| 20 Feb 2024 |
 hexa | elvishjerrico maybe | 16:49:18 |
 adamcstephens | In reply to @mkg20001:mkg20001.io
https://github.com/NixOS/nixpkgs/issues/287097 does anyone have any idea about this? i've not dug into it myself. is it a problem with how /sbin/init is linked? | 16:51:43 |
 mkg20001 | maybe, maybe not. didn't really check much, but /run/current-system was missing, so it could be that we'd need to link another script when the option is set | 16:53:49 |
| mkg20001 | to fix activation being ran | 16:54:06 |
| adamcstephens | it breaks /run/current-system? that sounds bad. i thought switch-to-configuration managed that | 16:56:10 |
| mkg20001 | so I found the issue, it's fixed in https://github.com/NixOS/nixpkgs/pull/290288 | 22:15:39 |
| adamcstephens | In reply to @mkg20001:mkg20001.io
so I found the issue, it's fixed in https://github.com/NixOS/nixpkgs/pull/290288 Would you be willing to write test cases for both? | 22:23:00 |
| mkg20001 | In reply to @adam:robins.wtf
Would you be willing to write test cases for both? building and running an image with initrd.systemd.enable is enough? then ill add that | 22:27:40 |
| adamcstephens | Yeah. Though I’m wondering if we should be explicit in the legacy case as there’s talk of deprecating it | 22:29:21 |
| mkg20001 | once nixos as a whole switches we should simply follow i think | 22:37:14 |
| adamcstephens | Then for now just another image with it enabled is good enough | 22:41:47 |
| adamcstephens | * Then for now just another image with systemd init enabled is good enough | 22:42:01 |
| mkg20001 | added test | 22:44:47 |
| 23 Feb 2024 |
| adamcstephens | https://github.com/NixOS/nixpkgs/pull/290570 | 01:53:41 |
| adamcstephens | Any thoughts on forcing people to use nftables with incus? | 19:15:30 |
| hexa | even the nixos firewall uses nft these adys | 19:19:19 |
| hexa | * even the nixos firewall uses nft these days | 19:19:21 |
| hexa | and what does forcing even mean | 19:19:30 |
| hexa | everyone can lib.mkForce whatever they want | 19:19:43 |
| adamcstephens | (networking.firewall.enable && !networking.nftables.enable) && virtualisation.incus.enable | 19:25:38 |
| adamcstephens | throw an error if that evaluates to true | 19:25:52 |
| adamcstephens | * networking.firewall.enable && !networking.nftables.enable && virtualisation.incus.enable | 19:25:58 |
| adamcstephens | is that too aggressive of a change? :) | 19:28:49 |
| hexa | what would be the motivation? | 19:30:39 |
| adamcstephens | incus manages its own firewall rules, and it's easier to support a single integration | 19:39:05 |
| adamcstephens | the motivation comes from at least one user who switching to nftables just fixed the issue https://github.com/lxc/incus/issues/525 | 19:39:38 |
| adamcstephens | specifically this comment: https://github.com/lxc/incus/issues/525#issuecomment-1961862060 | 19:40:22 |
| adamcstephens | (there are two users for some reason in this issue) | 19:40:30 |
| hexa | yeah, then just assert with a link to documentation, why this has become necessary maybe | 19:40:35 |
| adamcstephens | if you're curious, here's an nftable dump from my test machine https://paste.sr.ht/~adamcstephens/28d559730979803b0b1372e200d1013c1a783a4f | 19:42:19 |
