!tCyGickeVqkHsYjWnh:nixos.org

NixOS Networking

891 Members
Declaratively manage your switching, routing, wireless, tunneling and more.259 Servers

Load older messages

SenderMessageTime
12 Sep 2025
@jordanjoel1:matrix.org@jordanjoel1:matrix.org left the room.03:34:46
@ghostbuster91:matrix.orgghostbuster91 Katalin 🔪: toonn what do you think about switching from tailscale to zerotier in this case? 10:26:18
@toonn:matrix.orgtoonn Don't have experience with Zerotier. It sounds more open but I don't have reliable publically accessible hardware for relaying and such. 10:35:03
@emvee381:matrix.orgEm Vee joined the room.12:47:05
@toonn:matrix.orgtoonn ghostbuster91: As promised my unicast DNS multicaster, https://codeberg.org/toonn/dns2mdns 13:15:30
@jassu:kumma.juttu.asiaJassukoHuh? Doesn't nginx support resolving through normal OS provided name lookups?13:32:35
@toonn:matrix.orgtoonn If you have a configuration for me that makes that utility redundant, I'm all ears. 13:37:14
@magic_rb:matrix.redalder.orgmagic_rb

@toonn:matrix.org some haskell review

  • https://codeberg.org/toonn/dns2mdns/src/branch/trunk/src/Main.hs#L68 bytestring has toStrict and fromStrict in the lazy module
  • https://codeberg.org/toonn/dns2mdns/src/branch/trunk/src/Main.hs#L48 all toplevel bindings should have types
13:37:15
@magic_rb:matrix.redalder.orgmagic_rb You can enable mDNS in systemd-resolved and then nginx should use that. 13:37:49
@jassu:kumma.juttu.asiaJassukoI have that kind of setup somewhere. There's some shitty behaviors with the systemd-resolved mdns implementation relating to IPv6, but I don't remember what exactly was the pain point with that. It was something they specifically defined to do wrong and not care about, if I remember correctly.13:40:36
@jassu:kumma.juttu.asiaJassuko

I had this on one laptop where I absolutely needed to use network damager for managing WiFi due to reasons. Thus, the rather weird config on that.

   # Enable Network Manager for WiFi networking
   networking.networkmanager = {
     enable = true;
     connectionConfig."connection.mdns" = 2;
     dns = "systemd-resolved";
     # firewallBackend = "nftables"; ## Deprecated
   };
   networking.resolvconf.dnsSingleRequest = true;
   services.resolved = {
     enable = true;
     llmnr = "false";
     fallbackDns = [
 #      "8.8.8.8"
 #      "2001:4860:4860::8888"
       "1.1.1.1#cloudflare-dns.com"
       "1.0.0.1#cloudflare-dns.com"
       "2606:4700:4700::1111#cloudflare-dns.com"
       "2606:4700:4700::1001#cloudflare-dns.com"
     ];
     extraConfig = ''
         MulticastDNS=yes
         Cache=no-negative
       DNSOverTLS=opportunistic
       DNSStubListenerExtra=::53
     '';
   };
13:44:51
@jassu:kumma.juttu.asiaJassuko

Firewall needs to be handled as well, like:

   # Open ports in the firewall.
   networking.nftables.enable = config.networking.firewall.enable || false ;
   networking.firewall = {
     enable = false;
     allowedTCPPorts = [
       "22"
     ];
     allowedUDPPorts = [
       ""
     ];
     extraInputRules = ''
       ip6 daddr ff02::fb/128 udp sport 5353 dport 5353 accept
       ip daddr 224.0.0.251 udp sport 5353 dport 5353 accept
     '';
   };
13:45:31
@jassu:kumma.juttu.asiaJassukoso systemd-networkd is used to manage all other network things except WiFi, and systemd-resolved is used for all DNS lookups13:47:47
@toonn:matrix.orgtoonn Oh, you know what, I think I remember what the problem with systemd-resolved is in my case. It doesn't allow for subdomains of .local! 13:51:57
@k900:0upti.meK900That's out of spec13:52:15
@jassu:kumma.juttu.asiaJassuko

/etc/nsswitch.conf might or might not need adjusting as well for the hosts: -line. Namely, the resolve needs to be there correctly at the correct place depending on your other setup:

hosts:     mymachines resolve [!UNAVAIL=return] files myhostname dns
13:52:23
@toonn:matrix.orgtoonn Yep, and working well for me : ) 13:52:26
@toonn:matrix.orgtoonn I really don't see a good reason for it to be out of spec, it's just an arbitrary decision AFAICT. 13:53:07
@jassu:kumma.juttu.asiaJassukoAhh. Well, that is a use case I have not had. :D13:53:13
@magic_rb:matrix.redalder.orgmagic_rb Does the spec restrict valid TLDs? .local is very very common 13:57:29
@toonn:matrix.orgtoonn I think the spec requires .local actually. 13:57:51
@k900:0upti.meK900No, but the mDNS spec does not allow multiple parts in the domain name13:58:17
@k900:0upti.meK900It does require .local13:58:36
@k900:0upti.meK900But foo.bar.local is not allow13:58:42
@k900:0upti.meK900* But foo.bar.local is not allowed13:58:45
@k900:0upti.meK900Only foo.local13:58:48
@magic_rb:matrix.redalder.orgmagic_rbOh, so no subdomains13:59:14
@magic_rb:matrix.redalder.orgmagic_rbWeird13:59:16
@toonn:matrix.orgtoonn I assume it's because some printer's implementation somewhere splits on the first `.` and then proceeds to freak out. 13:59:56
@k900:0upti.meK900No, it's because14:01:21

Show newer messages

Back to Room ListRoom Version: 6