| 29 Jun 2025 |
 hexa | nah, nm is just instrumenting the vpn binary | 16:55:39 |
| hexa | I think that's fine | 16:55:46 |
 emily | well I mean vs. pname conditionals | 16:55:55 |
| hexa | install the plugin and you get the executable for free | 16:55:56 |
| emily | "system package gets added based on pname of something in the plugins option of another package's module" is not within expected behaviour for me | 16:56:28 |
| emily | well | 16:56:30 |
| hexa | yeah, this is a minimal approach to make it work | 16:56:32 |
| emily | ok I expect NixOS modules to do arbitrarily horrible things | 16:56:35 |
| hexa | you add the plugin and we make sure it just works | 16:56:49 |
| emily | if adding a package with a certain name disabled the firewall I'd probably just shrug :) | 16:56:51 |
| emily | yeah, but then you switch to your own packaging of networkmanager-openconnect-neo-fork and it stops working suddenly and it's spooky at a distance to find out why | 16:57:18 |
| hexa | we could add a withOpenConnect option to more clearly state what we're doing | 16:57:22 |
| emily | which services.networkmanager.openconnect.enable wouldn't cause because you'd know there's integration going on | 16:57:34 |
| hexa | but I'm not a fan of having too many options for stuff like that | 16:57:44 |
| hexa | hence removing the enableStrongSwan option … that among other things puts the plugin into the plugin list | 16:57:57 |
| emily | options are bad when they don't do actual system integration | 16:57:57 |
| emily | but they're good when they actually are integrating things | 16:58:04 |
| emily | imo | 16:58:08 |
| emily | coordinating setting up multiple things that need to work together is why we define options at all | 16:58:30 |
| hexa | so you are opposed to https://github.com/NixOS/nixpkgs/pull/421042/commits/3705a24271108f54e414e629861883d8b2aa7116? | 17:00:45 |
| hexa | 
Download image.png | 17:01:49 |
| hexa | this is probably the crucial part | 17:01:56 |
| hexa | where you think the package being in the list does too much? | 17:02:04 |
| emily | yeah, though to be clear I don't want to hard block this | 17:03:24 |
| emily | but how about pkgs.networkmanager_strongswan.passthru.thingsNetworkManagerNeedsInPathAtRuntime | 17:03:51 |
| emily | which can then be collected in a generic way | 17:03:56 |
| emily | er, nix the .passthru from the access path of course | 17:04:08 |
| hexa | yeah, ideally | 17:04:13 |
| hexa | nmRuntimeDeps | 17:04:20 |
| emily | yes | 17:04:28 |
