| 10 Oct 2025 |
 m0lok | mmm for some reason the tailscale on the podman container failed | 23:04:42 |
| 11 Oct 2025 |
|  midischwarz12 joined the room. | 20:34:07 |
 K900 | Woo new regdb update | 21:13:41 |
| K900 | And still no https://lore.kernel.org/wireless-regdb/20250708-russia-320-v1-1-53641e8dd417@0upti.me/T/#u | 21:13:43 |
| K900 | Should just email wens directly probably | 21:14:14 |
| 12 Oct 2025 |
| midischwarz12 removed their profile picture. | 02:45:02 |
| midischwarz12 set a profile picture. | 02:45:11 |
|  Anton (he/him) changed their display name from Anton to Anton (he/him). | 13:17:55 |
|  @midirhee12:tchncs.de removed their profile picture. | 21:27:42 |
| @midirhee12:tchncs.de removed their display name midirhee12. | 21:28:17 |
| @midirhee12:tchncs.de left the room. | 21:28:28 |
| 13 Oct 2025 |
|  KDK12 joined the room. | 11:41:46 |
| KDK12 | Hi everyone!
I'm using fail2ban to secure my server — it works fine, but I'd like to block known bad IP addresses before they can access anything.
Currently, I have a small systemd service and timer that download a FireHOL blacklist daily and insert all the IPs into an nftables set.
Is there a more idiomatic or less DIY way to achieve this on NixOS? | 13:21:57 |
| K900 | Honestly the correct answer is "just don't" | 13:26:32 |
| K900 | Address based blocklists are terrible and an adversary that can break ed25519 can do much more damage than pwning your seedbox | 13:27:05 |
| K900 | fail2ban may have made sense when people were actually using password auth | 13:27:48 |
| K900 | But as long as you're using public key auth, it's basically a non-issue, except for maybe DoS potential, but an attacker trying to DoS you can DoS anything else you're running just as well | 13:28:22 |
| KDK12 | Fair point, thanks for the insight! | 13:53:05 |
|  Ewan joined the room. | 15:28:40 |
| 14 Oct 2025 |
|  chris joined the room. | 08:56:02 |
| 15 Oct 2025 |
|  DenKn changed their display name from 𝔇𝔢𝔫𝔎𝔫 to DenKn. | 08:15:36 |
 kraem | hey! on the lookout for a poe switch, fanless or very quiet, ideally openwrt compatible but not a must. i'm eyeing zyxel gs1900-8hp, any other i should checkout? | 20:32:55 |
 adamcstephens | HP 1920-8G JG920A would be a similar option that has no fan and can run openwrt | 20:51:03 |
| adamcstephens | oh sorry, you said POE. most (or all?) of the HP 1920 line is supported on openwrt. https://svanheule.net/switches/hpe_1920_series | 20:51:57 |
| 16 Oct 2025 |
|  Nick changed their display name from norta to Nick. | 02:22:59 |
| kraem | thanks, i'll check them out! | 05:25:16 |
|  Sean Ross joined the room. | 23:03:26 |
| Sean Ross | Does anyone know why when using systemd without setting any networks "I want to control these with my own .link and .network files" I end up with a 40-lan1.network and a 40-wan1.network. I can not find any definitions for these in my config files and they are sym links to /etc/static/systemd/network/.
Here is my networking config
systemd = {
network = {
enable = true;
wait-online.timeout = 2;
networks."99-ethernet-default-dhcp".enable = lib.mkForce false;
networks."99-wireless-client-dhcp".enable = lib.mkForce false;
};
services."systemd-networkd-wait-online".enable = lib.mkDefault false;
};
I can't even figure out how it chose the names lan1 and wan1
| 23:12:31 |
| 17 Oct 2025 |
 ElvishJerricco | Sean Ross: those get made when you have networking.useNetworkd = true; and networking.interfaces.lan1 = .... and whatnot. The point of networking.useNetworkd isn't to just enable networkd or anything; it's to reimplement most of the networking.* options using networkd | 01:21:26 |
| Sean Ross | ElvishJerricco: Thank you I think in a config somewhere I do have networking.useNetworkd = true; but I don't believe there is anything set like networking.interfaces.<name> = {};. I'll take another look when I get a chance. | 01:24:16 |
