| 4 Oct 2025 |
 ElvishJerricco | (I have more patches because I use mine just as a switch, and mainline doesn't have hardware fastpath support for bridges yet) | 07:28:48 |
| ElvishJerricco | (i.e. if you bridge the two 10Gbps ports you'll only get like ~3.5Gbps through them) | 07:29:34 |
 aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | In reply to @elvishjerricco:matrix.org
(I have more patches because I use mine just as a switch, and mainline doesn't have hardware fastpath support for bridges yet) Thanks, I'll ask you after I buy it | 07:29:46 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) changed their profile picture. | 08:41:07 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) changed their profile picture. | 08:41:29 |
| 5 Oct 2025 |
|  @rouven:rfive.de left the room. | 19:27:33 |
| 6 Oct 2025 |
|  Frédéric Christ changed their display name from Frédéric Christ (🚄 15.09. - 29.09.) to Frédéric Christ. | 09:24:51 |
| 7 Oct 2025 |
 x10an14 | How can I add an interface to networking.firewall.interfaces? My Nebula VPN interface does not show up there =S | 13:27:45 |
| x10an14 | This might be an XY questien, becaulse I'm trying to debug why my Nebula VPN doesn't seem to work once a connection relies on a port (pings to/from lighthouse work, but nothing else, nor pings between non-lighthouses) | 13:29:10 |
 jappie | is `networking.firewall.trustedInterfaces` what you're looking for? | 13:35:25 |
| x10an14 | It is not set by the module authors/maintainers (https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/networking/nebula.nix#L317), so I doubt it, but I'll give it a try! | 13:37:24 |
| x10an14 | This change allows dig dns queries to a (non-lighthouse) node to work again, but so far seems only from lighthouse itself (where ping worked already in both directions) | 13:41:34 |
| x10an14 | Lemme double-check whether or not trustedInterfaces made the difference | 13:41:53 |
| x10an14 | Yup, adding the Nebula Interface's name to networking.firewall.trustedInterfaces made it so that the dig command now works from the lighthouse to the non-lighthouse node | 13:45:11 |
| 8 Oct 2025 |
| x10an14 | Is this maybe a better channel?
Should `nixos-rebuild switch && { nmcli dev show | grep DNS; }` not show the added `networking.networkmanager.insertNameserver` given in this git commit?
```diff
diff --git a/nixos/x10an14_at_lighthouse/config.nix b/nixos/x10an14_at_lighthouse/config.nix
index f19300c..3f87bc8 100644
--- a/nixos/x10an14_at_lighthouse/config.nix
+++ b/nixos/x10an14_at_lighthouse/config.nix
@@ -1,17 +1,32 @@
-toplevel: {
+{ lib, ... }@toplevel:
+{
_file = ./config.nix;
- flake.modules.nixos.lighthouse = {
- imports = [
- (toplevel.config.flake.modules.nixos.non-work or { })
- toplevel.inputs.nixos-facter.nixosModules.facter
+ flake.modules.nixos.lighthouse =
+ nixos:
+ let
+ nebulaCfg = nixos.config.services.nebula.networks.x10an14;
+ in
+ {
+ imports = [
+ (toplevel.config.flake.modules.nixos.non-work or { })
+ toplevel.inputs.nixos-facter.nixosModules.facter
+ ];
+ }
+ // lib.mkMerge [
+ {
+ boot.loader.grub = {
+ efiSupport = true;
+ efiInstallAsRemovable = true;
+ };
+ facter.reportPath = ./facter.json;
+ system.stateVersion = "25.11";
+ system.autoUpgrade.enable = true;
+ }
+ (lib.mkIf nebulaCfg.enable {
+ networking.networkmanager = {
+ enable = true;
+ insertNameservers = [ "192.168.117.8" ];
+ };
+ })
];
- boot.loader.grub = {
- efiSupport = true;
- efiInstallAsRemovable = true;
- };
- networking.useDHCP = true;
- facter.reportPath = ./facter.json;
- system.stateVersion = "25.11";
- system.autoUpgrade.enable = true;
- };
}
``` | 07:48:50 |
| x10an14 | * Is this maybe a better channel?
