| 16 Aug 2021 |
 CRTified | And I don't have enough time right now to test it on the real hardware, as there's a somewhat urgent deadline coming 🤐 | 21:22:43 |
 matthewcroughan - nix.zone | Is it possible for anyone to tell me how to port forward? | 23:15:28 |
| matthewcroughan - nix.zone | I'm trying to provide someone access to a libvirt vm that is using the default nat interface. This would be great, since then the person I'm giving access to this VM wouldn't be able to snoop around my network. | 23:16:03 |
| matthewcroughan - nix.zone | I was hoping I could do it entirely in the libvirt xml config, but can someone tell me how to set it up in Nix code, since I don't want to manually be playing with iptables! | 23:16:27 |
| matthewcroughan - nix.zone | So I want to port forward:
192.168.3.4:2222 -> 192.168.122.x:2222 | 23:19:32 |
| CRTified | In reply to @matthewcroughan:defenestrate.it
So I want to port forward:
192.168.3.4:2222 -> 192.168.122.x:2222 Probably networking.nat.forwardPorts? | 23:25:12 |
| matthewcroughan - nix.zone | is that the only option I need to set? | 23:25:20 |
| matthewcroughan - nix.zone | * is that the only option I need to set and use? | 23:25:22 |
| matthewcroughan - nix.zone | what about .enable .internalIPs and externalInterface? | 23:25:38 |
| CRTified | You'll probably need to enable nat, too | 23:25:38 |
| CRTified | Oh yes, at least ne internal and 3xternql interfaces should be set | 23:25:59 |
| CRTified | * Oh yes, at least the internal and external interfaces should be set | 23:26:12 |
| matthewcroughan - nix.zone | Is it possible for me to lock myself out of the machine? | 23:26:28 |
| CRTified | (Sorry, on mobile/in bed already) | 23:26:33 |
| CRTified | In reply to @matthewcroughan:defenestrate.it
Is it possible for me to lock myself out of the machine? Yes, definitely | 23:26:41 |
| matthewcroughan - nix.zone | I wish nixos-rebuild test had a --rollback-timer option :D | 23:26:53 |
| CRTified | In reply to @matthewcroughan:defenestrate.it
I wish nixos-rebuild test had a --rollback-timer option :D Shouldn't that be doable? One-shot systemd timer in a different root config? 🤔 | 23:28:05 |
| matthewcroughan - nix.zone | deploy-rs does it, somehow | 23:28:18 |
 eyJhb | Nixus ;) | 23:35:37 |
| 17 Aug 2021 |
|  putchar joined the room. | 09:51:02 |
 nixinator | In reply to @matthewcroughan:defenestrate.it
I wish nixos-rebuild test had a --rollback-timer option :D `nixos-rebuild switch; sleep 60; nixos-rebuild switch --rollback" :-) | 11:25:02 |
| nixinator | In reply to @matthewcroughan:defenestrate.it
I wish nixos-rebuild test had a --rollback-timer option :D * nixos-rebuild switch; sleep 60; nixos-rebuild switch --rollback :-) | 11:25:15 |
| nixinator | you may have to nohup that if you loose your shell connection. | 11:25:48 |
| nixinator | if you don't want the complexities of nat translation you can socat, ncat,goproxy and all sorts of other tcp forwarding goodies, some also have cool features :-) | 11:35:45 |
| nixinator | you'll probably loose a slight bit of performance as it's not in kernel, but depends what your loads are. | 11:42:11 |
| CRTified | In reply to @matthewcroughan:defenestrate.it
Is it possible for me to lock myself out of the machine? Didn't properly think about this. It depends on how you access the machine. Messing with networking can easily lock you out of SSH or other network-based administration options, but if you're at the machine (i.e. keyboard/mouse/screen or UART or something similar), it's hard to not be able to fix it | 11:45:48 |
| nixinator | networking, there a lot to think about, more developers than you care to think about don't understand it, especially the lower layers... but thats the beauty of abstractions, you don't have to understand what they are doing :-) | 13:03:45 |
| eyJhb | Also recommend looking at nftables instead of iptables. I still do suck at it, but there are some experts in here, as well as some people in #netfilter on Libera that are very nice! | 15:28:26 |
 hexa | I do love ferm, but it's "stuck" with iptables | 15:52:22 |
| hexa | It has the most convenient syntactic sugar | 15:52:45 |
