| 24 Feb 2024 |
 mkg20001 | myself i just add all the interfaces to trustedInterfaces and that fixes that | 03:52:51 |
| mkg20001 | we could have a named set in nftables and patch incus to append its own interfaces to that | 03:53:24 |
| mkg20001 | basically adding trusted interfaces at runtime | 03:53:39 |
 adamcstephens | the incus table you can see in my paste should cover what using trustedInterfaces does. namely allow dnsmasq requests from incus networks. | 04:29:42 |
| adamcstephens | the multiple table model of nftables makes the firewall rules much cleaner, and allows for better integration with other components that modify firewalls. e.g. docker. | 04:32:11 |
| adamcstephens | https://github.com/NixOS/nixpkgs/pull/290959 | 13:09:05 |
| adamcstephens | I went ahead and added stgrabers video release notes 😁 | 13:09:29 |
| mkg20001 | ah i missed the ! in the assertion | 14:36:00 |
| 25 Feb 2024 |
 steveej | has anyone here tried integration with nomad and the lxc driver? i'm also interested in any other attempt to reuse the nixos modules to define services on nomad | 17:09:52 |
| 26 Feb 2024 |
| adamcstephens | i've not seen anything like that | 00:43:22 |
 hexa | what would nomad integration do? | 00:43:43 |
| hexa | replace lxc? | 00:43:45 |
| adamcstephens | i haven't looked but i assume it's a different exec backend, e.g. docker alternative | 00:49:20 |
| adamcstephens | so nomad would start lxc containers | 00:53:40 |
| adamcstephens | they apparently call them "task drivers" and the lxc one doesn't seem to get much love. https://github.com/hashicorp/nomad-driver-lxc | 00:54:16 |
| adamcstephens | it would need to support lxc 5, which is questionable given the issues about supporting 4 | 01:06:37 |
| steveej | In reply to @hexa:lossy.network
replace lxc? replace incus, especially if used as a cluster manager | 14:53:02 |
| hexa | huh ok. | 14:53:18 |
| hexa | thanks for explaining that 🙂 | 14:53:27 |
| adamcstephens | incus does a lot more than just manage containers though | 14:56:39 |
| adamcstephens | i was thinking about this last night and wondering if instead of replacing incus with nomad, you could replace nomad with incus :) | 14:57:13 |
| adamcstephens | somewhat related, https://github.com/lxc/incus/issues/485 | 14:58:20 |
| steveej | In reply to @adam:robins.wtf
i was thinking about this last night and wondering if instead of replacing incus with nomad, you could replace nomad with incus :) that is a valid thought. nomad also does a lot more than managing containers. it'd be nice to see a comprehensive comparison of the two of features as well as developer backing | 15:00:19 |
| steveej | In reply to @adam:robins.wtf
i was thinking about this last night and wondering if instead of replacing incus with nomad, you could replace nomad with incus :) * that is a valid thought (in my mind too) . nomad also does a lot more than managing containers. it'd be nice to see a comprehensive comparison of the two of features as well as developer backing | 15:00:53 |
| steveej | i think i started out just comparing nomad+lxc task driver with incus+lxc here. both can do more than managing lxc containers | 15:02:00 |
| steveej | my primary is to use a production ready cluster workload orchestrator in combination with the nixpkgs nixos services | 15:03:50 |
| steveej | * my primary motivation is to use a production ready cluster workload orchestrator in combination with the nixpkgs nixos services | 15:03:55 |
| adamcstephens | yeah, would be nice. i think one of the struggles is the very tight coupling to systemd and it being a full OS | 15:38:44 |
| adamcstephens | https://github.com/aanderse/system-manager could be helpful | 15:47:42 |
| 27 Feb 2024 |
|  Vanessa joined the room. | 17:15:00 |
