While testing the multi-runner setup I discovered containers started by the runner user could not invoke Docker. The base image lacked the docker.io package and the user was missing membership of the docker group. The Dockerfile.ubuntu-runner now installs Docker and ensures the runner user belongs to the docker group so each containerised runner can start sibling containers without needing root: @@ -RUN apt-get update && apt-get install -y \ - curl git jq sudo nodejs npm \ - libicu70 libssl-dev libcurl4-openssl-dev \ +RUN apt-get update && apt-get install -y \ + curl git jq sudo nodejs npm \ + libicu70 libssl-dev libcurl4-openssl-dev \ + docker.

Introduction Running dozens of self-hosted GitHub Actions runners can quickly become a management headache. Maintaining separate Docker images for each runner and rebuilding them when GitHub updates the runner software burns time and storage. By leveraging one privileged Docker-in-Docker (DinD) container as a supervisor we can host many lightweight runner containers inside it. This approach isolates configuration per runner, keeps updates simple and avoids rebuilding the entire image each time a new runner version drops.

In my earlier posts I uploaded Sieve filters straight to the server using GitHub Actions. That worked well until a typo slipped through and broke my inbox. To catch those mistakes before deploying I created a small Rust project that runs my Sieve rules against a set of example messages. The tests run locally and in pull requests so I can fix issues early. Project layout The test harness lives in a new Cargo project.

In the previous post on deploying Sieve filters to Stalwart using JMAP the workflow always created a new script. After some testing I realised it should update the existing script when one already exists. Below is the corrected workflow. name: Deploy to Stalwart "on": push: paths: - 'stalwart.sieve' branches: - main workflow_dispatch: jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Install tools run: | sudo apt-get update sudo apt-get install -y jq - name: Upload via JMAP env: STALWART_JMAP_URL: ${{ vars.

When running an email server you often want rules that sort incoming mail into folders or handle it automatically. The standard way to do this on the server is with Sieve scripts. Sieve is a simple language defined in RFC 5228 for mail filtering. It lets you match on message headers or other properties and then file, forward or discard mail without needing any user client online. Keeping such a script in version control makes it easy to track changes and to reuse the same rules across servers.

I ended up setting my own Matrix server on my synology. However, it occurred to me that if Synology were to adopt open standards their provided apps, like Synology Chat would be substantially more useful. Especially since they have built out encryption in a similar way to how it works in Matrix, least at the surface level. Plus they would get a much larger user base. – Even if it was a couple specs behind it would be quite useful as it would effectively be a managed deploy for me.

Lately I have been a bit obsessed with a communications protocol: Matrix. While I haven’t done too much with it directly. I did attempt to read the spec etc. However, it seems a bit … large for what it is. I have been using a couple Matrix clients and a couple matrix servers/services. Namely, Beeper is the primary one. I do enjoy Beeper, and support what Beeper is attempting to accomplish.

A while back I added golangci-lint to the github actions of all my projects. I never got around to insuring that they all have compliance, which means a lot of my projects look like this: Which is fine. It’s about gradual improvement when I have time and I am able. However the thing that bugs me about linters is that they have ego creep. WHere it moves away from being about reducing the chance of errors happening, into a world of insuring there are the correct number of new lines between functions.

Tried to use Kdenlive to install some packages via pip (I didn’t want to but that’s what it offered) finally got a good rejection! error: externally-managed-environment × This environment is externally managed ╰─> To install Python packages system-wide, try apt install python3-xyz, where xyz is the package you are trying to install. If you wish to install a non-Debian-packaged Python package, create a virtual environment using python3 -m venv path/to/venv. Then use path/to/venv/bin/python and path/to/venv/bin/pip.

Looks like I have been inspired by this blog on the old web

KDE’s Discover… I find this KDE application really annoying. I understand what it’s trying to do. But it just feels: Too slow in comparison to the CLI It hides too much information Previous errors Packages that are being updated In settings, it doesn’t show the URLs or anything advanced for the repo It requires too much waiting between actions, it does very little async Error messages are showing as UI blocking “notification” then disappear, there doesn’t seem to be a log somewhere.

