<gchristensen>
I wonder, if I stopped using these various vlans and network segments, maybe I can get ipv6 working
<flokli>
gchristensen: I'll bring my turris mox to NixCon. I assume some cz.nic people are around, so we could do some nixos-on-your router at the hackday :_)
<q3k>
gchristensen: what isses with v6 are you having?
<gchristensen>
interesting, I might need to set up Emily with some "break glass" procedures to reboot-and-restore :)
<q3k>
i had v6 working on nixos for routing at some point
<q3k>
with no issue.
<gchristensen>
I don't remember the issues
<gchristensen>
but so far, andi-, flokli, nor aszlig have been able to figure out why it is busted
<q3k>
i should've saved my configs after cccamp-ix
<q3k>
i didn't do nat, but pure l3 routing was just fine
<flokli>
gchristensen: wasn't it that your provider didn't send more than a /64, and you can't really split that to multiple vlans?
<gchristensen>
they gave me a /56
<flokli>
and what was the issue?
<gchristensen>
and I think they wouldn't reply, or forward certain traffic
<flokli>
uh, I didn't know about that… and it's surely their fault, or not just our nixos firewall doing weird things?
<andi->
I think they did reply as I was able to reach addresses on your inbound interfaces...
<gchristensen>
let's do NixOS Networking Con: Graham's Basement and bring all y'all here to try and fix it
<flokli>
let's bring Graham's basement to Europe
<gchristensen>
if you'd like to try again, we could setup a tmate.io session, get you SSH'd in
<flokli>
might be better
<q3k>
if you get a /56 from them, you need to set up prefix delegation
<flokli>
and more sustainable in the long run as well
<q3k>
as a dhcp client
<andi->
Regarding NixOS being fit for a router: I recently participated in running an Event/Conference with a non-trivial setup using NIxOS and systemd networkd. No hiccups on that front.
<flokli>
q3k: he did that… using networkd
<q3k>
but many ISPs, even though they will actually then give you out /64s, they might not route them
<q3k>
so first thing would be to figure out if it's not the ISP fucking things up
<gchristensen>
q3k can join us on the call
<andi->
The world vs your router and your ISP... Whats it that limit on a zoom call?
<q3k>
if it's a literal call then i'm afraid i'll have to charge you my consulting fees :P
<q3k>
irc shitposting is free forever though
<gchristensen>
I pay for Zoom, so I don't think there is a limit :)
<gchristensen>
I'll pay you in contributions to NixOS? :)
<gchristensen>
anyway, flokli & andi- if you're up for trying again, we could do a video call and tmate session and try and get to the bottom of it.
<andi->
gchristensen: sure, when?
<gchristensen>
I'm good for pretty much any time, starting 1h45m from now
<flokli>
I won't make it today. Need to attend some hippie protests
<gchristensen>
good, that is more important
<flokli>
And I removed zoom from my system closure again, because it's the only thing pulling in some old qt-webengine, which is not in the cache
<flokli>
and I got tired to compile it myself all the time
<gchristensen>
qt-webengine, eh?
<gchristensen>
hmm
<flokli>
yes
<flokli>
zoom doesn't work with a recent qt
<gchristensen>
for a 3 person call, btw, no need for zoom
<flokli>
and of course, they didn't care to update
<andi->
eyJhb: you would be able to reach ipv6 only services!
<gchristensen>
do those exist?
<andi->
you could run proper p2p applications on the internet. ;)
<andi->
gchristensen: my hydra instance !
<andi->
and I think my feed reader ;)
<gchristensen>
that is what I want it for: p2p. specifically, wireguard for backups to my home
<gchristensen>
(though hairpin nat would actually be better for that, since many public wifi networks in my region don't support ipv6)
<andi->
If you would have IPv6 we could reduce the things on my Todo list before that remote backup thing can happen...
<eyJhb>
andi-: well, I think I can already do that?
<andi->
eyJhb: end2end to any device without the need of any rendezvous servers?
<flokli>
and without the need of IPv4 port forwardings? ;-)
<eyJhb>
Maaaaybe not
<cransom>
weirdly my v6 stopped working sometime recently. i was getting an address but the inside address was a /68, which broke slaac. i forced a /64 inside and it came back, but that was weird as I know i made no changes for a very, very long time on that setup.