Should `nixos-rebuild switch && { nmcli dev show | grep DNS; }` not show the added `networking.networkmanager.insertNameserver` given in this git commit?
```diff
diff --git a/nixos/x10an14_at_lighthouse/config.nix b/nixos/x10an14_at_lighthouse/config.nix
index f19300c..3f87bc8 100644
--- a/nixos/x10an14_at_lighthouse/config.nix
+++ b/nixos/x10an14_at_lighthouse/config.nix
@@ -1,17 +1,32 @@
-toplevel: {
+{ lib, ... }@toplevel:
+{
_file = ./config.nix;
- flake.modules.nixos.lighthouse = {
- imports = [
- (toplevel.config.flake.modules.nixos.non-work or { })
- toplevel.inputs.nixos-facter.nixosModules.facter
+ flake.modules.nixos.lighthouse =
+ nixos:
+ let
+ nebulaCfg = nixos.config.services.nebula.networks.x10an14;
+ in
+ {
+ imports = [
+ (toplevel.config.flake.modules.nixos.non-work or { })
+ toplevel.inputs.nixos-facter.nixosModules.facter
+ ];
+ }
+ // lib.mkMerge [
+ {
+ boot.loader.grub = {
+ efiSupport = true;
+ efiInstallAsRemovable = true;
+ };
+ facter.reportPath = ./facter.json;
+ system.stateVersion = "25.11";
+ system.autoUpgrade.enable = true;
+ }
+ (lib.mkIf nebulaCfg.enable {
+ networking.networkmanager = {
+ enable = true;
+ insertNameservers = [ "192.168.117.8" ];
+ };
+ })
];
- boot.loader.grub = {
- efiSupport = true;
- efiInstallAsRemovable = true;
- };
- networking.useDHCP = true;
- facter.reportPath = ./facter.json;
- system.stateVersion = "25.11";
- system.autoUpgrade.enable = true;
- };
}
``` | 07:49:21 |
 K900 | No | 07:49:46 |
| K900 | It's a horrible hack and you should not use it | 07:49:50 |
| K900 | Just use resolved | 07:49:58 |
| ElvishJerricco | x10an14: { imports = ...; } // lib.mkMerge [ ... ] seems busted | 07:55:46 |
| ElvishJerricco | should just be { imports = ...; config = lib.mkMerge [ ... ]; } | 07:56:16 |
| x10an14 | In reply to @elvishjerricco:matrix.org
x10an14: { imports = ...; } // lib.mkMerge [ ... ] seems busted Nix evaluates it without issue, but sure, I think that's a reasonable suggestion, thanks! | 08:01:10 |
| ElvishJerricco | frankly I'm not sure what it evaluates too, once through the module system | 08:01:31 |
| ElvishJerricco | it might just be dropping stuff, I dunno | 08:01:37 |
| ElvishJerricco | actually, when I try that I get: error: Expected a module, but found a value of type "merge".) | 08:03:27 |
| ElvishJerricco | * actually, when I try that I get: error: Expected a module, but found a value of type "merge". | 08:03:30 |
| x10an14 | In reply to @k900:0upti.me
Just use resolved Hmm, that requires more research... Got any hints/directions to suggest?
This diff spawned out of using "stock" nixos 25.11 + facter on a hetzner box, and wanting to add a custom DNS as top priority, with DHCP dns entries maintained after the custom one | 08:04:44 |
| K900 | Why are you using networkmanager on a hetzner box | 08:05:00 |
| K900 | In the first place | 08:05:06 |
| x10an14 | In reply to @elvishjerricco:matrix.org
actually, when I try that I get: error: Expected a module, but found a value of type "merge". Maybe flake-parts modules does some magic for me? | 08:05:18 |
