15:49 <DanC> goal: share cap-talk archives via roundcube on sandstorm.

15:50 <DanC> problem: roundcube upload UI (a) requires uploading one file at a time, and (b) requires uncompressed mbox archives

15:50 <DanC> meanwhile, Davros lets me upload all the files in one go, and doesn't care that they're compressed

15:51 <DanC> so: how do I glue them together? How could I adapt the roundcube upload UI to slurp from Davros?

15:51 <DanC> and how could I interpose an unzip service?

15:55 <DanC> for reference: Davros grain: https://oasis.sandstorm.io/shared/AQUq4WtA_dy_XX9S7Na07OGuzjobs8g1OivTFW2kogp

15:56 <DanC> and roundcube grain: https://oasis.sandstorm.io/shared/p0OpavxytnzQLycFTkXswM53FyTvV_pEzYmfLmhkF6c

15:56 <DanC> hmm... roundcube doesn't have read-only facets?

15:57 <DanC> so I just authorized everybod to send mail in my name? better revoke that one...

15:58 <DanC> revoked.

16:32 <TimMc> heh

16:33 <TimMc> DanC: It would probably be easier to adapt roundcube to allow multi-upload than to adapt it to read from davros grains.

16:51 <DanC> sure, but where's the fun in that?

17:44 <drphish> Hello sandstorm peoples. Just set up an offline server and want to give it minimal internet access, just leaving update capabilities. Is there a whitelist of update server IPs or DNS entries? I can't find anything...

17:45 <drphish> or is there a config file in /opt/sandstorm I can schlep it out of?

17:49 <drphish> also, unrelated I'm getting "failed to install app" "getaddrinfo EAI_AGAIN" installing etherdraw

17:50 <drphish> either from install button or manual upload

18:52 <drphish> Is this not the best place to ask these questions?

18:52 <simpson> drphish: This channel seems like a good place for your questions but I don't know any answers, sorry.

18:56 <drphish> ah ok, thanks. wasn't sure if this was a support forum as well as a watercooler

19:16 <drphish> only activity I can see on a manual update is a curl connection to https://install.sandstorm.io/dev?from=214&type=manual in what looks like an available version check (returns 214)

19:16 <drphish> looks to be hardcoded in the sandstorm binary

19:16 <Anthropy> not sure where sandstorm pulls updates from, but the error you get is because if you install apps from the app marketplace thing it'll basically just get a POST request after which it'll go fetch the app

19:16 <drphish> install,sandstorm.io resolves to 107.178.223.140 with a PTR to 140.223.178.107.bc.googleusercontent.com

19:17 <drphish> so probably dyanmic in a google farm, even assuming that's the only IP it needs to talk to

19:17 <Anthropy> sounds like it, I think they host oasis and the website on google app engine? the main dev is an ex google employee so he leans on google services a lot

19:18 <drphish> OK, thanks, thats a good hint. I might just need to block it off completely and log traffic until I know what it talks to

19:19 <drphish> and going back to the etherdraw error: I get that error post-download, and even if I do a manual download and install

19:19 <digitalcircuit> drphish, you might find https://docs.sandstorm.io/en/latest/administering/offline/ helpful, too. Pardon if you already found this.

19:21 <drphish> Yah that was the document I was working off of. The only thing they say regarding online updates is " sandstorm.io's servers", which doesn't translate into a very good firewall rule...

19:23 <Anthropy> well, if you whitelist sandstorm.io and *.sandstorm.io.. I mean, unless you want IP addresses, but those are all probably going to be round robin rules, perhaps with dynamic allocated IPs because cloud stuff, idk if you can really whitelist those on IP basis..

19:23 <Anthropy> you could make sandstorm connect through a proxy though I think, and otherwise completely close all outgoing traffic

19:24 <digitalcircuit> drphish: Ah, noted.

19:24 <Anthropy> if you run something like squid + squidguard on a separate machine (or setup pfsense or alike) you could not only control what domains it visits but also log every visit

19:24 <Anthropy> and you could turn off the proxy server if it doesn't need updates etc :)

19:46 <drphish> That might be the way to go. (I'm running mainline pf on openbsd on my router)

19:47 <drphish> problem with dns entries is they are only resolved at rule parsing time, but I can use dynamic lists and some scripts

19:48 <drphish> I was hoping to keep the IP list down to a few known static entries, but if that's not possible this is probably the next best thing

20:33 <TimMc> With the move to The Cloud[TM] at work, we've had a number of disappointed customers who were hoping for a whitelist of static IPs when accessing our servers. Sorry, it's out of our hands...

20:34 <simpson> Soon we won't have to handle IP addresses.

20:35 <TimMc> ?

22:18 <samba_> Hi, how can I restore/migrate just the user/auth data from an old sandstorm instance ?