03:09 <thefloweringash> I'm really not enjoying pasting together a shell script with `networking.firewall.extraCommands`. I make typos because I'm human, then my firewall is half started, half not, and prevents the next start since extra chains aren't cleaned up.

03:10 <thefloweringash> the features of the built-in firewall seem fairly straightforward, is there a project to move nixos to using nftables by default?

03:12 <thefloweringash> complications: software that assumes iptables (fail2ban? docker?), existing user configuration using `extraCommands`

03:14 <andi-> thefloweringash: I wanted to do that 2y ago... but never got around to actually do that :/

08:27 <clever> Nov 12 04:23:15 system76 3s0avjla52qx9zx8yi6glba43did5bvq-unit-script-wpa_supplicant-start[7893]: /nix/store/3s0avjla52qx9zx8yi6glba43did5bvq-unit-script-wpa_supplicant-start: line 4: /sys/class/net/bonding_masters/uevent: Not a directory

08:35 <clever> ive tried setting up bonding between my wifi&wired, with wired set as the primary

08:35 <clever> so it will try to use wired at all times and if wired "fails", it will fallback to wifi, while keeping the same ip&mac

08:35 <clever> but, if bonding is loaded when wpa_supplicant starts, it fails hard

08:36 <clever> i have to `rmmod bonding` (deleting the IF isnt enough) for wpa_supplicant to even start

10:08 <flokli> clever: I gave up trying to use wpa supplicant on a bonded interface. I just route between different L2 networks ;-)

14:36 <clever> flokli: i'm aiming wpa_supplicant to the wifi interface (i believe), but even if bond0 doesnt exist, it refuses to start

14:36 <clever> flokli: i have to fully unload the bonding driver to make it start

23:32 <flokli> clever: I don't remember anymore what failed, sorry.

23:50 <clever> flokli: somebody in #nixos already made a pr to fix my issue

23:51 <flokli> clever: even better! :-)