<elvishjerricco>
I've got a NixOS desktop and a macbook on the same VPN. I want the macbook to be able to use the NixOS desktop as a builder for linux derivations. But if the macbook is on my home network, I want it to use that to connect instead of the VPN. Is this going to require mucking about with a bunch of DNS crap?
<ekleog>
quite likely, yes
<ldlework>
lol
* ekleog
will refrain from pointing to tinc-vpn.org, which could just allow your two machines over LAN to connect to each other without any relay in a transparent manner… oh, looks like I failed to actually refrain myself 😇
<ldlework>
lol
<ekleog>
then, there are hacks like having an IPv4 VPN, disabling IPv4 on all your other networks, and relying on happy eyeballs to have automatic fallback from the IPv6 attempt to connect over clearnet (that would fail outside of your howe) into the IPv4 VPN… but I don't think the world is really ready to have IPv4 turned off just yet :°
<ekleog>
s/howe/home/
<joepie91>
ekleog: tinc++
* joepie91
is running that on his servers
<ekleog>
same, that's a lovely piece of software to use :)
<elvishjerricco>
ekleog: The tinc thing sounds interesting... I'll look into that
<joepie91>
man, if this tweet qualifies as driving the buzz, the bar has gotten low
<joepie91>
:P
<samueldr>
bringing the fresh and new in the old and crusty
<joepie91>
more seriously, I think this could actually work esp at larger software shops
<samueldr>
I don't have experience at larger places
<samueldr>
but oh boy do the smaller ones sometimes need it
<samueldr>
when the accidentally lock themselves into old versions
<joepie91>
right, but as a dedicated position I mean
<joepie91>
I see a crazy amount of dep avoidance at larger shops
<joepie91>
because people don't want to be blindsided by dep API changes and such
<joepie91>
and while from a purely objective point of view "update it against a new API" is almost always going to be less work than reinventing the wheel, people experience it differently from a psychological POV
<joepie91>
so having a way to essentially pass off dep maintenance to somebody else could help with that
<samueldr>
b-b-but *I* can manage to re-build this in under a week for our needs
<joepie91>
yeah, a week for the initial version
<joepie91>
then five weeks split into two-hour chunks over the next year to deal with all the edgecases you forgot
<joepie91>
lol
<joepie91>
that's where most of the disconnect comes from it seems
<joepie91>
people don't account for the ongoing implementation maintenance, the edgecases
<joepie91>
so rolling-your-own seems cheaper than it really is
<samueldr>
though, when you embrace external libs reluctantly, and fine *the one* that you were right you shouldn't have used
<samueldr>
it breaks the confidence
<joepie91>
and it's *super* hard to measure long-term maintenance cost of roll-your-own implementations so it's not easy to learn this from experience either
<samueldr>
yes!
