginx-quic-docker/container_registry/3108222 However using e.g. google.com causes the failure as well

The following reproduces it reliably for me:

docker run -it --rm --network=host ghcr.io/unasuke/curl-http3:quiche-2022-11-24 bash

# Inside container:
curl --http3 -v --insecure https://google.com
# Segmentation fault (core dumped)

Whereas replacing --http3 with --http2 or removing it entirely works perfectly fine, so it only affects QUIC/HTTP3.

Created at 5 hours ago
opened issue
curl segfaulting since build on 2022-11-23

Hey, it looks like something is wrong with the current builds. In all three variants, the curl binary in the image is crashing when using it:

# Container image ghcr.io/unasuke/curl-http3:quiche-latest from 2022-11-24
$ curl --http3 -v --silent --insecure "https://nginxquic:443"
/usr/bin/bash: line 138: 11 Segmentation fault (core dumped) curl --http3 -v --silent --insecure "https://nginxquic:443"

The actions in this repository also fail: https://github.com/unasuke/curl-http3/actions/runs/3528141977/jobs/5918021225

Created at 4 days ago
Provide an official upgrade path from MySQL to PostgreSQL

The guide from @denistorresan worked very well, thank you so much!

We only had to delete these two stray columns from the MariaDB database for pgloader to run successfully, which should have been removed in a migration some time before, but apparently haven't:

ALTER TABLE SharedChannelRemotes
        DROP COLUMN description,
        DROP COLUMN nextsyncat;

Then when starting Mattermost, it complained about duplicate key constraint violations during the migration of the db_migrations column (meta-migration :P), we just did a

DELETE FROM public.db_migrations;

which fixed it.

Created at 5 days ago

update graylog-sidecar to 1.2

fix apt for hetzner instances

update unattended-upgrades to new config version

Add social.ffmuc.net to nginx and nebula

Increase Telegraf ping interval to 1m, track nodes-online.conf

Nebula & Nebula meet config

Merge pull request #115 from freifunkMUC/fixes

Fixes

NGINX configuration fixes

Merge pull request #116 from freifunkMUC/fixes

NGINX configuration fixes

Fix apt repo key for graylog & icinga

black reformat

Merge pull request #117 from freifunkMUC/fixes

Fix apt repo key for graylog & icinga

Created at 5 days ago
issue comment
Wrong image tag used in docker-compose.yml

Is it, though? Once we push a new release (there already are some: https://github.com/freifunkMUC/wgkex/releases), the image should be tagged as :latest as well, right?

Created at 1 week ago
Add Barney's Server to dedicated server list

You can setup dynamic DNS if you still want to have your server listed as dedicated. But in the end it might not be worth the trouble, the only advantage is the colour of the text in the server list ^^

Created at 1 week ago
Add Barney's Server to dedicated server list

I put a password on since I'm using Infernal Robotics.

I see. For modded servers we make exceptions, since you might want to tell people the mod list beforehand, but under the condition that a contact point is linked as website. You seem to be linking your Discord server there, so that would be fine. If you want you can set the password again, but please give it to everyone who asks after sharing the mod list, as dedicated servers are supposed to be public servers, accessible for everyone.

Now, your IP address doesn't appear to be static. First you've pushed 105.186.136.180:8800, then 105.187.231.170:8800, but now I see 105.184.178.179:8800 in the server list. You either need a static IP address, or working (!) DynDNS to host a dedicated server, can you set it up and list the domain instead?

Created at 1 week ago
Add Barney's Server to dedicated server list

This won't work. We need your public IPv4 address.

Please also have a read here: https://github.com/LunaMultiplayer/LunaMultiplayer/wiki/Dedicated-server Your server is currently password protected, why is this? Are you sure you want to mark your server as dedicated server?

