| 10 Jan 2026 |
 magic_rb | What im thinking about is somehow doing the "wireguard in init namespace, physical ifaces in a separate namespace" to force all outward traffic to go through WG. But also be able to skip past it per program for captive portals and also be able to disable it at home | 11:18:21 |
| magic_rb | Idk if there is a better way | 11:18:26 |
| magic_rb | Im open to simpler ideas :) | 11:23:21 |
| magic_rb | My laptops config is more complicated than most vps' on hetzner | 11:23:51 |
 hexa (clat on linux when) | Vrfs | 11:33:04 |
| magic_rb | Vrwhatbow | 11:43:38 |
| magic_rb | *now, ill look up | 11:43:41 |
| magic_rb | Hm, still has the issue of 0.0.0.0 dev wg0 causes an infinite loop and a route has to be added manually for the default gateway. Which will break if the default gateway changes | 11:48:15 |
 K900 | If you use NM, it will automatically add a route for the gateway | 11:48:50 |
 kraftnix | I hadn't heard of VRFs, but seems not too dissimilar to what I do, PBR | 11:50:51 |
| magic_rb | I left NM and i am not going back. I prefer networkd by a lot. I can actually hardcode all the settings in Nix and its nice and predictable | 11:52:20 |
| magic_rb | Might still go NS approach, gives me separate firewalls too | 11:53:14 |
| hexa (clat on linux when) | prober netns support in nixos modules when | 11:57:32 |
| magic_rb | When systemd has it | 11:58:01 |
| magic_rb | So never | 11:58:04 |
| hexa (clat on linux when) | you mentioned firewalls | 11:58:19 |
| hexa (clat on linux when) | so we would clearly also need to add to other modules | 11:58:37 |
| magic_rb | Ive done, and i wanted to kms | 11:58:45 |
| hexa (clat on linux when) | and support for /etc/netns | 11:58:53 |
| magic_rb | 2050 | 11:59:28 |
 Sandro 🐧 | ifstate is meant for static networking configuration, right Marcel ? | 21:10:16 |
| magic_rb | i mean yeah, but i never do what im told | 21:19:59 |
| Sandro 🐧 | I know those kinds of people to well 😅 | 21:54:23 |
| Sandro 🐧 | always a pleasure to add new restrictive measures because someone couldn't behave themselves 😂 | 21:54:47 |
| magic_rb | I never could behave myself, thats why im using NixOS :P | 23:10:14 |
| 11 Jan 2026 |
 Marcel | magic_rbyou could try to configure ifstate to run on udev events? | 01:57:06 |
| Marcel | do you use dhcp or wifi with ifstate? if yes, I would like to get some input how the module could be improved to make it morre straight forward (i've never done it till now) | 01:58:03 |
|  lukas joined the room. | 03:33:39 |
| magic_rb | I dont yet, but the plan is to do so yes. Ill ping you. | 09:27:27 |
| magic_rb | Not sure if udev is enough. I dont think it maps all of netlink, ill go with netlink, then debounce and then run ifstate | 09:28:25 |
