Because forgejo's ssh isn't for a normal ssh service, but rather so that users can access git over ssh.
Now technically, a bastion should work, but it's not really what people want when they are trying to set up git over ssh. Since git/ssh is a service, rather than an administrative tool, why shouldn't it be configured within the other tools used for exposes services? (Reverse proxy/caddy).
And in addition to that, people most probably want git/ssh to be available publicly, which a bastion host doesn't do.
So, I'm not gonna pretend flatpak doesn't use more space then normal apps, but due to deduplication (and sometimes filesystem compression), flatpaks often use less space than people think.
[nix-shell:~/Playables/chronosphere]$ sudo /nix/store/xdrhfj0c64pzn7gf33axlyjnizyq727v-compsize-1.5/bin/compsize -x /var/lib/flatpak/
Processed 49225 files, 21778 regular extents (46533 refs), 22188 inline.
Type Perc Disk Usage Uncompressed Referenced
TOTAL 53% 898M 1.6G 3.6G
none 100% 499M 499M 1.0G
zstd 34% 399M 1.1G 2.6G
[nix-shell:~/Playables/chronosphere]$ du -sh /var/lib/flatpak/
1.7G /var/lib/flatpak/
I only have one flatpak app installed, and du
says that takes up 1.7 GB of space... but actually, when using a tool that takes up BTRFS transparent compression into account, only half of that space is used on my disk.
I recommend using compsize for a BTRFS compression aware version of du
and flatpak-dedup-checker
for a flatpak filesystem deduplication aware checker of space used.
I think flatpak absolutely does use up more space, because yes, it is another linux distro in your distro. But I think that's a tradeoff people accept in order to have a universal package manager for graphical apps.
Also, you can flatpak cli tools. They are just difficult to run at first because you have to do the flatpak run org.orgname.appname
thing, but you can alias that to a short command. Here is a flatpak of micro, a terminal based text editor.
(I prefer nix for cli tools though, and docker/podman/containers for services).
So based on what you've said in the comments, I am guessing you are managing all your users with Nixos, in the Nixos config, and want to share these users to other services?
Yeah, I don't even know sharing Unix users is possible. EDIT: It seems to be based on comments below.
But what I do know is possible, is for Unix/Linux to get it's users from LDAP. Even sudo is able to read from LDAP, and use LDAP groups to authorize users as being able to sudo.
Setting these up on Nixos is trivial. You can use the users.ldap set of options on Nixos to configure authentication against an external LDAP user. Then, you can configure sudo
After all of that, you could declaratively configure an LDAP server using Nixos, including setting up users. For example, it looks like you can configure users and groups fro the kanidm ldap server
Or you could have a config file for the openldap server
RE: Manage auth at the reverse proxy: If you use Authentik as your LDAP server, it can reverse proxy services and auth users at that step. A common setup I've seen is to run another reverse proxy in front of authentik, and then just point that reverse proxy at authentik, and then use authentik to reverse proxy just the services you want behind a login page.
The solution to what you want is not to analyze the code projects automagically, but rather to run them in a container/virtual machine. Running them in an environment which restricts what they can access limits the harm an intentional --- or accidental bug can do.
There is no way to automatically analyze code for malice, or bugs with 100% reliability.
OP is on OpenWRT (a router distro), and Alpine. Those distros don't come with very much by default, and perl is not a core dependency for any of their default tools. Neither is python.
Based on the way the cosmo project has statically linked builds of python, but not perl, I'm guessing it's more difficult to create a statically linked perl. This means that it's more difficult to put perl on a system where it isn't already there, and that system doesn't have a package manager*, than python or other options.
*or the the user doesn't want to use a package manager. OP said they just want to copy a binary around. Can you do that with perl?
Not quite a scripting language, but I highly recommend you check out cosmo for your usecase. Cosmopolitan, and/or Actually Portable Executable (APE for short) is a project to compile a single binary in such a way that is is extremely portable, and that single binary can be copied across multiple operating systems and it will still just run. It supports, windows, linux, mac, and a few BSD's.
https://cosmo.zip/pub/cosmos/bin/ — this is where you can download precompiled binaries of certain things using cosmo.
From my testing, the APE version of python works great, and is only 34 megabytes, + 12 kilobytes for the ape elf interpreter.
In addition to python, cosmopolitan also has precompiled binaries of:
And a few more, like tclsh, zsh, dash or emacs (53 MB), which I'm pretty sure can be used as an emacs lisp intepreter.
And it should be noted these may require the ape elf interpeter, which is 12 kilobytes, or the ape assimilate program, which is 476 kilobytes.
EDIT: It also looks like there is an APE version of perl, and the full executable is 24 MB.
EDIT again: I found even more APE/cosmo binaries:
Addictive arcade game about archery. Reminds me of flappy bird, not in the raw mechanics, but in the way they are both addicting in the same manner.
Simple bike racing game, although the player is very fragile, which adds some difficulty. Playable in browser.
All the maps are user created content.
This site has a few high quality browser games. The one I come back to is X Type, a bullet hell shoot-em up that has ever expanding enemy ship sizes, and never ends. It gets hard fast.
I also like Xibalba, which is a Doom/Wolfenstein style game playable in the browser.
The creator also did a rewrite of quake in 13 kb of javascript
@moonpiedumplings
@programming.dev