| 7 Oct 2025 |
 jappie | is `networking.firewall.trustedInterfaces` what you're looking for? | 13:35:25 |
 x10an14 | It is not set by the module authors/maintainers (https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/networking/nebula.nix#L317), so I doubt it, but I'll give it a try! | 13:37:24 |
| x10an14 | This change allows dig dns queries to a (non-lighthouse) node to work again, but so far seems only from lighthouse itself (where ping worked already in both directions) | 13:41:34 |
| x10an14 | Lemme double-check whether or not trustedInterfaces made the difference | 13:41:53 |
| x10an14 | Yup, adding the Nebula Interface's name to networking.firewall.trustedInterfaces made it so that the dig command now works from the lighthouse to the non-lighthouse node | 13:45:11 |
| 8 Oct 2025 |
| x10an14 | Is this maybe a better channel?
Should `nixos-rebuild switch && { nmcli dev show | grep DNS; }` not show the added `networking.networkmanager.insertNameserver` given in this git commit?
```diff
diff --git a/nixos/x10an14_at_lighthouse/config.nix b/nixos/x10an14_at_lighthouse/config.nix
index f19300c..3f87bc8 100644
--- a/nixos/x10an14_at_lighthouse/config.nix
+++ b/nixos/x10an14_at_lighthouse/config.nix
@@ -1,17 +1,32 @@
-toplevel: {
+{ lib, ... }@toplevel:
+{
_file = ./config.nix;
- flake.modules.nixos.lighthouse = {
- imports = [
- (toplevel.config.flake.modules.nixos.non-work or { })
- toplevel.inputs.nixos-facter.nixosModules.facter
+ flake.modules.nixos.lighthouse =
+ nixos:
+ let
+ nebulaCfg = nixos.config.services.nebula.networks.x10an14;
+ in
+ {
+ imports = [
+ (toplevel.config.flake.modules.nixos.non-work or { })
+ toplevel.inputs.nixos-facter.nixosModules.facter
+ ];
+ }
+ // lib.mkMerge [
+ {
+ boot.loader.grub = {
+ efiSupport = true;
+ efiInstallAsRemovable = true;
+ };
+ facter.reportPath = ./facter.json;
+ system.stateVersion = "25.11";
+ system.autoUpgrade.enable = true;
+ }
+ (lib.mkIf nebulaCfg.enable {
+ networking.networkmanager = {
+ enable = true;
+ insertNameservers = [ "192.168.117.8" ];
+ };
+ })
];
- boot.loader.grub = {
- efiSupport = true;
- efiInstallAsRemovable = true;
- };
- networking.useDHCP = true;
- facter.reportPath = ./facter.json;
- system.stateVersion = "25.11";
- system.autoUpgrade.enable = true;
- };
}
``` | 07:48:50 |
| x10an14 | * Is this maybe a better channel?
Should `nixos-rebuild switch && { nmcli dev show | grep DNS; }` not show the added `networking.networkmanager.insertNameserver` given in this git commit?
```diff
diff --git a/nixos/x10an14_at_lighthouse/config.nix b/nixos/x10an14_at_lighthouse/config.nix
index f19300c..3f87bc8 100644
--- a/nixos/x10an14_at_lighthouse/config.nix
+++ b/nixos/x10an14_at_lighthouse/config.nix
@@ -1,17 +1,32 @@
-toplevel: {
+{ lib, ... }@toplevel:
+{
_file = ./config.nix;
- flake.modules.nixos.lighthouse = {
- imports = [
- (toplevel.config.flake.modules.nixos.non-work or { })
- toplevel.inputs.nixos-facter.nixosModules.facter
+ flake.modules.nixos.lighthouse =
+ nixos:
+ let
+ nebulaCfg = nixos.config.services.nebula.networks.x10an14;
+ in
+ {
+ imports = [
+ (toplevel.config.flake.modules.nixos.non-work or { })
+ toplevel.inputs.nixos-facter.nixosModules.facter
+ ];
+ }
+ // lib.mkMerge [
+ {
+ boot.loader.grub = {
+ efiSupport = true;
+ efiInstallAsRemovable = true;
+ };
+ facter.reportPath = ./facter.json;
+ system.stateVersion = "25.11";
+ system.autoUpgrade.enable = true;
+ }
+ (lib.mkIf nebulaCfg.enable {
+ networking.networkmanager = {
+ enable = true;
+ insertNameservers = [ "192.168.117.8" ];
+ };
+ })
];
- boot.loader.grub = {
- efiSupport = true;
- efiInstallAsRemovable = true;
- };
- networking.useDHCP = true;
- facter.reportPath = ./facter.json;
- system.stateVersion = "25.11";
- system.autoUpgrade.enable = true;
- };
}
``` | 07:49:21 |
 K900 | No | 07:49:46 |
| K900 | It's a horrible hack and you should not use it | 07:49:50 |
| K900 | Just use resolved | 07:49:58 |
 ElvishJerricco | x10an14: { imports = ...; } // lib.mkMerge [ ... ] seems busted | 07:55:46 |
| ElvishJerricco | should just be { imports = ...; config = lib.mkMerge [ ... ]; } | 07:56:16 |
| x10an14 | In reply to @elvishjerricco:matrix.org
x10an14: { imports = ...; } // lib.mkMerge [ ... ] seems busted Nix evaluates it without issue, but sure, I think that's a reasonable suggestion, thanks! | 08:01:10 |
| ElvishJerricco | frankly I'm not sure what it evaluates too, once through the module system | 08:01:31 |
| ElvishJerricco | it might just be dropping stuff, I dunno | 08:01:37 |
| ElvishJerricco | actually, when I try that I get: error: Expected a module, but found a value of type "merge".) | 08:03:27 |
| ElvishJerricco | * actually, when I try that I get: error: Expected a module, but found a value of type "merge". | 08:03:30 |
| x10an14 | In reply to @k900:0upti.me
Just use resolved Hmm, that requires more research... Got any hints/directions to suggest?
This diff spawned out of using "stock" nixos 25.11 + facter on a hetzner box, and wanting to add a custom DNS as top priority, with DHCP dns entries maintained after the custom one | 08:04:44 |
| K900 | Why are you using networkmanager on a hetzner box | 08:05:00 |
| K900 | In the first place | 08:05:06 |
| x10an14 | In reply to @elvishjerricco:matrix.org
actually, when I try that I get: error: Expected a module, but found a value of type "merge". Maybe flake-parts modules does some magic for me? | 08:05:18 |
| ElvishJerricco | that would be quite shocking | 08:05:32 |
| ElvishJerricco | it should not be fundamentally changing how the module system works | 08:05:42 |
| K900 | Oh wait | 08:06:03 |
| ElvishJerricco | I'm more worried that you're not actually importing this module and that's why it isn't throwing an error or doing what you expected it to do | 08:06:03 |
| K900 | You're NOT using networkmanager | 08:06:06 |
| K900 | You're using scripted networking | 08:06:12 |
| K900 | And trying to apply networkmanager options to it | 08:06:16 |
| K900 | I assume it's this?
┃ │ ┌─ ⏸ unit-dbus-broker.service | 08:06:32 |
| K900 | * I assume it's this? https://github.com/slackhq/nebula | 08:06:38 |
