| 30 Jun 2025 |
 hexa | super exciting | 07:43:04 |
| hexa | probably all builtin these days | 07:43:08 |
 emily | maybe we should remove some of those things | 07:43:41 |
| hexa | given that the only rule i have for polkit is nm related … i should probably just ignore polkit | 07:44:55 |
| emily | most polkit stuff is not in NixOS rules | 07:45:23 |
| emily | it's in policies shipped with the daemons | 07:45:26 |
 @brisingr05:matrix.org | I brought it up a while ago here: https://matrix.to/#/#security-discuss:nixos.org/$nohR8r25cNgzLbufqDYy-WXd9hkIdpL_s-kvmAZ_HPI
It seems some packages depend on it. | 07:46:05 |
| hexa | there are no policies shipped with the daemon | 07:46:11 |
| emily | udisk mounting is a common thing | 07:46:11 |
| emily | https://github.com/NetworkManager/NetworkManager/blob/5ab04c8f567ca7e1d7b494c1ee13a5b9c907f76c/data/org.freedesktop.NetworkManager.policy.in.in | 07:46:59 |
| hexa | oh, with the nm daemon | 07:47:10 |
| hexa | I thought you meant polkit itself | 07:47:33 |
| hexa | anyway, only rules are properly inspectable from the filesystem sadly | 07:48:10 |
| emily | pipewire also uses polkit I think, really basically everything in the fd.o stack as well as systemd does | 07:48:28 |
| emily | but it may not be essential for your use case | 07:48:34 |
| hexa | given that most of my config is not done interactively and if in doubt i can elevate, yeah | 07:49:39 |
 clerie | I found out that with scripted networking some interfaces aren't set up when systemd-resolved is enabled. I would appreciate feedback to my proposal of fixing this. Especially considering additional side effects that could arise: https://github.com/NixOS/nixpkgs/pull/421010 | 14:46:00 |
| emily | we might not want to do stuff to scripted networking that might be backwards-incompatible (though I don't know if these service ordering changes would be, but they can be subtle) since we were just working on finally starting to deprecate it | 14:47:49 |
| clerie | To my understanding the change should not break anything, but I'm not sure if there is anything outside this file that might be influenced by this.
(The irony is that I encountered this issue while being in the process of migrating my stuff the networkd)
| 14:55:04 |
| hexa | Yeah, the reason we want to get rid of scripted networking that it is hard to reason about it. 😬 | 15:00:37 |
 Molly Miller | is there any kind of concrete plan for the deprecation of scripted networking, or is that currently work in progress? | 15:02:03 |
| emily | we just started the process of not making it the default option any more | 15:02:41 |
| emily | it will probably be timed roughly around the systemd stage 1 transition | 15:02:57 |
| emily | expect 25.11 to ship with different defaults and deprecations/removals around 26.05, 26.11, say | 15:03:14 |
| emily | though we were meant to flip some of those defaults releases ago already :) | 15:03:25 |
| Molly Miller | okay | 15:03:40 |
| Molly Miller | with my work hat on: we rely really heavily on scripted networking internally, though i've long been expecting that it'll eventually be removed | 15:04:36 |
| Molly Miller | one of my colleagues has suggested that we (flying circus) might be able to take over maintainership of the scripted networking support, though i have the impression that having more than one network configuration subsystem in the tree is an ongoing maintenance headache | 15:05:55 |
| clerie | You don't want this, really /o\ | 15:06:46 |
| emily | I don't think there's the appetite for it – if anything it seems like the path is likely to be deprecating the networking.* interfaces entirely | 15:07:11 |
