!tCyGickeVqkHsYjWnh:nixos.org

NixOS Networking

899 Members
Declaratively manage your switching, routing, wireless, tunneling and more.262 Servers

Load older messages

SenderMessageTime
4 Oct 2025
@aleksana:mozilla.orgaleksana 🏳️‍⚧️ (force me to bed after 18:00 UTC)
In reply to @elvishjerricco:matrix.org
(I have more patches because I use mine just as a switch, and mainline doesn't have hardware fastpath support for bridges yet)
Thanks, I'll ask you after I buy it 		07:29:46
@aleksana:mozilla.orgaleksana 🏳️‍⚧️ (force me to bed after 18:00 UTC) changed their profile picture.08:41:07
@aleksana:mozilla.orgaleksana 🏳️‍⚧️ (force me to bed after 18:00 UTC) changed their profile picture.08:41:29
5 Oct 2025
@rouven:rfive.de@rouven:rfive.de left the room.19:27:33
6 Oct 2025
@frederic:scs.ems.hostFrédéric Christ changed their display name from Frédéric Christ (🚄 15.09. - 29.09.) to Frédéric Christ.09:24:51
7 Oct 2025
@x10an14:matrix.orgx10an14 How can I add an interface to networking.firewall.interfaces? My Nebula VPN interface does not show up there =S 13:27:45
@x10an14:matrix.orgx10an14This might be an XY questien, becaulse I'm trying to debug why my Nebula VPN doesn't seem to work once a connection relies on a port (pings to/from lighthouse work, but nothing else, nor pings between non-lighthouses)13:29:10
@jappie:jappie.devjappieis `networking.firewall.trustedInterfaces` what you're looking for?13:35:25
@x10an14:matrix.orgx10an14It is not set by the module authors/maintainers (https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/networking/nebula.nix#L317), so I doubt it, but I'll give it a try!13:37:24
@x10an14:matrix.orgx10an14 This change allows dig dns queries to a (non-lighthouse) node to work again, but so far seems only from lighthouse itself (where ping worked already in both directions) 13:41:34
@x10an14:matrix.orgx10an14 Lemme double-check whether or not trustedInterfaces made the difference 13:41:53
@x10an14:matrix.orgx10an14 Yup, adding the Nebula Interface's name to networking.firewall.trustedInterfaces made it so that the dig command now works from the lighthouse to the non-lighthouse node 13:45:11
8 Oct 2025
@x10an14:matrix.orgx10an14Is this maybe a better channel? Should `nixos-rebuild switch && { nmcli dev show | grep DNS; }` not show the added `networking.networkmanager.insertNameserver` given in this git commit? ```diff diff --git a/nixos/x10an14_at_lighthouse/config.nix b/nixos/x10an14_at_lighthouse/config.nix index f19300c..3f87bc8 100644 --- a/nixos/x10an14_at_lighthouse/config.nix +++ b/nixos/x10an14_at_lighthouse/config.nix @@ -1,17 +1,32 @@ -toplevel: { +{ lib, ... }@toplevel: +{ _file = ./config.nix; - flake.modules.nixos.lighthouse = { - imports = [ - (toplevel.config.flake.modules.nixos.non-work or { }) - toplevel.inputs.nixos-facter.nixosModules.facter + flake.modules.nixos.lighthouse = + nixos: + let + nebulaCfg = nixos.config.services.nebula.networks.x10an14; + in + { + imports = [ + (toplevel.config.flake.modules.nixos.non-work or { }) + toplevel.inputs.nixos-facter.nixosModules.facter + ]; + } + // lib.mkMerge [ + { + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + facter.reportPath = ./facter.json; + system.stateVersion = "25.11"; + system.autoUpgrade.enable = true; + } + (lib.mkIf nebulaCfg.enable { + networking.networkmanager = { + enable = true; + insertNameservers = [ "192.168.117.8" ]; + }; + }) ]; - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - }; - networking.useDHCP = true; - facter.reportPath = ./facter.json; - system.stateVersion = "25.11"; - system.autoUpgrade.enable = true; - }; } ```07:48:50