One of the major improvements over time has been how text in error messages and other “static” components have become more like read only text box / webpage and interactive over the years. Which means when you get an error message you can copy and paste the text to aid you in your search. This also means that links work. A lot of web pages seem to have failed to grasp this, and have made sections of their application “unselectable”, links “unclickable” and more annoyingly but less importantly, have failed to place white space between distinct elements which means when you go to select text (often by double-clicking and dragging in my case) you “over match” and select elements that are unintended:

Synology Active Insight has gone pro! Made me think about my previous comment. If they offered a more “general” service which included value added things like email processing etc. It would definitely make it seem more worth it. I think they should offer domain services and some email services for free still, however they can add more services along that lines. Such as an “email proxy” so you don’t have to directly expose port 25, (and maybe 110) for instance.

Why!? Synology Mail Pro is decent and all. It feels like a management layer on a bunch of open source mail tools. Plus and Android app which is quite nice. However it has a bunch of quirks which make me wonder if people actually use it inside synology. Or at least various configurations. One of the odd components of the synology mail system is the mail component isn’t fully “abstracted” between components.

I use the keyboard shortcuts [ and ] a lot in gmail. However, when I do I establish a “direction” but sometimes, I press e as I want to go back to the thread list. I don’t always navigate the same direction. For a while I turned on the “auto advance”: Option. Today I abandoned it mostly because it doesn’t support the notion of “inertia” IMHO.. Basically I want a 3rd option that is along the lines of:

I am rather fond of synology’s offering however it does leave me with a couple of wishes / desires. Synology itself Sometimes I don’t quite know if a feature is supposed to be for business or personal / private use. They often seem to have both in mind but under serve both a bit. Anyway here are some of my opinions: Software issues I kind of want an easier way of logging software issues.

Since I have setup a Dotfiles repo using the useful Chezmoi I am using a single configuration everywhere. Something else I also do is use one account for all my work regardless of the computer I’m on. However that means you encounter issues with software which wasn’t exactly designed for users who operate under different “aliases” on the same account. Such as, when I’m working for one of my clients, I do all my commits under the email address associated with that organisation.

Not sure why “Drive” gets it’s own icon but all of my cloud sync items don’t especially considering that it has all the icons already setup:

While I don’t miss people using API to change the status bar text, something I can vaguely recall and I don’t think it’s that useful as people don’t look there that often. (Perhaps it was for help text.) I do seem to miss the status bar, as a concept and in browsers specifically. While it was mostly use for things such as the zoom level and SSL level, those things have been migrated to the address bar.

Almost all the other chat clients I have can run in the background showing only a system tray icon… Why can’t Signal? Slack Discord WhatsDesk (WhatsApp) I think: Facebook Messenger – Or it just harasses me. I guess if they did so I would hope that it at least has some marker to show that conversation has happened.

I use a fair number of password managers for various reasons. However something that bugs me with their prompts is they don’t have a button that easily allows me to configure an exemption.. I almost never want to remember a password used on “localhost” on some weird port number because I develop software and test it frequently: But yet it prompts me every time. There is a way I can manually configure this, Never Urls:

SimpleScreenRecorder, the best simple screen recorder on linux that I know of.. I think it might be a wrapper around some shell commands. IDK.. But it would be nice if it were ported to other systems. Until then I use OBS which is overkill for most of what I do.. (Also in Windows Screen2Gif isn’t bad either.) Got it working on a system with nVidia and got this error: I don’t know what this means, what it does, or how to undo it.

Okay having used Windows and Mac OS for a couple years. Mostly due to driver issues. (Which didn’t abate, I had to effectively buy a new computer to solve my issues. Which is rather disappointing but I think I will be moving back to a desktop / laptop hybrid model again. Laptops have disappointed me recently but that’s a conversation for another day. Title bar customization So the move to KDE has been pretty nice in the most part.

This is mostly just a list of things to remind me what to install when I reformat / start using a new PC. But I decided I would share anyway. The prompt for creating this table wss actually discovering ksnip which resolved a lot of my cross platform screen shot pains. Tool Windows Linux Mac OS X Comments Screen shots ksnip ksnip ksnip Picking this up helped a lot as it was a major missing piece, I had tried things like, Shutter which became dependency hell every update as it isn’t a compiled tool and wasn’t cross platform.

So when you use docker with Synology it has a rather nice UI.. However it seems to be lacking things. Such as redownloading the images for any given tag as the SHAs don’t change but the tags do! -_- Saying that; this addition is nice: – Turns out adding itself over itself doesn’t work. And you can’t add the update by a different tag name and switch the tag on an “off” container.