Created at 1 week ago
Add Barney's Server to dedicated server list

https://en.wikipedia.org/wiki/Private_network

Created at 1 week ago

Bump python from 3.10.7-bullseye to 3.11.0-bullseye

Bumps python from 3.10.7-bullseye to 3.11.0-bullseye.


updated-dependencies:

  • dependency-name: python dependency-type: direct:production update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] support@github.com

Merge pull request #94 from freifunkMUC/dependabot/docker/python-3.11.0-bullseye

Bump python from 3.10.7-bullseye to 3.11.0-bullseye

Refactor tests to allow running trough cmdline unittest

Use Config class over raw dict everywhere

Publish worker metrics and data, assign gateways to clients

  • Workers publish their number of connected peers per domain
  • Workers publish their status, i.e. up or down
  • The new /api/v2/exchange endpoint returns a predetermined gateway endpoint for clients
  • This gateway is chosen based on weighted loadbalancing between online workers/gateways
  • Fetch worker data through netlink and publish with MQTT:
    • Read worker pubkey, port and link address from interface.
    • Publish it together with the external domain / address (read from the config file) via MQTT to the broker.

Add more tests for broker/metrics.py

Add more tests for worker/netlink.py

Add more tests for worker/mqtt.py

Created at 1 week ago

Fix nil pointer dereference without SessionStore config

Merge pull request #271 from DasSkelett/fix/no-sessionstore

Created at 1 week ago
DasSkelett create tag v0.8.2
Created at 1 week ago
DasSkelett delete branch fix/no-sessionstore
Created at 1 week ago

Fix nil pointer dereference without SessionStore config

Merge pull request #271 from DasSkelett/fix/no-sessionstore

Created at 1 week ago
pull request closed
Fix nil pointer dereference without SessionStore config

Fixup of #263

Similar error to https://github.com/freifunkMUC/wg-access-server/pull/259#discussion_r1014868820, unfortunately I missed this one.

If sessionStore isn't specified at all in the config, AuthConfig.SesstionStore is nil (as it is a pointer), and needs to be checked for nil-ness first before accessing its member Secret.

Created at 1 week ago

Fix endpoint change condition tree

Created at 1 week ago

Fix endpoint change condition tree

Created at 1 week ago
pull request opened
Fix nil pointer dereference without SessionStore config

Fixup of #263

Similar error to https://github.com/freifunkMUC/wg-access-server/pull/259#discussion_r1014868820, unfortunately I missed this one.

If sessionStore isn't specified at all in the config, AuthConfig.SesstionStore is nil (as it is a pointer), and needs to be checked for nil-ness first before accessing its member Secret.

Created at 1 week ago
DasSkelett create branch fix/no-sessionstore
Created at 1 week ago

feat: require claim to be present to allow access to the user

feat: specify stable session cookie secret for HA setup

Update cmd/serve/main.go

Co-authored-by: DasSkelett dasskelett@gmail.com

Update docs/4-auth.md

Co-authored-by: DasSkelett dasskelett@gmail.com

Merge pull request #259 from nextsux/require-claim-to-allow-access

  • Require claim to be present to allow access to the user

Closes https://github.com/freifunkMUC/wg-access-server/issues/200

Merge pull request #263 from nextsux/nexus/stable-session-secret

  • feat: specify stable session cookie secret for HA setup
Created at 1 week ago

feat: specify stable session cookie secret for HA setup

Update docs/4-auth.md

Co-authored-by: DasSkelett dasskelett@gmail.com

Merge pull request #263 from nextsux/nexus/stable-session-secret

  • feat: specify stable session cookie secret for HA setup
Created at 1 week ago
pull request closed
feat: specify stable session cookie secret for HA setup

When running multiple replicas in kubernetes users are getting "no session" error when trying to authenticate. It's caused by random session cookie secret generated differently for each POD.

Created at 1 week ago

feat: require claim to be present to allow access to the user

Update cmd/serve/main.go

Co-authored-by: DasSkelett dasskelett@gmail.com

Merge pull request #259 from nextsux/require-claim-to-allow-access

  • Require claim to be present to allow access to the user

Closes https://github.com/freifunkMUC/wg-access-server/issues/200

Created at 1 week ago
Adding a 'user' claim similar to the 'admin claim for OIDC

This would restrict users for being able to access the interface at all unless they have a specific group assigned!

Created at 1 week ago
pull request closed
Require claim to be present to allow access to the user

This PR should allow admin to require OIDC claim to be present for user to be able to access wg-access-server.

Closes #200

Created at 1 week ago