| 15 Aug 2024 |
|  ~ajhalili2006 [tildeverse / backup of @ajhalili2006:andreijiroh.dev] changed their display name from ~ajhalili2006 [ recaptime.eu.org / sr.ht / tildeverse ] to ~ajhalili2006 [ recaptime.dev / sr.ht / tildeverse ]. | 17:25:51 |
| 16 Aug 2024 |
|  @nebucatnetzer13:matrix.org set a profile picture. | 11:06:00 |
 Gleydar | In reply to @nzbr:nzbr.de
We don't do anything to handle specialisations specifically. You can probably do it the same way as on bare-metal NixOS. I haven't used the feature much though, so I can't say how that would look exactly Sadly, this seems a bit broken... It is mentioned in the wiki that some things only reset on boot. Even though adding variables to the service works (in my case adding the proxy), apparently removing variables isn't supported when using test... | 11:26:05 |
|  Aurora Ennie Seidr (she / her) joined the room. | 14:55:12 |
| Aurora Ennie Seidr (she / her) | Yay! | 14:55:22 |
| Aurora Ennie Seidr (she / her) | It worked | 14:55:29 |
 K900 | But yeah, basically, you can set up an SSH server on your Windows | 14:55:49 |
| K900 | Then run wsl inside that | 14:55:53 |
| K900 | And get dropped into a WSL shell | 14:55:59 |
| Aurora Ennie Seidr (she / her) | I'm so sorry. I literally hate used windows only enough for work and limited professional troubleshooting. All of my stuff went the cloud vm route
Kudos for them and not mandating "Windows terminal server" any more I guess? | 14:57:21 |
| K900 | Windows is honestly a lot better now | 14:57:37 |
| Aurora Ennie Seidr (she / her) | In reply to @k900:0upti.me
Windows is honestly a lot better now Yeah I thought people were on metaphorical acid when they told me about all the good Microsoft did.
I remember when the documents got leaked from their engineering team where they wanted to totally kill Linux | 14:58:50 |
| Aurora Ennie Seidr (she / her) | In reply to @k900:0upti.me
Windows is honestly a lot better now Yeah I noticed actually | 14:59:04 |
| Aurora Ennie Seidr (she / her) | Okay so install the openssh server via the link you provided. Start the WSL 2 instance via wsl -d NixOs and then it drops me into the system with full access from there?
My only issue now is getting connected to this openssh port from my zerotier network? Since it's going to be powershell I have no idea if they have it for that | 15:02:22 |
| Aurora Ennie Seidr (she / her) | And thus the unforeseen issue creeps in | 15:02:48 |
| K900 | Yes | 15:02:55 |
| K900 | I don't think ZeroTier would care? | 15:03:03 |
| K900 | It's just a VPN? | 15:03:07 |
| K900 | So you should be able to install it on the Windows side | 15:03:15 |
| K900 | And then just connect to the in-network address | 15:03:21 |
| Aurora Ennie Seidr (she / her) | In reply to @k900:0upti.me
So you should be able to install it on the Windows side Hmmm... Okay... I am tentatively hopeful | 15:03:56 |
| K900 | I don't use ZeroTier, but it works fine for me with Tailscale | 15:04:08 |
| Aurora Ennie Seidr (she / her) | I will check into that system. That hit a 404 for me, but I can look into that | 15:04:44 |
| K900 | Tailscale is basically just a mesh VPN thing | 15:05:07 |
| K900 | It should not be any different from any other VPN solution for this use case | 15:05:17 |
 nzbr (they/it) | Zerotier is a mesh VPN as well IIRC, just a different protocol. So it should behave similarly | 15:09:20 |
| Aurora Ennie Seidr (she / her) | This is supposedly a compare and contrast it seems Tailscale has the edge because I do go between my internal network and the Internet:
Here's an overview of Tailscale and ZeroTier, with a focus on connecting Windows 11 (via OpenSSH), NixOS, and Ubuntu instances:
### **Tailscale: Features and Pricing**
**Protocol and Security:**
- Tailscale uses the WireGuard protocol, known for its efficiency and robust encryption【9†source】.
- It operates on a zero-trust networking model, meaning all devices must authenticate before they can connect, enhancing security.
