| 16 Aug 2021 |
 eyJhb | Ie. so that I could access the internet, and then went on from there :) | 20:55:43 |
 hpfr | * if you mean features, I set up a Wireguard VPN to access my LAN from away and a DNS server with some overrides for homelab services. In the future I want to try network wide ad blocking and VLAN's for IoT | 20:56:51 |
| eyJhb | But I can't even give you a good base config to use hpfr , I think mine is too specific now... :/ | 21:03:16 |
| hpfr | even if you had one, I'm not sure I'd want it. there are others available anyway. my main concern is I want to have enough knowledge not to shoot myself in the foot and either accidentally make my network unusable (obviously a serious issue) for some period of time while I struggle to troubleshoot due to lack of knowledge, or worse, make some security blunder | 21:05:17 |
| hpfr | so I'm looking for Linux networking resources that are somewhere between "blindly copying commands from the internet" and "reading a networking textbook" | 21:06:12 |
 CRTified | Depending on what level of knowledge you're looking for a textbook might be your best bet to be honest | 21:11:12 |
| CRTified | Or just start with a toy setup with multiple virtual machines? That way, you can test stuff and build your config as desired (this is IMHO one of the biggest advantages of nix - you can test more complex setups like this, too) | 21:13:58 |
| hpfr | oof, ok. got any book recommendations | 21:14:50 |
| hpfr | as for the VM's, how does nix make things easier here? | 21:15:01 |
| CRTified | The "default book" for most universities in my country is either "Computer Networking: A Top-Down Approach" by Kurose/Ross or "Computer Networks" by Tannenbaum | 21:16:19 |
| CRTified | The former has a - well - top down approach, while the second one is "bottom-up" (with respect to the OSI layers) | 21:16:59 |
| CRTified | * The former has a - well - top down approach, while the second one is "bottom-up" (with respect to the OSI layers) (I personally did only work with the first one) | 21:17:24 |
| CRTified | In reply to @hpfr:matrix.org
as for the VM's, how does nix make things easier here? You can use e.g. nixops to deploy to libvirtd or virtualbox and orchestrate multiple machines that way. I'm currently writing a configuration for a HPC cluster and have one "master node" and five identical slave nodes that are all created by nixops | 21:18:40 |
| CRTified | In reply to @hpfr:matrix.org
as for the VM's, how does nix make things easier here? * You can use e.g. nixops to deploy to libvirtd or virtualbox and orchestrate multiple machines that way. I'm currently writing a configuration for a HPC cluster and have one "master node" (where the slurm administration, LDAP and NFS server are running) and five identical "slave nodes" that are all created by nixops | 21:19:14 |
| hpfr | oh, yeah | 21:19:11 |
| hpfr | ok, thanks | 21:19:23 |
| CRTified | And as soon as you're happy, you "only" need to switch the deployment target :) | 21:19:39 |
| hpfr | why the scare quotes 😅 | 21:20:22 |
| hpfr | that sounds accurate | 21:20:34 |
| CRTified | Well, VMs don't need a hardware-configuration - I'm not sure whether it will work completely out of the box 😅 | 21:21:07 |
| hpfr | oh, right | 21:21:47 |
| CRTified | And I don't have enough time right now to test it on the real hardware, as there's a somewhat urgent deadline coming 🤐 | 21:22:43 |
 matthewcroughan - nix.zone | Is it possible for anyone to tell me how to port forward? | 23:15:28 |
| matthewcroughan - nix.zone | I'm trying to provide someone access to a libvirt vm that is using the default nat interface. This would be great, since then the person I'm giving access to this VM wouldn't be able to snoop around my network. | 23:16:03 |
| matthewcroughan - nix.zone | I was hoping I could do it entirely in the libvirt xml config, but can someone tell me how to set it up in Nix code, since I don't want to manually be playing with iptables! | 23:16:27 |
| matthewcroughan - nix.zone | So I want to port forward:
192.168.3.4:2222 -> 192.168.122.x:2222 | 23:19:32 |
| CRTified | In reply to @matthewcroughan:defenestrate.it
So I want to port forward:
192.168.3.4:2222 -> 192.168.122.x:2222 Probably networking.nat.forwardPorts? | 23:25:12 |
| matthewcroughan - nix.zone | is that the only option I need to set? | 23:25:20 |
| matthewcroughan - nix.zone | * is that the only option I need to set and use? | 23:25:22 |
| matthewcroughan - nix.zone | what about .enable .internalIPs and externalInterface? | 23:25:38 |
