| 26 Jan 2026 |
 Grimmauld (any/all) | no idea, iproute basically just works. Though i do run this:
{
lib,
...
}:
{
nixpkgs.overlays = [
(final: prev: {
networkmanager = prev.networkmanager.overrideAttrs (old: {
mesonFlags = lib.filter (f: !(lib.hasPrefix "-Diptables=" f)) old.mesonFlags or [ ];
});
iproute2 = prev.iproute2.override {
iptables = null;
};
nftables = prev.nftables.override { withXtables = false; };
})
];
networking.nftables.enable = true;
system.forbiddenDependenciesRegexes = [ "iptables" ];
}
No need for iptables if one can have nftables, might as well remove it from iproute. Maybe i got lucky and removed the bad code with that? Who knows
| 15:48:39 |
 matthewcroughan | is nftables the default in nixpkgs yet? | 15:51:55 |
| Grimmauld (any/all) | not yet | 15:52:10 |
| Grimmauld (any/all) | but its one of those things that is just better than the default | 15:52:23 |
| matthewcroughan | yeah, for sure | 15:53:07 |
| matthewcroughan | In nixos-musl, if I add those, iproute still ends up in the graph | 15:56:22 |
| matthewcroughan | 
Download image.png | 15:56:26 |
| matthewcroughan | remember this is for pkgs.nixos {} all defaults, maybe you've got some more config that somehow gets rid of iproute from the systemPackages too | 15:57:08 |
| matthewcroughan | modifying environment.defaultPackages for example ? | 15:57:29 |
| matthewcroughan | Yes, it's in environment.corePackages | 16:00:03 |
| matthewcroughan | https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/tasks/network-interfaces.nix#L1771-L1777 | 16:00:33 |
| matthewcroughan | Yeah, I'm not sure how you're able to get rid of that | 16:03:16 |
| Grimmauld (any/all) | oh yeah i build systemd without tpm :P | 16:05:28 |
| matthewcroughan | Ah! | 16:05:32 |
| matthewcroughan | How does that actually relate to iproute2 being included in the network tho | 16:05:44 |
| matthewcroughan | * How does that actually relate to iproute2 being included in the network interfaces file tho | 16:05:50 |
| matthewcroughan | like how does tasks/network-interfaces.nix somehow become conditional on tpm | 16:06:05 |
| matthewcroughan | * like how does tasks/network-interfaces.nix somehow become conditional on tpm? | 16:06:07 |
| Grimmauld (any/all) | no clue, i just know i haven't heard of any issues with iproute and dropping iptables is the only overlay i have against it | 16:06:23 |
| Grimmauld (any/all) | iproute stays in the closure | 16:06:33 |
| matthewcroughan | Then something else must be being done, I don't think tpm is related here | 16:06:37 |
| Grimmauld (any/all) | but iptables goes away | 16:06:38 |
| matthewcroughan | Oh okay and iproute is the thing causing the failure | 16:06:50 |
| Grimmauld (any/all) | yeah | 16:06:57 |
| matthewcroughan | for me, it doesn't resolve it, iproute2 with iptables is still in the closure | 16:07:18 |
| matthewcroughan | verbatim doing what you said | 16:07:21 |
| Grimmauld (any/all) | the only thing i do to it is remove iptables, other than that the nixpkgs package for iproute just works on musl last i checked | 16:07:29 |
| matthewcroughan | Yeah no, I think this fix you've provided is for a different failure case | 16:09:32 |
| matthewcroughan | iproute2 is failing due to
iproute2> utils_math.c:136:13: error: use of undeclared identifier 'UINT_MAX'
iproute2> 136 | if (sz64 > UINT_MAX)
| 16:10:01 |
| matthewcroughan | Grimmauld (any/all): You won't believe this | 16:26:46 |
