[07:23] <jamespage> coreycb: I took the decision to demote python3-redis to a suggests for python-tooz at runtime - the new version was pulling in extra deps and I know we don't make use of this backend by default
[11:57] <ahasenack> sarnold: great points!
[11:57] <ahasenack> I will show other methods too, like netplan and perhaps systemd-networkd
[11:58] <ahasenack> I'll go over them in detail now
[12:04] <ahasenack> reboot, brb
[12:17] <coreycb> jamespage: sounds good, thanks
[12:18] <jamespage> np
[12:27] <athos> sergiodj: o/ FYI sbcl bootstrap is complete. I am now (no-change) rebuilding the reverse dependencies so we get them in ppc64el as well
[13:17] <sergiodj> athos: awesome!
[13:50] <holmanb> ahasenack: Just a quick comment about peer-to-site-wg-on-router.md, which has the following statement: "Of course, this setup is only possible if you can install software on the router. Most of the time, when it's provided by your ISP, you can't. But some ISPs allow their device to be put in a bridge mode, in which case you can use your own device (a computer, or a Raspberry PI, or something else) as the routing device."
[13:51] <ahasenack> holmanb: yes?
[13:51] <holmanb> Since this is in the context of home networks, I think a comment about port forwarding would make sense here. 
[13:51] <ahasenack> holmanb: when it's on the router itself, port forwarding isn't necessary. It is in the next section, though, where I will talk about installing wg on some existing device inside the network
[13:53] <ahasenack> if you put the ISP-provided router in bridge mode, and use, say, a pi4 as the gateway, the "real" ipv4 address will be on the pi4
[13:53] <ahasenack> so again, no port forwarding necessary
[13:57] <holmanb> Right, I understand that it is not necessary from a technical point of view in that case. I wanted to make a comment because managing a home firewall exposed to the internet in place of an ISPs device and port forwarding through an isp's device to a pi4 wireguard server just have different attack surfaces (and levels of required maintenance), so I thought it was worth mentioning both for the user to decide what they think is 
[13:57] <holmanb> best.
[13:57] <holmanb> But it sounds like you'll have a section on that anyways. I just didn't see mention of it in that document so wanted to bring it up
[17:16] <FortunateSon> hello all!  I'm looking for a good tutorial (preferably text) on setting up a samba share with active directory backend authentication on ubuntu 14. (its old, I know) My google-fu is failing me.  Any help is appreciated.
[17:23] <sarnold> hmm, looks like the wayback machine doesn't have any captures of the docs page from that era
[17:38] <genii> This tutorial is still around https://www.server-world.info/en/note?os=Ubuntu_14.04&p=samba&f=4
[18:56] <ahasenack> holmanb: correct, it's to be written yet. THere is a place holder for it in that git repo, but just with some thoughts for now
[18:56] <ahasenack> thanks for the reminder, I'll definitely cover port forwarding
[20:48] <holmanb> ahasenack: +1 sounds good, thanks!
[21:26] <ahasenack> I'm confused, shouldn't this chgrp have worked? https://pastebin.ubuntu.com/p/k4B7Vqzy4t/
[21:28] <znf> why would the user `syslog` have the rights to change the group to `adm` ?
[21:29] <ahasenack> because the syslog user is a member of the adm group
[21:31] <ahasenack> works on jammy: https://pastebin.ubuntu.com/p/K97GcT63fC/
[21:31] <ahasenack> earlier was a focal container on a jammy host, I'm trying a real focal vm now just for kicks
[21:32] <ahasenack> heh, in a focal vm it worked
[21:32] <ahasenack> wth
[21:32] <ahasenack> why do I keep finding the odd ones
[21:32] <ahasenack> sarnold: any idea on the above? My first pastebin?
[21:32] <ahasenack> focal lxd on jammy host
[21:33] <ahasenack> found it because I noticed my focal lxd had /var/log/syslog (the file) as syslog:syslog, instead of the usual syslog:adm
[21:33] <ahasenack> and presto, rsyslogd was complaining in the log that it couldn't change the ownership of /var/log/syslog
[21:41] <ahasenack> hm, I'm seeing that in all my containers
[21:43] <sdeziel> ahasenack: I cannot reproduce on either Focal nor Jammy containers (with LXD 5.0 snap and HWE kernel 5.15 if that matters)
[21:43] <ahasenack> thx
[21:43] <ahasenack> wondering if /etc/sub{uid,gid} might be involved
[21:44] <sdeziel> ahasenack: I'm not tweaking those but LXD's snap doesn't use them AFAIK
[21:47] <ahasenack> sdeziel: what kernel is the host on?
[21:47] <ahasenack> I have 5.15.0-41
[21:47] <ahasenack> (running)
[21:47] <ravage> i have that running too
[21:48] <ravage> downloading the focal container. can test it in a minute
[21:49] <sdeziel> ahasenack: same kernel (5.15.0-41-generic #44~20.04.1-Ubuntu)
[21:49] <ravage> works just fine in focal
[21:49]  * ahasenack scratches head
[21:49] <ahasenack> at least it will be some interesting troubleshooting
[21:49] <sdeziel> ahasenack: I have `snap list lxd` 5.0.0-b0287c1  22923
[21:50] <ravage> lxd   5.3-91e042b  23270  latest/stable  canonical✓  
[21:52] <ravage> (jammy works too)
[21:53] <ahasenack> same here
[21:53] <ahasenack> this is a fresh jammy install, from last Sunday
[21:54] <ahasenack> it's not just a focal lxd, looks like any lxd that I'm creating fresh
[21:54] <ahasenack> telltale is /var/log/syslog owned by syslog:syslog instead of syslog:adm
[21:54] <ahasenack> weird
[21:54] <ahasenack> and interesting
[21:55] <ahasenack> https://pastebin.ubuntu.com/p/qHcjGXJ4tp/
[21:56] <ahasenack> 972   fchownat(AT_FDCWD, "/var/log/syslog", -1, 4, 0) = -1 EPERM (Operation not permitted)
[21:56] <ahasenack> fascinating
[21:57] <ahasenack> # sudo -u syslog id
[21:57] <ahasenack> uid=104(syslog) gid=111(syslog) groups=111(syslog),4(adm)
[21:57] <ahasenack> it's 7pm here, I'll think about it tomorrow
[21:57] <ahasenack> cya
[21:58] <ravage> bye
[21:58] <ahasenack> ohh
[21:58] <ahasenack> found something
[21:58] <ahasenack> even weirder
[21:58] <ravage> heh
[21:59] <ahasenack> ah, n/m
[21:59] <ahasenack> mistake
[21:59] <ahasenack> as I said, 7pm
[22:28] <sarnold> ahasenack: wow, sorry I missed your chgrp question -- that's *really* confusing though :) good job :)