| 21 Aug 2021 |
 6aa4fd | a data center with only a /64? what a joke | 03:00:11 |
 matthewcroughan - nix.zone | Well, it's just a business connection. | 03:00:22 |
| matthewcroughan - nix.zone | BT (British Telecom) | 03:00:27 |
| 6aa4fd | that is like a v4 network with only one vlan | 03:00:30 |
| matthewcroughan - nix.zone | Yup :D | 03:00:35 |
| matthewcroughan - nix.zone | Horrible. | 03:00:36 |
| matthewcroughan - nix.zone | and the network administrator is a BOFH | 03:00:54 |
| 6aa4fd | do they just use Mac based firewalling? | 03:01:01 |
| matthewcroughan - nix.zone | Not sure about the firewall details, it's a free for all. | 03:01:18 |
| matthewcroughan - nix.zone | https://youtu.be/GE94BJg3U1Q | 03:01:26 |
| matthewcroughan - nix.zone | This video should explain it. | 03:01:28 |
| 6aa4fd | In reply to @matthewcroughan:defenestrate.it
Not sure about the firewall details, it's a free for all. time to get ya shit out brotha | 03:06:05 |
| matthewcroughan - nix.zone | I'm not that paranoid really. | 03:06:16 |
| 6aa4fd | anyways good luck with the tunnel, ping me if it hisses | 03:06:37 |
| matthewcroughan - nix.zone | A NixOS machine is a pretty good and secure internet facing base. | 03:06:39 |
| 6aa4fd | sure unless they get any user with read access | 03:07:00 |
| matthewcroughan - nix.zone | Only two users on the machine. Me and the other Administrator. | 03:07:31 |
| 6aa4fd | until we have granular store permissions its pretty dicey as production | 03:07:37 |
| matthewcroughan - nix.zone | Two users with a shell, and ssh access, ssh keys only. | 03:07:47 |
| matthewcroughan - nix.zone | In reply to @6aa4fd:tchncs.de
until we have granular store permissions its pretty dicey as production How do you figure? What does the store have to do with it? | 03:08:08 |
| matthewcroughan - nix.zone | Nothing sensitive is in the nix store. | 03:08:19 |
| 6aa4fd | yeah well if you don't expose anything but ssh, back ports are the only thing that matters, its not exactly a conpetjtkve field | 03:08:26 |
| 6aa4fd | well sure but a shit load of services you configure with the nix store do have write-sensitive information in the store | 03:09:10 |
| 6aa4fd | so not actually true, though it would be nice | 03:09:28 |
| matthewcroughan - nix.zone | The nix store is not world writable. | 03:09:29 |
| 6aa4fd | read-sensitive, sorry | 03:09:40 |
| matthewcroughan - nix.zone | I disagree, what are you thinking of? | 03:09:51 |
| matthewcroughan - nix.zone | I mean, you can put it there yourself, but you'd be mad to. | 03:10:00 |
| 6aa4fd | so do you use environment variables instead | 03:10:18 |
| matthewcroughan - nix.zone | I use agenix which stores secrets encrypted in the store. | 03:10:36 |