- End-to-end encryption ensures secure communication across public and untrusted networks【9†source】.
- **MagicDNS** simplifies device connections by assigning domain names to devices, eliminating the need to remember IP addresses【9†source】.
**Key Features:**
- **Granular Access Control:** Tailscale allows administrators to set up access control lists (ACLs) to define who can access specific services.
- **Multi-factor Authentication (MFA):** Adds an additional layer of security not available in ZeroTier【9†source】【10†source】.
- **Device Roaming:** Devices retain connectivity across networks, which is handy for laptops and mobile devices【9†source】.
- **Tailscale SSH:** This feature integrates with your existing SSH configuration, allowing you to connect securely without needing to expose SSH to the public internet【10†source】.
**Pricing:**
- Free tier: Up to 3 users and 100 devices.
- Paid plans: Start at $6 per user/month, which includes more users and additional features like advanced ACLs【8†source】.
### **ZeroTier: Features and Pricing**
**Protocol and Security:**
- ZeroTier uses its own protocol, built on UDP, allowing for peer-to-peer communication and NAT traversal without manual port forwarding【8†source】.
- Security is provided via end-to-end encryption, but Tailscale's WireGuard-based encryption is often considered more efficient【9†source】.
**Key Features:**
- **LAN Emulation:** ZeroTier excels at emulating local networks even over the internet, making it appear as though devices are physically close, even if they are not【9†source】.
- **NAT Traversal:** ZeroTier performs well in NAT environments, though Tailscale generally has a slight edge in complex NAT scenarios【9†source】.
- **Private Networks:** ZeroTier allows the creation of invitation-only networks for enhanced security【9†source】.
**Pricing:**
- Free tier: 1 administrator and 25 nodes.
- Paid tiers: Offer more administrators and nodes in packs starting from $29 per month for 50 nodes【8†source】.
### **Comparison: Tailscale vs ZeroTier**
**Ease of Use:**
- **Tailscale** is generally seen as more user-friendly, with simpler management and an easier setup process【9†source】. Its integration of MagicDNS and zero-trust principles simplifies configuration and access, especially for beginners.
- **ZeroTier** requires a bit more effort to set up but provides greater flexibility in network configuration【8†source】.
**Performance:**
- Both tools provide comparable performance, though **Tailscale** often performs better in NAT-heavy environments due to WireGuard’s efficient NAT traversal【9†source】.
- **ZeroTier** can offer slightly better performance in pure LAN emulation setups where all devices are on the same subnet【8†source】.
### **Use Cases: Windows 11 (OpenSSH), NixOS, and Ubuntu**
1. **Windows 11 with OpenSSH:**
- Both Tailscale and ZeroTier can be used to create secure VPNs, allowing you to SSH into your Windows 11 machine from anywhere.
- **Tailscale SSH** might offer a more straightforward solution for managing SSH access without exposing your machine to the public internet【10†source】.
2. **NixOS:**
- **Tailscale:** Easily installed on NixOS with the ability to integrate directly into the systemd services. You can enable the Tailscale client and configure subnet routers through simple NixOS configurations【9†source】.
- **ZeroTier:** Also supported on NixOS but may require more configuration, especially for managing larger networks【9†source】.
3. **Ubuntu:**
- Both services are easily deployed on Ubuntu, with clear documentation available for setting up VPN connections, SSH access, and remote device management【9†source】【10†source】.
### **Conclusion:**
- If simplicity and security are your priorities, especially for managing SSH access across multiple devices, **Tailscale** is a great choice. Its seamless integration with SSH and zero-trust networking model make it highly secure.
- For more complex LAN emulation or when you need more control over the network structure, **ZeroTier** might be more suitable.
| 15:11:58 |
| nzbr (they/it) | @Aurora Ennie Seidr (she / her) fyi: If you want to use pubkey auth, the ssh server ignores ~\.ssh\authorized_keys if your account has admin privileges. You have to add the key to C:\ProgramData\ssh\administrators_authorized_keys in that case. Just to save you the two hours of headache I had when I figured this out | 15:12:30 |
| Aurora Ennie Seidr (she / her) | Basically I used zerotier because I got to it first I guess | 15:12:36 |
| K900 | Is this LLM output? | 15:13:01 |
