 | NixOS Networking | 867 Members |
| Declaratively manage your switching, routing, wireless, tunneling and more. | Don't rely on `networking.*` use systemd-networkd and NetworkManager instead. | Set `SYSTEMD_LOG_LEVEL=debug` to debug networking issues with networkd | No bad nft puns, please. | Room recommendations: #sysops:nixos.org | 248 Servers |
| Sender | Message | Time |
|---|---|---|
| 7 Oct 2025 | ||
 x10an14 | Yup, adding the Nebula Interface's name to networking.firewall.trustedInterfaces made it so that the dig command now works from the lighthouse to the non-lighthouse node | 13:45:11 |
| 8 Oct 2025 | ||
| x10an14 | Is this maybe a better channel? Should `nixos-rebuild switch && { nmcli dev show | grep DNS; }` not show the added `networking.networkmanager.insertNameserver` given in this git commit? ```diff diff --git a/nixos/x10an14_at_lighthouse/config.nix b/nixos/x10an14_at_lighthouse/config.nix index f19300c..3f87bc8 100644 --- a/nixos/x10an14_at_lighthouse/config.nix +++ b/nixos/x10an14_at_lighthouse/config.nix @@ -1,17 +1,32 @@ -toplevel: { +{ lib, ... }@toplevel: +{ _file = ./config.nix; - flake.modules.nixos.lighthouse = { - imports = [ - (toplevel.config.flake.modules.nixos.non-work or { }) - toplevel.inputs.nixos-facter.nixosModules.facter + flake.modules.nixos.lighthouse = + nixos: + let + nebulaCfg = nixos.config.services.nebula.networks.x10an14; + in + { + imports = [ + (toplevel.config.flake.modules.nixos.non-work or { }) + toplevel.inputs.nixos-facter.nixosModules.facter + ]; + } + // lib.mkMerge [ + { + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + facter.reportPath = ./facter.json; + system.stateVersion = "25.11"; + system.autoUpgrade.enable = true; + } + (lib.mkIf nebulaCfg.enable { + networking.networkmanager = { + enable = true; + insertNameservers = [ "192.168.117.8" ]; + }; + }) ]; - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - }; - networking.useDHCP = true; - facter.reportPath = ./facter.json; - system.stateVersion = "25.11"; - system.autoUpgrade.enable = true; - }; } ``` | 07:48:50 |
| x10an14 | * Is this maybe a better channel? Should `nixos-rebuild switch && { nmcli dev show | grep DNS; }` not show the added `networking.networkmanager.insertNameserver` given in this git commit? ```diff diff --git a/nixos/x10an14_at_lighthouse/config.nix b/nixos/x10an14_at_lighthouse/config.nix index f19300c..3f87bc8 100644 --- a/nixos/x10an14_at_lighthouse/config.nix +++ b/nixos/x10an14_at_lighthouse/config.nix @@ -1,17 +1,32 @@ -toplevel: { +{ lib, ... }@toplevel: +{ _file = ./config.nix; - flake.modules.nixos.lighthouse = { - imports = [ - (toplevel.config.flake.modules.nixos.non-work or { }) - toplevel.inputs.nixos-facter.nixosModules.facter + flake.modules.nixos.lighthouse = + nixos: + let + nebulaCfg = nixos.config.services.nebula.networks.x10an14; + in + { + imports = [ + (toplevel.config.flake.modules.nixos.non-work or { }) + toplevel.inputs.nixos-facter.nixosModules.facter + ]; + } + // lib.mkMerge [ + { + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + facter.reportPath = ./facter.json; + system.stateVersion = "25.11"; + system.autoUpgrade.enable = true; + } + (lib.mkIf nebulaCfg.enable { + networking.networkmanager = { + enable = true; + insertNameservers = [ "192.168.117.8" ]; + }; + }) ]; - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - }; - networking.useDHCP = true; - facter.reportPath = ./facter.json; - system.stateVersion = "25.11"; - system.autoUpgrade.enable = true; - }; } ``` | 07:49:21 |
 K900 | No | 07:49:46 |
| K900 | It's a horrible hack and you should not use it | 07:49:50 |
| K900 | Just use resolved | 07:49:58 |
 ElvishJerricco | x10an14: { imports = ...; } // lib.mkMerge [ ... ] seems busted | 07:55:46 |
| ElvishJerricco | should just be { imports = ...; config = lib.mkMerge [ ... ]; } | 07:56:16 |
| x10an14 | In reply to @elvishjerricco:matrix.orgNix evaluates it without issue, but sure, I think that's a reasonable suggestion, thanks! | 08:01:10 |
| ElvishJerricco | frankly I'm not sure what it evaluates too, once through the module system | 08:01:31 |
| ElvishJerricco | it might just be dropping stuff, I dunno | 08:01:37 |
| ElvishJerricco | actually, when I try that I get: error: Expected a module, but found a value of type "merge".) | 08:03:27 |
| ElvishJerricco | * actually, when I try that I get: error: Expected a module, but found a value of type "merge". | 08:03:30 |
| x10an14 | In reply to @k900:0upti.me Hmm, that requires more research... Got any hints/directions to suggest? This diff spawned out of using "stock" nixos 25.11 + facter on a hetzner box, and wanting to add a custom DNS as top priority, with DHCP dns entries maintained after the custom one | 08:04:44 |
| K900 | Why are you using networkmanager on a hetzner box | 08:05:00 |
| K900 | In the first place | 08:05:06 |
| x10an14 | In reply to @elvishjerricco:matrix.orgMaybe flake-parts modules does some magic for me? | 08:05:18 |
| ElvishJerricco | that would be quite shocking | 08:05:32 |
| ElvishJerricco | it should not be fundamentally changing how the module system works | 08:05:42 |
| K900 | Oh wait | 08:06:03 |
| ElvishJerricco | I'm more worried that you're not actually importing this module and that's why it isn't throwing an error or doing what you expected it to do | 08:06:03 |
| K900 | You're NOT using networkmanager | 08:06:06 |
| K900 | You're using scripted networking | 08:06:12 |
| K900 | And trying to apply networkmanager options to it | 08:06:16 |
| K900 | I assume it's this? ┃ │ ┌─ ⏸ unit-dbus-broker.service | 08:06:32 |
| K900 | * I assume it's this? https://github.com/slackhq/nebula | 08:06:38 |
| x10an14 | In reply to @k900:0upti.meBest suggestion I found after 2h of web search and 4+ years of nixos usage searching for "add dns server to nixos without removing DHCP" | 08:07:06 |
| K900 | services.resolved.enable = true is what you want I'm pretty sure | 08:07:22 |
| K900 | And then hopefully it does the right thing | 08:07:27 |
| K900 | And if it doesn't, it's fundamentally broken | 08:07:43 |