@x10an14:matrix.orgx10an14* Is this maybe a better channel? Should `nixos-rebuild switch && { nmcli dev show | grep DNS; }` not show the added `networking.networkmanager.insertNameserver` given in this git commit? ```diff diff --git a/nixos/x10an14_at_lighthouse/config.nix b/nixos/x10an14_at_lighthouse/config.nix index f19300c..3f87bc8 100644 --- a/nixos/x10an14_at_lighthouse/config.nix +++ b/nixos/x10an14_at_lighthouse/config.nix @@ -1,17 +1,32 @@ -toplevel: { +{ lib, ... }@toplevel: +{ _file = ./config.nix; - flake.modules.nixos.lighthouse = { - imports = [ - (toplevel.config.flake.modules.nixos.non-work or { }) - toplevel.inputs.nixos-facter.nixosModules.facter + flake.modules.nixos.lighthouse = + nixos: + let + nebulaCfg = nixos.config.services.nebula.networks.x10an14; + in + { + imports = [ + (toplevel.config.flake.modules.nixos.non-work or { }) + toplevel.inputs.nixos-facter.nixosModules.facter + ]; + } + // lib.mkMerge [ + { + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + facter.reportPath = ./facter.json; + system.stateVersion = "25.11"; + system.autoUpgrade.enable = true; + } + (lib.mkIf nebulaCfg.enable { + networking.networkmanager = { + enable = true; + insertNameservers = [ "192.168.117.8" ]; + }; + }) ]; - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - }; - networking.useDHCP = true; - facter.reportPath = ./facter.json; - system.stateVersion = "25.11"; - system.autoUpgrade.enable = true; - }; } ```07:49:21
@k900:0upti.meK900No07:49:46
@k900:0upti.meK900It's a horrible hack and you should not use it07:49:50
@k900:0upti.meK900Just use resolved07:49:58
@elvishjerricco:matrix.orgElvishJerricco x10an14: { imports = ...; } // lib.mkMerge [ ... ] seems busted 07:55:46
@elvishjerricco:matrix.orgElvishJerricco should just be { imports = ...; config = lib.mkMerge [ ... ]; } 07:56:16
@x10an14:matrix.orgx10an14
In reply to @elvishjerricco:matrix.org
x10an14: { imports = ...; } // lib.mkMerge [ ... ] seems busted
Nix evaluates it without issue, but sure, I think that's a reasonable suggestion, thanks! 		08:01:10
@elvishjerricco:matrix.orgElvishJerricco frankly I'm not sure what it evaluates too, once through the module system 08:01:31
@elvishjerricco:matrix.orgElvishJerriccoit might just be dropping stuff, I dunno08:01:37
@elvishjerricco:matrix.orgElvishJerricco actually, when I try that I get: error: Expected a module, but found a value of type "merge".) 08:03:27
@elvishjerricco:matrix.orgElvishJerricco * actually, when I try that I get: error: Expected a module, but found a value of type "merge". 08:03:30
@x10an14:matrix.orgx10an14
In reply to @k900:0upti.me
Just use resolved

Hmm, that requires more research... Got any hints/directions to suggest?

This diff spawned out of using "stock" nixos 25.11 + facter on a hetzner box, and wanting to add a custom DNS as top priority, with DHCP dns entries maintained after the custom one

08:04:44
@k900:0upti.meK900Why are you using networkmanager on a hetzner box08:05:00
@k900:0upti.meK900In the first place08:05:06
@x10an14:matrix.orgx10an14
In reply to @elvishjerricco:matrix.org
actually, when I try that I get: error: Expected a module, but found a value of type "merge".
Maybe flake-parts modules does some magic for me? 		08:05:18
@elvishjerricco:matrix.orgElvishJerriccothat would be quite shocking08:05:32
@elvishjerricco:matrix.orgElvishJerriccoit should not be fundamentally changing how the module system works08:05:42

Show newer messages

Back to Room ListRoom Version: 6