Turns out I could crash ksplashqml quite reliably rendering my kde setup unusable simply by having a bad XDG_DATA_DIRS configured in my .zshenv file. I’m not sure what caused it. But it might be because it was already set, or that it ended with a : – Edit Actually a bit more looking around and it turns out it is if XDG_DATA_DIRS contains the same entry twice it crashes.

Ugh.. I would rather write here that I found this issue than log it myself. Because from what I recall from the bug logging process it can be pretty tedious. Especially with bugzilla. Perhaps Github / Gitlab has spoiled me with the ability to log very simple bugs quickly and easily. Maybe because web based interfaces were so hard to use back in the 90s, it was tedious to go through bug reports so simply reduce them by getting as much info upfront as possible including classification.

For some reason IntelliJ and Windows terminal discover available shells in different ways, but either way is not ideal. (In-fact IntelliJ uses two different means of discovery.) The terminal popup in Intellj seems to be unaware of Gitbash.. Which is in complete contrast to the terminal settings (same plugin) which is unaware of my WSL deployments. (Possibly because it’s using a file path based system) Which means I can’t set Debian WSL as my default terminal in IntelliJ.

Another one from the department of should have been a bug issue: Why doesn’t the GoLand “move” dialogue show you the receiver. When you’re implementing a new interface this can make it a bit hard to use when you start to refactor your code. -_-

So started using linux.. Getting this issue here: [ 499.624767] thinkpad_acpi: unhandled HKEY event 0x6031 [ 499.624771] thinkpad_acpi: please report the conditions when this event happened to ibm-acpi-devel@lists.sourceforge.net [ 517.509897] thinkpad_acpi: unhandled HKEY event 0x6031 [ 517.509905] thinkpad_acpi: please report the conditions when this event happened to ibm-acpi-devel@lists.sourceforge.net I really don’t want to have to mail a mailing list and learn how to engage with the community, how to write a post, and worst yet, having to subscribe to a mailing list to get a single response.

So.. Turns out the control panel mess that exists on Windows is contagious. After 2 years of using Windows (because of driver issues) I have finally been able to switch back to Linux.. However I got used to a couple settings. One was a faster mouse scroll speed… So I go to configure that and this is what I see: A quick google got me here: https://forum.kde.org/viewtopic.php?t=160416 Ugh no difference

Had an issue with getting MOK to install my keys for my Intel Corporation Wi-Fi 6 AX200 (rev 1a) wireless card on my Lenovo X1 Carbon Extreme G2.. Turns out there is a bug in the shell script that installs the self signed keys in to MOX… Which is great. But it turns out I have hit a bug.. Perhaps this is because I use zsh or some other reason but.

Small gripe.. But it seems that with a default install of KDE it the Akregator (RSS feed reader) comes pre configured with the KDE blog which doesn’t render correctly. -_- Not that it matters it seems there isn’t any syncing ability in Akregator meaning I will stick with Miniflux for now.

The login process and decryption/password-protected document workflow with Synology Office is not great. Probably needs to be looked at. I was going to try figure it out and provide a nice diagram of how it works, but I don’t have that much time to dedicate to this issue. But I get stuff like this, when my login as expired, instead of just presenting a login page, it gives me this;

Ugh. So it turns out AWS Glue (the new interface) when you are writing a script using the editor won’t take into account the region when you click the “cloudwatch logs” link section: I have no idea how something like this could pass. But it has. Turns out it will default to us-east-1. It seems to only occur in certain circumstances, however… Once I have selected a region post login (or account switch) it works fine.

So I bought a new speaker… A Logitech G560.. I had been eyeing this speaker for a while. I assure you it wasn’t because of the sound changing aspect. But there wasn’t really a lot to my reasons to pick it. One of the major points to me picking this is, in the absence of a good list of alternatives, brand loyalty. But other than that. I would have to say; Multiple input (Bluetooth, 3.

So I will be writing tech complaints here.. Here is the first one. Turns out Synology defaults the SSH to port 22… Then if you have enabled the security advisor it constantly complains that is set to port 22. Why not just set it to a random (but free) port? If you have to manually configure SSH to turn it on then you would be aware that it’s not running on a “standard” port.

Just creating this blog. It’s 100% a copy of: https://github.com/arran4/githubpages But I will add stuff to it. I intend to use this space to post more technical things. Probably just tech related complaints that are more wordy than Twitter will allow. On the plus side it’s all managed by hugo! Want to submit improvements to the layout.. Yes. But keep them small.