| 18 Aug 2021 |
 das_j | Its not the only bug ;) | 15:07:04 |
 andi- | das_j: do you have the code somewhere public? I'd love to host a proper search for options and packages on search.nixos.dev ;-) | 15:11:21 |
 eyJhb | In reply to @janne.hess:helsinki-systems.de
Our interface is 0% compatible because we… I honestly don't remember anymore. It's a lot more complex, the code is a lot less readable but it's more powerful. So it's not really a drop-in replacement I didn't even see you replied. Weird... But I think it is very much Ok that it is not a drop in replacement. I think we have discussed this before, and one of the reasons is the bug for bug comparability etc... I will look at the options once I am at my PC again :) | 15:23:49 |
| das_j | In reply to @andi:kack.it
das_j: do you have the code somewhere public? I'd love to host a proper search for options and packages on search.nixos.dev ;-) I‘m currently OOO in the Datacenter, you can check github.com/dasJ - something like helsinki-index or options or something like this? Should contain „helsinki“ | 16:17:53 |
| eyJhb | das_j: You need to sign in or sign up before continuing. aww :( https://git.helsinki.tools/helsinki-systems/helsinki/-/blob/master/3modules/firewall.nix | 16:35:12 |
| das_j | In reply to @eyjhb:eyjhb.dk
das_j: You need to sign in or sign up before continuing. aww :( https://git.helsinki.tools/helsinki-systems/helsinki/-/blob/master/3modules/firewall.nix Strange, my regular login works just fine | 19:39:52 |
| das_j | I'm just kidding, I created a gist with the entire module | 19:41:10 |
| das_j | Note that this is one of my earliest modules and it would probably not even remotely pass reviews with the current standards but due to the awfulness of the implementation (especially doComplexPorts) nobody was brave enough to refactor it | 19:41:59 |
| das_j | In reply to @eyjhb:eyjhb.dk
verifiedNetfilter = { text, modules ? [ ] }:
let
file = pkgs.writeText "netfilter" text;
vmTools = pkgs.vmTools.override {
rootModules =
[
"virtio_pci"
"virtio_mmio"
"virtio_blk"
"virtio_balloon"
"virtio_rng"
"ext4"
"unix"
"9p"
"9pnet_virtio"
"crc32c_generic"
] ++ modules;
};
check = vmTools.runInLinuxVM (
pkgs.runCommand "nft-check"
{
buildInputs = [ pkgs.nftables ];
inherit file;
} ''
set -ex
# make sure protocols & services are known
ln -s ${pkgs.iana-etc}/etc/protocol /etc/protocol
ln -s ${pkgs.iana-etc}/etc/services /etc/services
# test the configuration
nft --file $file
set +x
''
);
in
"#checked with ${check}\n" + text;
this beauty
Found a bug here. It's acutally /etc/protocols and not /etc/protocol | 20:06:23 |
| 19 Aug 2021 |
|  6aa4fd joined the room. | 05:55:00 |
|  anubhavkini left the room. | 06:49:11 |
| eyJhb | Thanks das_j ! Will change mine :) | 11:42:57 |
|  iammrinal0 joined the room. | 22:00:17 |
| 20 Aug 2021 |
| 6aa4fd set a profile picture. | 01:13:04 |
| andi- | https://marc.info/?l=netfilter&m=162939459210790&w=2 | 08:54:01 |
| eyJhb | It's lovely that they link to https://www.netfilter.org/projects/nftables/downloads.html#nftables-0.9.9 | 08:58:17 |
 Andreas Schrägle | https://github.com/NixOS/nixpkgs/pull/134959 | 14:42:01 |
 Zhaofeng Li | Well, here's yet another project that has abandoned the 0ver.org versioning scheme 😄 | 17:36:24 |
| 6aa4fd | In reply to @zhaofeng:zhaofeng.li
Well, here's yet another project that has abandoned the 0ver.org versioning scheme 😄 I thought that website was serious for a minute and it made me quite mad | 18:57:46 |
 Piper McCorkle (she/her or they/them) | In reply to @zhaofeng:zhaofeng.li
Well, here's yet another project that has abandoned the 0ver.org versioning scheme 😄 Wow, half the Rust ecosystem belongs on that list :P | 20:21:45 |
| Piper McCorkle (she/her or they/them) | (including my packages, that isn't meant as a negative) | 20:22:19 |
| 21 Aug 2021 |
 matthewcroughan - nix.zone | I just set up a 6in4 tunnel on my router at home which is running openwrt. Is there perhaps a daemon I can run on NixOS on my laptop that will give me an ipv6 address anywhere? Would be cool if so. | 01:17:56 |
| 6aa4fd | In reply to @matthewcroughan:defenestrate.it
I just set up a 6in4 tunnel on my router at home which is running openwrt. Is there perhaps a daemon I can run on NixOS on my laptop that will give me an ipv6 address anywhere? Would be cool if so. it depends on how it is routed on your openwrt box | 02:27:49 |
| 6aa4fd | if all your LAN traffic already goes through it, then you don't need to do anything except setting up dhcp | 02:28:34 |
| 6aa4fd | if not, you can change the routing rules on the router | 02:29:45 |
| matthewcroughan - nix.zone | 6aa4fd: I meant to say that I want an ipv6 address on my laptop, even when I'm at a coffee shop, via 6in4. | 02:32:19 |
| matthewcroughan - nix.zone | so I'm happy with the setup I have at home where the router does it, but I was wondering whether I could have it all happen on my laptop and screw the network I'm on. | 02:32:40 |
| matthewcroughan - nix.zone | And what a dream it would be to have Nix configure my home router. | 02:33:08 |
| 6aa4fd | In reply to @matthewcroughan:defenestrate.it
so I'm happy with the setup I have at home where the router does it, but I was wondering whether I could have it all happen on my laptop and screw the network I'm on. oh, you want a 6in4 or other type of VPN then | 02:33:19 |
| matthewcroughan - nix.zone | Hmm.. Maybe tailscale should provide this. | 02:33:42 |
