| 29 Jun 2025 |
 hexa (clat on linux when) |
nmcli or nmtui tools pull in the NetworkManager library and use those functions to search for binaries. If you then, for example, add an openconnect VPN and try to connect, they will search for the openconnect binary in their PATH as well.
| 16:54:03 |
| hexa (clat on linux when) | I added openconnect as a system package because of that remark | 16:54:16 |
 emily | tbh, the OpenConnect thing probably should actually be a separate option at that point | 16:54:54 |
| emily | since it is doing more system integration than… adding an item to a list | 16:55:11 |
| hexa (clat on linux when) | nah, nm is just instrumenting the vpn binary | 16:55:39 |
| hexa (clat on linux when) | I think that's fine | 16:55:46 |
| emily | well I mean vs. pname conditionals | 16:55:55 |
| hexa (clat on linux when) | install the plugin and you get the executable for free | 16:55:56 |
| emily | "system package gets added based on pname of something in the plugins option of another package's module" is not within expected behaviour for me | 16:56:28 |
| emily | well | 16:56:30 |
| hexa (clat on linux when) | yeah, this is a minimal approach to make it work | 16:56:32 |
| emily | ok I expect NixOS modules to do arbitrarily horrible things | 16:56:35 |
| hexa (clat on linux when) | you add the plugin and we make sure it just works | 16:56:49 |
| emily | if adding a package with a certain name disabled the firewall I'd probably just shrug :) | 16:56:51 |
| emily | yeah, but then you switch to your own packaging of networkmanager-openconnect-neo-fork and it stops working suddenly and it's spooky at a distance to find out why | 16:57:18 |
| hexa (clat on linux when) | we could add a withOpenConnect option to more clearly state what we're doing | 16:57:22 |
| emily | which services.networkmanager.openconnect.enable wouldn't cause because you'd know there's integration going on | 16:57:34 |
| hexa (clat on linux when) | but I'm not a fan of having too many options for stuff like that | 16:57:44 |
| hexa (clat on linux when) | hence removing the enableStrongSwan option … that among other things puts the plugin into the plugin list | 16:57:57 |
| emily | options are bad when they don't do actual system integration | 16:57:57 |
| emily | but they're good when they actually are integrating things | 16:58:04 |
| emily | imo | 16:58:08 |
| emily | coordinating setting up multiple things that need to work together is why we define options at all | 16:58:30 |
| hexa (clat on linux when) | so you are opposed to https://github.com/NixOS/nixpkgs/pull/421042/commits/3705a24271108f54e414e629861883d8b2aa7116? | 17:00:45 |
| hexa (clat on linux when) | 
Download image.png | 17:01:49 |
| hexa (clat on linux when) | this is probably the crucial part | 17:01:56 |
| hexa (clat on linux when) | where you think the package being in the list does too much? | 17:02:04 |
| emily | yeah, though to be clear I don't want to hard block this | 17:03:24 |
| emily | but how about pkgs.networkmanager_strongswan.passthru.thingsNetworkManagerNeedsInPathAtRuntime | 17:03:51 |
| emily | which can then be collected in a generic way | 17:03:56 |
