| 8 Oct 2025 |
 x10an14 | In reply to @elvishjerricco:matrix.org
I'm more worried that you're not actually importing this module and that's why it isn't throwing an error or doing what you expected it to do It's not throwing an error, I thought I turned on networkmanager to make use of insertNamserver, and couldn't see that effectuated | 08:09:46 |
 K900 | ^ | 08:10:13 |
| x10an14 | In reply to @k900:0upti.me
Then just put it in networking.nameservers and it should work But I could not find any documentation that this would keep/respect DHCP DNS entries, or if it did, which are tried first. And I'm a little scared of messing up the network config and having to rebuild the VM from scratch | 08:12:34 |
| K900 | It will be used first, but that's generally not an issue, and you can always SSH into your VM even if DNS is broken | 08:12:55 |
 magic_rb | resloved will try the hardconfigured DNS first, but you can get it to ignore DHCP DNS entries completely. Or specify that you want to only use those for certain domains. I do that on my laptop, .lan is configured to go to my home router, everything else goes to my DoT proxy on my home server | 08:16:28 |
|  @haauler:matrix.org left the room. | 10:43:45 |
|  @felix.schroeter:scs.ems.host changed their display name from Felix Schröter (🌄 29.09. – 05.10.) to Felix Schröter. | 13:09:16 |
| 9 Oct 2025 |
|  srhb set a profile picture. | 07:08:19 |
|  Anton (he/him) joined the room. | 16:08:01 |
| 10 Oct 2025 |
 m0lok | I'm trying to run tailscale inside a nixos container | 16:51:25 |
| m0lok | gm gm | 16:51:32 |
| m0lok | but for some reason even if I have internet, I get this route ip+net: no such network interface | 16:51:57 |
| m0lok | I'm using a bridge for networking | 16:52:15 |
| m0lok | I had to enable tun :D | 16:55:35 |
| m0lok | mmm for some reason the tailscale on the podman container failed | 23:04:42 |
| 11 Oct 2025 |
|  midischwarz12 joined the room. | 20:34:07 |
| K900 | Woo new regdb update | 21:13:41 |
| K900 | And still no https://lore.kernel.org/wireless-regdb/20250708-russia-320-v1-1-53641e8dd417@0upti.me/T/#u | 21:13:43 |
| K900 | Should just email wens directly probably | 21:14:14 |
| 12 Oct 2025 |
| midischwarz12 removed their profile picture. | 02:45:02 |
| midischwarz12 set a profile picture. | 02:45:11 |
| Anton (he/him) changed their display name from Anton to Anton (he/him). | 13:17:55 |
|  @midirhee12:tchncs.de removed their profile picture. | 21:27:42 |
| @midirhee12:tchncs.de removed their display name midirhee12. | 21:28:17 |
| @midirhee12:tchncs.de left the room. | 21:28:28 |
| 13 Oct 2025 |
|  KDK12 joined the room. | 11:41:46 |
| KDK12 | Hi everyone!
I'm using fail2ban to secure my server — it works fine, but I'd like to block known bad IP addresses before they can access anything.
Currently, I have a small systemd service and timer that download a FireHOL blacklist daily and insert all the IPs into an nftables set.
Is there a more idiomatic or less DIY way to achieve this on NixOS? | 13:21:57 |
| K900 | Honestly the correct answer is "just don't" | 13:26:32 |
| K900 | Address based blocklists are terrible and an adversary that can break ed25519 can do much more damage than pwning your seedbox | 13:27:05 |
| K900 | fail2ban may have made sense when people were actually using password auth | 13:27:48 |
