| 19 Jan 2026 |
|  @washort:greyface.org left the room. | 16:16:45 |
| 20 Jan 2026 |
|  ladadofar changed their display name from cloudcyclist to ladadofar. | 07:15:58 |
| 22 Jan 2026 |
|  trix joined the room. | 20:03:18 |
| trix | Has anyone tested IP Address certificates yet? I'm trying on 25.11 w/ shortlived profile, but I'm getting a badCSR error, with "CSR contains IP address in Common Name". I believe it's from the remote, but I'm not fully sure, and it would not make much sense, unless I majorily misunderstood how this works. | 20:16:24 |
| trix | There seems to be a hint that the common name must be disabled in CSR. Looking into how to do that | 20:30:39 |
 hexa (clat on linux when) | IP address can only be a SAN entry | 20:38:52 |
| hexa (clat on linux when) | In principle you should be able to skip the common name altogether | 20:39:13 |
| hexa (clat on linux when) | but not sure we allow that | 20:39:19 |
| hexa (clat on linux when) | * but not sure we (or lego) allow that | 20:39:26 |
 Tom | there is btw. #acme:nixos.org | 20:42:52 |
| trix | thanks i was unaware | 21:02:18 |
|  Moved to: @astro:c3d2.de changed their display name from Astro to Moved to: @astro:c3d2.de. | 21:38:10 |
|  Astro joined the room. | 21:58:24 |
| 23 Jan 2026 |
 elisaado | hmm firewalld looks interesting for declerative networking | 22:05:31 |
| elisaado | anyone using it over nftables? | 22:05:37 |
 K900 | Not worth the effort if you want declarative | 22:09:10 |
| K900 | Just write static rules | 22:09:13 |
| K900 | firewalld works when you need to adjust things as you go | 22:09:29 |
| 24 Jan 2026 |
| elisaado | mm | 00:01:29 |
| elisaado | but nftable syntax is kinda foreign to nixos right? | 00:01:39 |
| elisaado | you just put nftables strings in your nixos config | 00:01:46 |
 antifuchs | if you want to write fw rules in nix syntax, I can recommend https://github.com/thequux/nix-zone-firewall | 01:43:51 |
|  leon joined the room. | 09:11:50 |
| Tom | https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2107
A clat in Networkmanager | 09:54:58 |
| elisaado | oh cute | 10:23:23 |
 leona | but also actually nftables syntax is quite easy to understand and use (in comparsion to iptables at least) and for the most common use cases, there are abstractions in NixOS. So unsure if an abstraction in Nixpkgs would actually help | 10:24:40 |
 magic_rb | Or if youre insane you can use https://github.com/chayleaf/notnft | 10:28:00 |
| antifuchs | I tend to go in circles between "this configuration language sucks, write it in nixlang" / "this evals really slow (and the nixlang repr isn't good), write it in configuration language" | 14:41:28 |
 Nico | Things like nftables can get merged from multiple files quiet well, so I think this is less of an problem. frr for example is much worse and you basicly are only allowed to have one file per router | 17:54:31 |
|  KDK12 set a profile picture. | 22:12:54 |