<joepie91>
samueldr: right, and to avoid all those psychological traps, you could pass off the maintenance cost to a DepOps person :D
jtojnar has quit [Ping timeout: 264 seconds]
<samueldr>
ah, in my case it's the project dropping about half the features
<samueldr>
and never updating the older version to fix bugs :/
<joepie91>
well okay, that's a case of "let's replace the dep" lol
<joepie91>
of course the usual "smaller deps means less trouble" applies
<samueldr>
I think that was *the* kind of project where no-one is making it right
<joepie91>
where 'smaller' == 'less responsibilities'
<samueldr>
joepie91: you're a web dev, you may have opinions
<joepie91>
I have plenty of opinions
<samueldr>
:)
<joepie91>
whether they are the ones you're looking for, though, I cannot guarantee :)
<samueldr>
routing solutions for react projects; the project was reacrt-router
<samueldr>
react-router*
<joepie91>
if you think you need a router, it probably shouldn't be an SPA, therefore you probably shouldn't be using React
<samueldr>
from 2->3 it changed radically and left users behind, and then they did it again with 3->4
<joepie91>
because it's probably a website
<joepie91>
well, let me amend that
<joepie91>
if you think you need a general-purpose router *
<samueldr>
joepie91: let's assume in this case it's the right solution
<joepie91>
there are some very specific usecases in 'correct' SPAs where you need routing but they are virtually always too specific to be supported by existing router implementations
<joepie91>
samueldr: I say "probably" but I have in my career seen exactly 0 projects that needed a general-purpose router and that weren't improperly an SPA
<joepie91>
so that's not an assumption I can realistically work off
<samueldr>
what I found is that the routers I looked at were assuming the inverse, that you were not a website, but a complex app :/
<joepie91>
I'm not excluding the possibility that valid usecases for them exist, but I also have no data on how to do it because there's never a reason to do it that I have seen
<joepie91>
samueldr: they usually look that way but don't actually work for complex apps
<joepie91>
lol
<samueldr>
exactly
<joepie91>
(I say, having built a few complex apps)
<samueldr>
turns out that it was much easier to roll-up a custom one with simple rules :/
<joepie91>
yep
lassulus_ has joined #nixos-chat
<samueldr>
it makes the underlying implementation AND usage much simpler
<joepie91>
but that's kind of the core of my point here; there's not really an answer to the question of "what router should I use" because in every case I've seen, the answer was either "roll your own view logic because it's too specific" or "this shouldn't be using React, use a server-side renderer instead"
<joepie91>
so there's not any router that I can in good faith recommend without a very clear idea of what specifically the project does
<samueldr>
I had trouble at the time even finding something that *wasn't* react-router since... well... the name kinda kills SEO
<joepie91>
lol
<samueldr>
which is why I asked, that's a case where finding someone with opinions could help :)
lassulus has quit [Ping timeout: 252 seconds]
lassulus_ is now known as lassulus
<samueldr>
even when not agreeing, at least you could have something else :)
jtojnar has joined #nixos-chat
<joepie91>
samueldr: I've just never meaningfully looked into the topic due to above, so unfortunately not :P
<joepie91>
it's never been a credible usecase for me to solve
<joepie91>
honestly it's very likely that the answer you get elsewhere is going to be "shrug, I use react-router"
<joepie91>
it's more or less a monoculture as far as I can tell
<samueldr>
that's what I felt
<joepie91>
I should go to sleep...
<joepie91>
samueldr: also, if I seemed a bit direct on the above, apologies; "talking people off the SPA ledge" takes up like 10% of my time in #Node.js so I have a bit of a trigger finger :P
<gchristensen>
what, there are other solutions?
<joepie91>
yes, not building an SPA and just rendering pages server-side :P
<gchristensen>
can't be done
<samueldr>
joepie91: yeah, with me you should assume if it's an SPA, it *has* to be an SPA
<samueldr>
gchristensen: madness
<samueldr>
oops
<samueldr>
joepie91: madness
<joepie91>
gchristensen: half the modern webdev community seems to agree with you
<samueldr>
the server is for serving files
<samueldr>
not rendering
* samueldr
ducks
<gchristensen>
can http even request different files? would you have to get a different domain per page?
<joepie91>
you joke, but I have seen every single remark and question above from real, actual developers
<samueldr>
gchristensen: DNS helps you with subdomains
<gchristensen>
ah right
<samueldr>
that's why www.nixos.org is the home page, www is for the world wide web (home page)
<joepie91>
anyway, time to sleep :)
<samueldr>
don't dream of SPAs
<joepie91>
hopefully not...
<gchristensen>
do dream of a spa
<joepie91>
gchristensen: sorry, I already have blockchains scheduled for tonight
<ekleog>
gchristensen: tinc does have relaying built-in :)
<samueldr>
one really underused capability is announcing services
<samueldr>
e.g. "LOOK, I HAVE SSH"
<samueldr>
and an SSH client could check using avahi *which computers* announce ssh
<samueldr>
and pre-fill a list
<samueldr>
ah, gchristensen, time machine, macOS, apple are/were firm believers in bonjour
<samueldr>
iOS devices, if they still not do, did use bonjour appropriately
<samueldr>
so if my machine (duffman) announces using avahi, I can type http://duffman.local:3030/ and test
<samueldr>
beat that, android!
