| 18 Mar 2024 |
 adamcstephens | it's only creating an input rule
chain input {
type filter hook input priority filter; policy drop;
iifname { "lo", "incusbr0" } accept comment "trusted interfaces"
| 14:23:23 |
| adamcstephens | forwarding is handled separately, in the other table i included aboe | 14:23:57 |
 mkg20001 | you need networking.firewall.filterForward = true; | 14:27:21 |
| adamcstephens | https://github.com/NixOS/nixpkgs/blob/3551c607f454ee855e54db5686464c8dcf83ceae/nixos/modules/services/networking/firewall-nftables.nix#L92 | 14:27:50 |
| mkg20001 | ah wait, yes, i had it added manually. thought filterForward would do that. | 14:28:55 |
| mkg20001 | we could add something that packets with iifname or oifname contained in trustedInterfaces be allowed | 14:29:27 |
| mkg20001 | * we could add something that packets with iifname and/or oifname contained in trustedInterfaces be allowed | 14:29:33 |
| adamcstephens | i've not used filterForward myself | 14:29:36 |
| adamcstephens | i'd honestly rather not get too tricky with this. i think the goals should be a working out of box experience for those who are taking a simple/default setup, without making assumptions that will affect those who have more complex/advanced needs. | 14:32:30 |
| adamcstephens | or we just solve this with documentation | 14:34:10 |
| adamcstephens | if you want to pursue some automation with hooks, i'd recommend reaching out to stgraber though irc/github/discourse and see what his thoughts are | 14:39:58 |
| mkg20001 | ok, will do | 14:41:37 |
| 19 Mar 2024 |
|  NixOS Moderation Botchanged room power levels. | 00:29:52 |
| adamcstephens | 🤞i can finally move this PR forward | 02:30:11 |
| adamcstephens | took some digging to fix this test which was already failing. because you know we can't mark failed builds as failed 😿 | 02:30:52 |
| adamcstephens | https://github.com/NixOS/nixpkgs/pull/294548 | 03:30:22 |
 hexa | lib.mdDoc is obsolete | 23:38:05 |
| 20 Mar 2024 |
| adamcstephens | I added none. Are there plans for a bulk cleanup? | 00:46:11 |
| hexa | also … sometimes using with should be ok 😄 | 00:49:32 |
| hexa | 
Download image.png | 00:49:34 |
| adamcstephens | Pkgs is so short :) I prefer to be explicit myself but understand others prefer with in this case. I’d say it’s ok but not my preference | 01:05:33 |
| adamcstephens | Lots of dependencies for this package | 01:08:45 |
| adamcstephens | If you insist I’ll use with ;) | 01:08:56 |
| hexa | how could I? | 01:09:39 |
| hexa | I think it's silly to complain about every with that we have in nixpkgs | 01:10:07 |
| hexa | it started at toplevel with lib and now they're coming for meta =with lib; | 01:10:30 |
| hexa | * it started at toplevel with lib and now they're coming for meta = with lib; | 01:10:57 |
| adamcstephens | I just tend not to use them out of preference. I don’t really like a global with lib, but smaller scopes seem fine to me | 01:11:52 |
| adamcstephens | I’m definitely not trying to convince others | 01:12:10 |
| hexa | I tend to inherit from lib | 01:12:29 |
