| 4 Apr 2026 |
 m1cr0man | * mmm actually for what I want to do, a drop-in won't even fix it as I can't change the [Match] section, and that's a limitation of systemd-networkd. I'll have to duplicate the configs. | 20:34:44 |
 hexa | Redacted or Malformed Event | 20:58:32 |
| 5 Apr 2026 |
 bubylou | You can use the [Match] section in NixOS. For example a LAN config I have is setup like this.
systemd.network = {
enable = true;
networks."10-lan" = {
matchConfig.Name = "enp1s0";
| 01:17:57 |
| bubylou | * You can use the [Match] section in NixOS. For example a LAN config I have is setup like this.
systemd.network = {
networks."10-lan" = {
matchConfig.Name = "enp1s0";
| 01:18:58 |
| bubylou | * You can use the [Match] section in NixOS. For example a LAN config I have is setup like this. I could use regex instead of specifying the whole interface name such as enp*.
systemd.network = {
networks."10-lan" = {
matchConfig.Name = "enp1s0";
| 01:22:26 |
| bubylou | * You can use the [Match] section in NixOS. For example a LAN config I have is setup like this. I could use regex instead of specifying the whole interface name such as matchConfig.Name = "enp*";.
systemd.network = {
networks."10-lan" = {
matchConfig.Name = "enp1s0";
| 01:23:38 |
| bubylou | * You can use the [Match] section in NixOS. For example a LAN config I have is setup like this.
systemd.network = {
networks."10-lan" = {
matchConfig.Name = "enp*";
| 01:24:05 |
| m1cr0man | Ugh, I have spent way too long debugging why ipv6 scope IDs were not present when resolving nspawn containers from the host. It looks like nss-mymachines is broken? I would need someone else to try getent -s hosts:mymachines hosts example | 02:38:37 |
| hexa | empty | 02:44:02 |
| hexa | on the one machine I have with a nixos container | 02:44:08 |
| hexa | if that's what you were looking for | 02:44:16 |
| m1cr0man | Yep. Damn. And is that set up with a .nspawn file? | 02:46:41 |
| hexa | or maybe that's only for nspawn? | 02:46:46 |
| hexa | hm | 02:46:49 |
| hexa | whatever the current generation of nixos containers is | 02:47:04 |
| m1cr0man | Well if it comes up in "machinectl" and it has a ve-$container interface on the host, it should give you something based on my understanding | 02:47:49 |
| hexa | it does come up in machinectl | 02:48:01 |
| hexa | getent hosts <container> works fwiw | 02:49:48 |
| m1cr0man | Does your container have more than just link local ips? | 02:50:14 |
| m1cr0man | In reply to @hexa:lossy.network
getent hosts <container> works fwiw Works for me too but on ipv6 returns no scope ID for link local addresses | 02:50:43 |
| m1cr0man | I believe it is using llmnr-ipv6 instead in this case. I was able to validate that with `resolvectl query -p llmnr-ipv6 example` | 02:51:56 |
| hexa | nvm, no interface in the host namespace | 02:52:26 |
| hexa | it has a bunch of ULA ip addresses | 02:52:41 |
| hexa | eh … 5am | 02:53:05 |
| hexa | 💤 | 02:53:08 |
| m1cr0man | Yeah, early here too. Ttyl if you are around but thanks for the quick checks | 02:53:58 |
| m1cr0man | Just for sanity: the docs on mymachines demonstrate clearly that an ipv6 ping should return a scope ID
https://www.freedesktop.org/software/systemd/man/latest/nss-mymachines.html | 03:00:55 |
| m1cr0man | A couple of straces later, I've found that libnss_mymachines.so.2 isn't in the standard library path. Adding it via LD_LIBRARY_PATH makes getent ahosts work as expected. Uh, this is where my nixos knowledge is not great - what's the right way to make this library available for the whole system? It's always dynamically loaded based on nsswitch.conf, so I can't compile it in to the necessary binaries. | 10:35:05 |
| m1cr0man | Another person has walked this path before 😅 systemd/lib is in nscd.service's LD_LIBRARY_PATH, and nscd.conf has an interesting note:
# Note that we can not use `enable-cache no` As this will actually cause nscd
# to just reject the nss requests it receives, which then causes glibc to
# fallback to trying to handle the request by itself. Which won't work as glibc
# is not aware of the path in which the nss modules live. As a workaround, we
# have `enable-cache yes` with an explicit ttl of 0
| 10:40:43 |
| m1cr0man | But this still doesn't explain why ping is not getting the result from mymachines. Perhaps nscd doesn't have permission to send the dbus message to systemd to get the container addresses? | 10:45:36 |