<gchristensen>
samueldr: could you write up a thing about avahi + nixos + zeroconf?
<elvishjerricco>
ekleog: I don't really understand yet. How does the tinc daemon on the laptop connect to the desktop?
<ekleog>
elvishjerricco: the thing is basically tinc will try to establish a direct (encrypted) link between your laptop and your desktop (ie. over your lan), and if it fails, will relay through a server, so you just have to say “always use the VPN” and it should do what you want .)
<samueldr>
gchristensen: sadly not really, I'm not using more than the hostname resolution, and I still haven't traced an issue I'm having with it
lassulus has quit [Ping timeout: 244 seconds]
<samueldr>
(sometimes I have to restart nscd to get resolution to work :/)
<elvishjerricco>
ekleog: Oh so you have to configure two different methods of connecting, one for LAN and one for WAN, and make sure tinc prefers the LAN one?
<gchristensen>
ack
<ekleog>
elvishjerricco: the tinc daemon on the laptop will have a remote block for both the desktop and the server, so will try to connect to both, and will use the lowest-weight connection to transfer packets
<ekleog>
elvishjerricco: as it'd relay through the server, it's always going to prefer talking directly to the desktop
<elvishjerricco>
ekleog: Sounds perfect. I'll compare that approach to this zerotier thing...
<samueldr>
oh, though, fun thing: the best (only?) zeroconf implementation on windows is apple's bonjour
<elvishjerricco>
ekleog: Will it switch between connections without dropping if one is disconnected?
<ekleog>
elvishjerricco: it should, IIRC, but I haven't tested it recently (though it may drop a few packets, but TCP is resilient to that, so you shouldn't notice much more than some lag during its reconnection)
<elvishjerricco>
ekleog: Sweet. Thanks
<ekleog>
last time I looked into ZeroTier, it looked way too complex and magical for my needs, and I felt I wouldn't understand how it worked if I tried installing it, so I stayed with tinc :°
<ekleog>
maybe someone here has already tried both and could compare?
<samueldr>
I was under the impression zerotier wasn't a VPN though
<gchristensen>
is it not?
<samueldr>
I haven't really read back since 2015
<samueldr>
but I believe the author didn't really present it as a VPN
* samueldr
is trying to sort this out
<samueldr>
though I think the argument was, grossly simplified, it's much more and much less
<elvishjerricco>
gchristensen: Do you use zerotier?
<gchristensen>
I don't, but I know some people who do nd like it
<samueldr>
ah right, I think I remember: it won't do tunneling
<samueldr>
for your whole connection
<samueldr>
its design is only to somehow let machines meet from behind NATs
drakonis_ has quit [Remote host closed the connection]
<elvishjerricco>
ekleog: Any recommendation on tinc vs tinc_pre?
<ekleog>
elvishjerricco: I personally use tinc_pre, see no reason why it's not released yet, and it supports better tooling for introspecting running VPNs
<ekleog>
(basically, see no reason for using tinc, and tinc_pre brings quite a few new features :))
<elvishjerricco>
ekleog: NixOS's `services.tinc` doesn't have any compatibility problems with pre?
<ekleog>
it's even defaulting with _pre iirc
<elvishjerricco>
Ah, neat
<ekleog>
s/with/to/
<elvishjerricco>
Indeed it is
kisik21 has joined #nixos-chat
__monty__ has joined #nixos-chat
__Sander__ has joined #nixos-chat
__Sander__ has quit [Ping timeout: 272 seconds]
__Sander__ has joined #nixos-chat
eren has quit [Ping timeout: 272 seconds]
<sphalerite>
ekleog: I think the new protocol hasn't been audited
<sphalerite>
but yeah I use tinc_pre too
<sphalerite>
invitations are great
<sphalerite>
and tinc top
<andi->
python such impure so many side effects.. much hate -,-
<LnL>
foo = 42; del(foo)
jD91mZM2 has joined #nixos-chat
<andi->
/o\
drakonis_ has joined #nixos-chat
<ekleog>
sphalerite: and scriptability of the tools like dump * :)
<ekleog>
(didn't know that the old protocol had been audited, btw :°)
<sphalerite>
LnL: what does that do?
