15:28 <mdlayher> hey folks! i have about 24 hours of NixOS experience but have successfully swapped out my ubiquiti router with a PC Engines APU2 running NixOS :)

15:29 <mdlayher> i'm hitting a bit of a problem now. i'm using nftables for firewalling and also have wireguard set up, but it appears that when i rebooted the box, nftables came up before the wireguard interface. and since i have wg0 in my firewall rules, the firewall failed to apply, breaking NAT and etc.

15:29 <mdlayher> is there some reasonably easy way to express that nftables should depend on the wireguard-wg0 service?

15:31 <mdlayher> by the way, thanks to disasm for the NixOS image preconfigured for serial support i found in the logs here; it really helped me out!

16:21 <thefloweringash> you can try overriding the unit dependencies of nftables, I do something similar but with a device not a service here: https://bitbucket.org/thefloweringash/routernix-config/src/8e29e462b01701b1a900c1c4cbfadf9aedbca61c/router.nix#lines-221:226

16:22 <thefloweringash> the other option is to use iifname / oifname

16:48 <mdlayher> thefloweringash: thank you! i assumed there was some nix way to do it. i am using iifname in my firewall and that's where i ran into this snag.

16:48 <mdlayher> i'll give that a go

17:03 <mdlayher> thefloweringash: looks like that did it! thanks so much!

17:46 <disasm> mdlayher: this is the simplest router I've ever managed and most powerful

17:47 <mdlayher> i am extremely happy with it so far! in just a day or so i've completely moved all my configs over from my old ubiquiti kit, and now i'm running a much more flexible, open source, up to date alternative :)

17:47 <mdlayher> and i can do things like DNS over TLS which were really frustrating with ubiquiti

17:57 <mdlayher> only sad thing about the APU2 is i can't play with 10Gb lol. but if my ISP ever rolled out 2Gb, I could bond two WAN links

21:20 <andi-> mhm that nftables problem seems to be a recurring theme here... Should we maybe change the default?