| 30 Jun 2025 |
 emily | it could all just be broken in some other way :) | 07:35:44 |
 hexa | yes, sure | 07:36:04 |
| hexa | and with polkit-gnome running it prompts me for my password when editing a connection | 07:37:49 |
| hexa | 
Download image.png | 07:38:03 |
| hexa | but that doesn't work when outside the group over ssh | 07:39:03 |
 Brisingr05 | FYI polkit_gnome has been unmaintained for about a decade and the repo is archived. | 07:40:57 |
| hexa | super exciting | 07:43:04 |
| hexa | probably all builtin these days | 07:43:08 |
| emily | maybe we should remove some of those things | 07:43:41 |
| hexa | given that the only rule i have for polkit is nm related … i should probably just ignore polkit | 07:44:55 |
| emily | most polkit stuff is not in NixOS rules | 07:45:23 |
| emily | it's in policies shipped with the daemons | 07:45:26 |
| Brisingr05 | I brought it up a while ago here: https://matrix.to/#/#security-discuss:nixos.org/$nohR8r25cNgzLbufqDYy-WXd9hkIdpL_s-kvmAZ_HPI
It seems some packages depend on it. | 07:46:05 |
| hexa | there are no policies shipped with the daemon | 07:46:11 |
| emily | udisk mounting is a common thing | 07:46:11 |
| emily | https://github.com/NetworkManager/NetworkManager/blob/5ab04c8f567ca7e1d7b494c1ee13a5b9c907f76c/data/org.freedesktop.NetworkManager.policy.in.in | 07:46:59 |
| hexa | oh, with the nm daemon | 07:47:10 |
| hexa | I thought you meant polkit itself | 07:47:33 |
| hexa | anyway, only rules are properly inspectable from the filesystem sadly | 07:48:10 |
| emily | pipewire also uses polkit I think, really basically everything in the fd.o stack as well as systemd does | 07:48:28 |
| emily | but it may not be essential for your use case | 07:48:34 |
| hexa | given that most of my config is not done interactively and if in doubt i can elevate, yeah | 07:49:39 |
 clerie | I found out that with scripted networking some interfaces aren't set up when systemd-resolved is enabled. I would appreciate feedback to my proposal of fixing this. Especially considering additional side effects that could arise: https://github.com/NixOS/nixpkgs/pull/421010 | 14:46:00 |
| emily | we might not want to do stuff to scripted networking that might be backwards-incompatible (though I don't know if these service ordering changes would be, but they can be subtle) since we were just working on finally starting to deprecate it | 14:47:49 |
| clerie | To my understanding the change should not break anything, but I'm not sure if there is anything outside this file that might be influenced by this.
(The irony is that I encountered this issue while being in the process of migrating my stuff the networkd)
| 14:55:04 |
| hexa | Yeah, the reason we want to get rid of scripted networking that it is hard to reason about it. 😬 | 15:00:37 |
 Molly Miller | is there any kind of concrete plan for the deprecation of scripted networking, or is that currently work in progress? | 15:02:03 |
| emily | we just started the process of not making it the default option any more | 15:02:41 |
| emily | it will probably be timed roughly around the systemd stage 1 transition | 15:02:57 |
| emily | expect 25.11 to ship with different defaults and deprecations/removals around 26.05, 26.11, say | 15:03:14 |