<LnL>
delete a variable from scope, cause that's obviously a great feature to have in a language
<sphalerite>
oh ok I thought it might be something worse like destroying the cached small-integer instance
<LnL>
ah, like this stuff? 2**3 is 8 #=> True; 2**10 is 1024 #=> False
<jD91mZM2>
LnL: wait what
<jD91mZM2>
Oh, == works there
<jD91mZM2>
wat
<sphalerite>
jD91mZM2: `is` is for identity, not equality
<gchristensen>
isn't `is` pointer equality
<sphalerite>
yeah
<LnL>
== is not the same as is
<jD91mZM2>
Why is one of these numbers a pointer?
<sphalerite>
jD91mZM2: because in python everything's an object!
<sphalerite>
They're both pointers essentially
<sphalerite>
but small numbers (less than 256 iirc) are pregenerated and retrieved from a cache rather than being constructed each time, for performance
<gchristensen>
yeah
<LnL>
(2**10).__add__(1)
<jD91mZM2>
But... but... but...
<jD91mZM2>
Isn't it more efficient to just store the numbers and sorta pretend they're objects somehow?
MarkRBM has joined #nixos-chat
<sphalerite>
it is, but you need to be able to use them anywhere that any other object can be used
<sphalerite>
because dynamic typing!
<simpson>
`is` is *not* pointer equality; Python doesn't have pointers.
<simpson>
I see bugs, but in the language itself, and which CPython's maintainers have not seen fit to fix.
<simpson>
In Monte, we went further and removed user-definable equality; the resulting equality operator is really powerful: https://bpaste.net/show/1f3f08069225
<jD91mZM2>
What's y in `[[1, y], `?
<simpson>
A self-referencing list. The pretty-printer would print `[1, <**CYCLE**>]`
<jD91mZM2>
Lovely
lassulus has quit [Ping timeout: 244 seconds]
<gchristensen>
hashicorp's vagrantboxes website has rate-limiting and gets mad if you request 56 boxes at one moment
<LnL>
lol
<LnL>
but isn't that hosted on s3?
<gchristensen>
evidently not
<LnL>
oh or are you checking for updates
* gchristensen
adds a `-j 4` out of good measure
lassulus has joined #nixos-chat
__Sander__ has quit [Quit: Konversation terminated!]
MarkRBM has quit [Ping timeout: 244 seconds]
<andi->
vagrant always such a great excuse to go grab a coffee, have a chat, talk to coworkers, do laundry. <3 hashicorp ;-)
<gchristensen>
:D
kisik21 has quit [Ping timeout: 244 seconds]
kisik21 has joined #nixos-chat
kisik21 has quit [Ping timeout: 245 seconds]
kisik21 has joined #nixos-chat
drakonis_ has quit [Remote host closed the connection]
pie_ has joined #nixos-chat
jD91mZM2 has quit [Quit: WeeChat 2.0]
__monty__ has quit [Ping timeout: 252 seconds]
qyliss^work has quit [Ping timeout: 264 seconds]
qyliss^work has joined #nixos-chat
Drakonis has joined #nixos-chat
tilpner has quit [Remote host closed the connection]
tilpner has joined #nixos-chat
Drakonis has quit [Remote host closed the connection]
seku has joined #nixos-chat
v0|d has joined #nixos-chat
<seku>
ill join from work tomorrow as well
<seku>
getting rather late for getting up timely tomorrow
kisik21 has quit [Ping timeout: 245 seconds]
seku has quit [Read error: Connection reset by peer]