!tCyGickeVqkHsYjWnh:nixos.org

NixOS Networking

902 Members
on your Router! Declaratively manage your switching, routing, wireless, tunneling and more.263 Servers

Load older messages

SenderMessageTime
9 Jul 2025
@zhaofeng:zhaofeng.liZhaofeng Liwhat even is going on00:52:11
@hexa:lossy.networkhexacan only be systemd doing this00:52:45
@zhaofeng:zhaofeng.liZhaofeng Lithis is beyond cursed00:54:40
@zhaofeng:zhaofeng.liZhaofeng Li how about we patch kea to skip the permission check if NIXPKGS_HACK_ASSUME_THAT_THE_SOCKET_DIR_IS_PROTECTED_BY_SYSTEMD is set 00:55:22
@hexa:lossy.networkhexabut it isn't protected, it is 0755 😄 00:56:04
@hexa:lossy.networkhexa* but it isn't protected, it is fucking 0755 😄 00:56:09
@zhaofeng:zhaofeng.liZhaofeng Li /var/run/private is protected, right? 00:57:42
@hexa:lossy.networkhexauhhh yeah00:58:46
@hexa:lossy.networkhexaI think so00:58:54
@hexa:lossy.networkhexa Zhaofeng Li: Restart = "on-failure" 🫣 01:14:38
@zhaofeng:zhaofeng.liZhaofeng Lido we need to disable the start limit as well?01:15:32
@zhaofeng:zhaofeng.liZhaofeng Li* do we need to disable the restart limit as well?01:16:32
@hexa:lossy.networkhexaboth services only failed once, so I don't think we do 😄 01:16:43
@zhaofeng:zhaofeng.liZhaofeng Li * do we need to disable the restart limit as well? also Restart = "on-failure" should be the default? 01:16:48
@hexa:lossy.networkhexayeah, they fail just the first time round01:17:28
* @hexa:lossy.networkhexa screams 01:17:32
@zhaofeng:zhaofeng.liZhaofeng Li * do we need to disable the restart limit as well? also Restart = "on-failure" should be the default? no, it isn't aaaa 01:18:27
@zhaofeng:zhaofeng.liZhaofeng Litheoretically there is still a chance that systemd will keep fighting against itself forever 🤓01:19:59
@alina:catgirl.cloudalina arielle amelie🏳️‍⚧️🐾 changed their profile picture.21:01:32
@alina:catgirl.cloudalina arielle amelie🏳️‍⚧️🐾 changed their display name from alina to alina arielle amelie🏳️‍⚧️🐾.21:02:18
10 Jul 2025
@maciel310:matrix.orgmaciel310 joined the room.02:58:34
@maciel310:matrix.orgmaciel310

Hey all, hoping someone might be able to help with an issue I'm hitting configuring VLANs. Use case is pretty simple, the only connection should be over the vlan, no untagged traffic or IP assigned. Following the docs (https://nixos.wiki/wiki/Systemd-networkd#VLAN) I came up with this systemd-networkd config, but pinging even local addresses returns unreachable. Any thoughts, or ideas on how to debug?

systemd.network = {
    enable = true;

    netdevs = {
      "20-vlan30" = {
        netdevConfig = {
          Kind = "vlan";
          Name = "vlan30";
        };
        vlanConfig.Id = 30;
      };
    };

    networks = {
      "30-enp0s20f0u1u2" = {
        matchConfig.Name = "enp0s20f0u1u2";
        vlan = [ "vlan30" ];
        networkConfig.LinkLocalAddressing = "no";
        linkConfig.RequiredForOnline = "carrier";
      };
      "40-vlan30" = {
        matchConfig.Name = "vlan30";
        address = [ "192.168.30.7/24" ];
        routes = [
          { Gateway = "192.168.30.1"; }
        ];
        linkConfig.RequiredForOnline = "routable";
      };
    };
  };
04:43:33
@maciel310:matrix.orgmaciel310

And here's the output of a couple commands to show the state, LMK if there are any other commands that would be helpful

$ networkctl
IDX LINK          TYPE     OPERATIONAL SETUP
  1 lo            loopback carrier     unmanaged
  2 enp0s20f0u1u2 ether    carrier     configured
  3 vlan30        vlan     routable    configured

3 links listed.

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: enp0s20f0u1u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 1c:bf:ce:a7:84:b8 brd ff:ff:ff:ff:ff:ff
    altname enx1cbfcea784b8
3: vlan30@enp0s20f0u1u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 1c:bf:ce:a7:84:b8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.30.7/24 brd 192.168.30.255 scope global vlan30
       valid_lft forever preferred_lft forever
    inet6 fe80::1ebf:ceff:fea7:84b8/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
05:42:58
@hexa:lossy.networkhexalooks good from here12:10:14
@hexa:lossy.networkhexaI'd expect the issue will be on the switchport or the other endpoint12:10:36
@hexa:lossy.networkhexadifferent question … what is the least awful way to make sure a consumer of a module I'm providing uses a DNSSEC validating resolver?14:21:04
@hexa:lossy.networkhexagiven that the resolver can be on the local machine (preferable) or not this seems a bit difficult to assert on 🤪14:22:50
@emilazy:matrix.orgemilyseems like not really something you can detect before runtime14:23:05
@sandro:supersandro.deSandro 🐧within reason probably not at all14:23:10
@hexa:lossy.networkhexaso I'm wondering what the right approximation would be14:23:11

Show newer messages

Back to Room ListRoom Version: 6