#tor-meeting log

16:01:05 <shelikhoo> #startmeeting tor anti-censorship meeting
16:01:05 <shelikhoo> here is our meeting pad: https://pad.riseup.net/p/r.9574e996bb9c0266213d38b91b56c469
16:01:05 <shelikhoo> editable link available on request
16:01:05 <MeetBot> Meeting started Thu Mar 20 16:01:05 2025 UTC.  The chair is shelikhoo. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:01:05 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
16:01:21 <meskio> hello
16:01:24 <shelikhoo> hi~hi~
16:03:07 <cohosh> hi
16:05:09 <shelikhoo> okay let's start the meeting
16:05:23 <shelikhoo> I didn't see a lot of new topics
16:05:28 <shelikhoo> the first topic is from me
16:05:34 <shelikhoo> Snowflake Staging Server & rdsys containerization
16:06:00 <shelikhoo> the context was that both rdsys and snowflake staging server is considering using container to automate the deployment
16:06:14 <shelikhoo> https://gitlab.torproject.org/tpo/tpa/team/-/issues/41769
16:06:32 <shelikhoo> https://gitlab.torproject.org/tpo/tpa/team/-/issues/42080
16:06:53 <shelikhoo> and we are facing some constrains with existing systems
16:07:17 <shelikhoo> the most notable one is that from each branch, it is not possible to create more than one matching host name
16:07:54 <shelikhoo> This does not work really well with snowflake as both server and broker will need their own domain name
16:08:14 <shelikhoo> otherwise, there will be an need of additional router in front of it
16:08:19 <meskio> do they have conflicting API paths? could we expose both in the same domain name?
16:08:30 <shelikhoo> in theory we could
16:08:39 <shelikhoo> but a custom router will be needed
16:09:08 <shelikhoo> at least only the server accepts websocket connection
16:09:20 <shelikhoo> my current plan is try to not reinvent any wheel
16:09:31 <meskio> sure
16:10:03 <shelikhoo> by setup a rootless-kubernetes + acme hosting system
16:10:12 <shelikhoo> and interact with it using terraform
16:10:28 <shelikhoo> so deployments can be automated
16:10:41 <shelikhoo> with standardized tools
16:10:51 <meskio> that sounds like a lot of work to setup and maintain, but I have no experience with kubernetes
16:11:04 <shelikhoo> and currently the rootless-kubernetes + acme hosting system is done
16:11:28 <meskio> ohh, you already setup kubernetes?
16:12:06 <shelikhoo> I was trying to get terraform to work with deploying snowflake
16:12:08 <shelikhoo> yes it took maybe 2 days of experiment
16:12:13 <shelikhoo> but it is already running now without root
16:12:29 <shelikhoo> with acme to renew wildcard certificate
16:13:10 <shelikhoo> and currently experimenting with terraform files to deploy snowflake servers
16:13:44 <shelikhoo> my question was is this a setup we are looking forward to
16:14:38 <shelikhoo> or I should maybe try with something like podman compose, which is not really standardised
16:14:48 <meskio> from one side I'm worried no one besides you might be able to fix it
16:15:01 <meskio> and I think everybody in the team knows docker/podman compose
16:15:30 <meskio> I know TPA wants to support kubernetes in the future, so this setup might be migratable to their kubernets once it exists
16:15:33 <cohosh> how difficult is it to learn how to use?
16:15:34 <meskio> but that might take years
16:15:59 <cohosh> like if you set everything up, will it take a long time for us to learn how to deploy different versions of snowflake/rdsys?
16:16:17 <shelikhoo> I think once there is a manual, it is not hard to get started
16:16:36 <shelikhoo> with terraform it should just take few min to learn
16:16:37 <shelikhoo> but =
16:16:48 <shelikhoo> if there is a need to change certain configuration
16:17:12 <shelikhoo> like adding a new component
16:17:24 <shelikhoo> then it will take a few days to learning, I think
16:17:32 <meskio> (rdsys can live with one domain for staging, I was planning to use docker-compose and the TPA system for it)
16:17:39 <shelikhoo> yes
16:18:47 <cohosh> i'm not opposed to trying out this system you built for snowflake shelikhoo
16:18:56 <shelikhoo> so we are not objecting it, right now, but more information is needed
16:19:09 <cohosh> we wouldn't have the change the rdsys staging deployment right?
16:19:35 <meskio> I think this is specific for snwoflake
16:19:36 <shelikhoo> no, snowflake and rdsys don't have to use the same system
16:19:54 <meskio> but might make sense to have homogenety on how we do staging
16:20:02 <shelikhoo> thanks, cohosh.
16:20:14 <meskio> let's try your system out
16:20:23 <cohosh> in that case, it could be interesting to try it out then, i mostly don't want it to be a big maintenance cost considering we're outside of TPA's scope
16:20:37 <cohosh> but it could be fun to try something different and compare the setups
16:20:45 <shelikhoo> I will keep experimenting with it and once it is ready for showcase, I will let everyone know
16:20:46 <shelikhoo> yes
16:20:57 <meskio> nice
16:21:07 <shelikhoo> I have designed it to be very automate-able
16:21:29 <shelikhoo> yes, I think this topic is finished
16:21:56 <shelikhoo> now there is a interesting link:
16:21:59 <shelikhoo> https://github.com/doudoulong/Minecruft-PT/blob/main/README.md#tor-browser-traffic-tunneling
16:22:32 <shelikhoo> anything discussion about this minecraft pt?
16:23:35 <meskio> not from me
16:23:41 <shelikhoo> okay
16:24:05 <shelikhoo> anything we would like to discuss today?
16:24:12 <shelikhoo> anything more we would like to discuss today?
16:24:30 <cohosh> does anyone want to do a reading group for two weeks from now?
16:24:52 <meskio> sure
16:25:04 <shelikhoo> yes
16:25:07 <meskio> any proposals?
16:25:37 <meskio> I recal this paper from a previous interesting links: https://arxiv.org/abs/2409.06247
16:25:55 <cohosh> yeah i've read that one, it's interesting
16:25:58 <cohosh> i'd like to discuss it
16:26:22 <meskio> then let's do that one in two weeks
16:26:55 <meskio> April 3
16:27:14 <shelikhoo> yes!
16:27:56 <shelikhoo> anything more we would like to discuss?
16:28:03 <cohosh> not from me
16:28:25 <shelikhoo> #endmeeting