| 26 Feb 2025 |
 magic_rb | I only allow ssh over wireguard period | 20:28:33 |
 dgrig | (waiting for a new circuit after a restart can be a bit annoying if you're trying to ssh right after a restart in my opinion) | 20:28:36 |
 Scrumplex | Another way to reduce ssh bot noise is to limit sshd to listen on IPv6 only | 20:50:50 |
 Fernando Rodrigues | In reply to @magic_rb:matrix.redalder.org
I only allow ssh over wireguard period ssh over wireguard is so nice | 21:36:06 |
 hexa | yeah, much nicer than just using ssh over internet | 21:38:07 |
| hexa | * yeah, much nicer than just using ssh over internet \s | 21:38:09 |
| hexa | to be clear, I have a wireguard/babel mesh, so I can ssh over a routed connection of private addresses | 21:38:39 |
| Fernando Rodrigues | In reply to @hexa:lossy.network
yeah, much nicer than just using ssh over internet \s i mean, unironically yes. | 21:38:43 |
| hexa | but now imagine a git host | 21:38:49 |
| Fernando Rodrigues | I don't see the issue? | 21:39:11 |
| hexa | git+ssh | 21:39:19 |
| hexa | * git+ssh:// | 21:39:30 |
| Fernando Rodrigues | Sure, just change the IP from whatever it was before to the wireguard address. | 21:39:43 |
| Fernando Rodrigues | ditto with a domain | 21:39:50 |
| hexa | a custom port is too cumbersome, means everyone needs to maintain ssh configs etc. | 21:39:50 |
| hexa | public git access over ssh | 21:40:04 |
| hexa | forgejo | 21:40:07 |
| hexa | gitlab | 21:40:09 |
| Fernando Rodrigues | ah, yes. forgejo. | 21:40:26 |
| Fernando Rodrigues | currently i use a nginx stream to proxy ssh connections over a wireguard tunnel to a forgejo host | 21:40:55 |
| hexa | nginx stream is a fancy word for saying "socat" | 21:41:10 |
| Fernando Rodrigues | yes | 21:41:16 |
| dgrig | (gitlab automatically adds the ssh port in the UI when copying the git clone command iirc, but agreed it can be a pita) | 21:43:12 |
| hexa | changing the ssh port means everyone needs to adapt on every machine for every application using it | 21:47:42 |
| hexa | that's not worth the hassle | 21:47:48 |
| 27 Feb 2025 |
|  ·☽•Nameless☆•777 · ± changed their profile picture. | 17:11:06 |
 flare | eh | 22:54:41 |
| flare | for personal uses it has worked for me that approach | 22:54:53 |
| 1 Mar 2025 |
 @77a5a1:matrix.org | Hello, could someone help me with this error?
error: a 'x86_64-linux' with features {gccarch-raptorlake} is required to build '/nix/store/x0zfxhzq9xh2s3f02qhzxwgi17fglk8h-bootstrap-stage0-glibc-bootstrapFiles.drv', but I am a 'x86_64-linux' with features {benchmark, big-parallel, kvm, nixos-test}
| 21:53:29 |
| @77a5a1:matrix.org | cat /etc/nixos/configuration.nix
{ config, pkgs, lib, ... }:
{
nix.settings.system-features = [ "gccarch-raptorlake" "benchmark" "big-parallel" "kvm" "nixos-test" ];
nixpkgs.hostPlatform = { gcc.arch = "raptorlake"; gcc.tune = "raptorlake"; system = "x86_64-linux"; };
| 21:54:00 |
