<aerth>
to get ssh support, we need ssh multiplexing , a reverse proxy sort of
<aerth>
heres a go library to build an ssh server thats capable of routing all the port 22 to different 127.0.0.1:22000 etc .... https://github.com/gliderlabs/ssh
<JacobWeisz[m]>
The biggest issue you will find is that to get any traffic in and out of apps you will need to make powerbox requests for permission to do so.
<JacobWeisz[m]>
I do not think there's currently an interface for incoming or outgoing traffic via an arbitrary port that doesn't require being a server admin.
<JacobWeisz[m]>
Though there's definitely interest in having that ability.
<aerth>
push files to the app, files include a Procfile which tells how to run the app. the heroku alternative app would run the provided program with PORT=$APP_PORT ./the/app
<aerth>
somehow whatevers powering the http routing would reverse proxy that into its own xxxxxxx subdomain :443 ?
<aerth>
sandstorm-http-bridge
<aerth>
and im interested only about server-admin anyways , as a deploy station
<aerth>
sandoku
<JacobWeisz[m]>
There is an IpNetwork capability that an app can use to get raw IP networking access, which requires you be an admin. No production apps use it at present.
<JacobWeisz[m]>
Ian has a couple old apps that use it that could probably pass as sample code for that.
<aerth>
will look into those, also Gogs and Hugo since they are golang based
<JacobWeisz[m]>
Also https://github.com/zenhack/powerbox-http-proxy is really helpful if you want to make outgoing network requests when packaging an app without making a lot of code changes.
<JacobWeisz[m]>
(Also in Go)
<JacobWeisz[m]>
Basically you run it inside the sandbox, and proxy HTTP requests through it, and it generates the Powerbox requests necessary to permit them.
<JacobWeisz[m]>
Ian does a lot of our recent dev and he likes Go, so you should be good.
<aerth>
this is powerbox? "Click on the "Request Network Access" button, and grant network access in the dialog that sandstorm presents"
<aerth>
i read more xD
<aerth>
could have a help button on each page in the system, takes the /path and can provide wiki for that path
<aerth>
like '/admin/users/invite' i want to revoke a link
<aerth>
more options for the system ui such as hide the Move To Trash button for the grain (too easy to click by accident)
<aerth>
is there app permissions? such as when i provide an app that needs a certain powerbox requests etc, will the user know that its necessary?
<aerth>
oh i see
<aerth>
keybase required to publish app ?
<isd>
aerth: no, the UI will display any keybase accounts linked to your pgp key, but that's all it's used for; you can package apps without it.
<aerth>
awesome
<aerth>
can also grab from github.com/user.gpg (and user.keys for ssh)
<aerth>
go get -v -u zombiezen.com/go/capnproto2@master
<isd>
You want to be using the v3 branch for go-capnp. I would have expected the go.mod to pin that down correctly.
<isd>
Wait, which thing are you trying to build?
<aerth>
anything
<aerth>
go.sandstorm, powerbox-http-proxy
<isd>
What version of Go are you using?
<aerth>
1.15.5
<aerth>
installing capnp and regenerating
<JacobWeisz[m]>
aerth: To answer another question, there is no pre-authorized app permissions, so there's no real notification they're needed prior to... needing them.
<JacobWeisz[m]>
A user can reject the powerbox request, or even substitute an alternate capability in some cases.
<JacobWeisz[m]>
For instance, if your app tries to connect to google.com a user could redirect those requests to notgoogle.com
<JacobWeisz[m]>
If an app depends on outside access it may be good to describe that in the description.
<aerth>
cant believe i pasted make -j6
<aerth>
got 2 cores on this thing
<isd>
Just tried building powerbox-http-proxy in a clean environment (box that previously didn't even have a go toolchain installed) and it worked fine with just git clone/go build. So I'm not sure what to suggest re: the build problems you're seeing.
<aerth>
git clone into where
<isd>
just a subdirectory under $HOME
<aerth>
k
<isd>
It shouldn't matter; the build uses go modules so $GOPATH and such aren't relevant.
<aerth>
yeah works fine on this other machine
<aerth>
what i did to break it was (from within the ~/src/myappname ), i did a manual upgrade of deps, go get -v -u zombiezen.com/go/capnproto2@master or something similar
<isd>
ah, that would do it.
<isd>
Yeah, as I mentioned it expects the v3 branch of go-capnp
<JacobWeisz[m]>
That's good to know, always curious how people find us. :)
<JacobWeisz[m]>
Sandstorm is not the world's fastest development project, but its security model has held up really well over a pretty long time.
<aerth>
i feel like if i listed all the issues i have as github issues it would be stupid. i'll make an etherpad grain
<aerth>
surely someone has eaten the dog food and has better UI / theme or something
<JacobWeisz[m]>
Many likely have issues already! ;) But if you want to start with an Etherpad grain, do share!
<aerth>
whos got it
<JacobWeisz[m]>
It's always great to get feedback from someone new to the project.
<aerth>
the /grain menu with batch buttons
<JacobWeisz[m]>
Heh, there's an in progress PR to add batch grain backup.
<aerth>
major sections add to /admin/personalization
<aerth>
like all kinds of stuff
<JacobWeisz[m]>
I definitely think there's a lot of room for shell/UI features.
<aerth>
thats all really. this shit is awesome
<JacobWeisz[m]>
I want dark mode, because now that GitHub has it, almost all light screens have been purged from my life.
<aerth>
everything works, just need more control of how everything looks
_whitelogger has joined #sandstorm
DanC has quit [Quit: ZNC 1.6.6+deb1ubuntu0.2 - http://znc.in]
DanC has joined #sandstorm
<kentonv>
oh no, a major meteor update. I wonder what will break this time?
<isd>
I've got the csp report-to hackery I talked about a while back about half written. Hopeful It'll get done sometime in the next couple weeks.
<JacobWeisz[m]>
woo!
<kentonv>
new release is out, with OpenID Connect
<isd>
Nice.
NekoIncardine has joined #sandstorm
<NekoIncardine>
Good afternoon. I'm, uh, new to this obviously. Right now, I'm looking into options to run a Sandstorm instance for a couple purposes (Wekan, in particular). HOPEFULLY not going to actually have any questions but since I'm already on Freenode I saw no reason not to load this up in case I do.
<isd>
Welcome!
<JacobWeisz[m]>
Hey :)
<NekoIncardine>
Hmm. Are there known issues with using Dreamcompute for Sandstorm (via Sandcats)? Googling is throwing me a bit off, I'm seeing a dedicated script that looks to be a full install but for the Dev Sandcats environment
<JacobWeisz[m]>
Sandcats is our dynamic DNS service.
<JacobWeisz[m]>
You can set up Sandstorm using Sandcats and then reconfigure it to use your own domain.
<NekoIncardine>
Noted. But no problems with Dreamcompute in-and-of-itself, it seems? So I'll just... Create the server and give this a go
<TimMc>
Hmm, just deleted 200 MB of mongo log files out of sandstorm, dating back to 2015. It doesn't look like there's a cap.
<TimMc>
updater.log doesn't get cleared out either, but grows much more slowly. :-)