eyJhb changed the topic of #nixos-on-your-router to: NixOS on your Router || https://logs.nix.samueldr.com/nixos-on-your-router
nwspk has quit [Quit: nwspk]
nwspk has joined #nixos-on-your-router
fooker has quit [Ping timeout: 260 seconds]
fooker has joined #nixos-on-your-router
teto has quit [Quit: WeeChat 2.8]
teto has joined #nixos-on-your-router
<gchristensen> https://www.wireguard.com/netns/ looks interesting
<NinjaTrappeur> yes, it is
<NinjaTrappeur> There have been several attempts to use this trick with the scripted NixOS wireguard module
<NinjaTrappeur> AFAIK you can also do a similar trick with Networkd by leveraging VRFs.
<NinjaTrappeur> Doing this has been on my infinite backburner for a while now :)
<NinjaTrappeur> (currently using networkd routingPolicies do implement this setup)
<gchristensen> ah
<gchristensen> I want to use wireguard as a way to seamlessly transition from wireless to wired and back
<gchristensen> beyond that, this isn't a big deal for me personally since it has been 4 months since I have used my computer anywhere but my home
<gchristensen> maybe since my goal isn't so much privacy related I wouldn't need the guarantees that people usually want around total VPNs
<gchristensen> and it could be maybe easier to implement
<NinjaTrappeur> The attempts to implement this trick were requiring some module dance (using a custom wpaSupplicant module able to run in a custom netns)
<gchristensen> oofta
<gchristensen> I mostly networkmanager, so I'd need to figure those things out
<NinjaTrappeur> I guess with a bit of love and patience, we could find a design not requiring such a dance.
<NinjaTrappeur> hmm, lemme find the threads I'm talking about
<{^_^}> #52411 (by anderspapitto, 1 year ago, open): Support network-namespace based wireguard vpn setup [feature request]
<NinjaTrappeur> There are probably other threads talking about that I forgot about :/
<gchristensen> I'm sure :)
<NinjaTrappeur> I'd love having a "redirect-all-to-the-tunnel" single line setup NixOS module :)
<gchristensen> me too
<NinjaTrappeur> I personally don't think wg-quick is the way to go though
<gchristensen> me either
<gchristensen> the update from arianvp seems interesting
<mdlayher> wg-quick is neat for client devices. i'm not sold on it for servers/infrastructure
<gchristensen> now I want to play with this instead of do the work I'am supposed to
<mdlayher> i've got a list of things i want to do that's a mile long, like figuring out if i can manage my LTE modem in a declarative Nix way with Network/Modem managers
<mdlayher> but that's a no-go during the work day because i can break the home internet SLA ha
<gchristensen> I hear that
<gchristensen> I'm pretty sure my to-do list could keep a few small teams busy
hpfr[m] has quit [*.net *.split]
hpfr[m] has joined #nixos-on-your-router
<flokli> NinjaTrappeur: gchristensen: I use some babel with wireguard and other links to do seamless handover
<flokli> confirmed nix-copy-closure still keeps working *while* undocking the laptop and switching over to wifi
<flokli> didn't yet bother to failover to LTE (yet)
<gchristensen> flokli: I can haz some info?
<gchristensen> sounds awesome
<flokli> well, wireguard, and babel with bird2
<flokli> through some /128 on a dummy interface, and announce them
<flokli> done
<gchristensen> hmmm that sounds fancy ...
<flokli> why would one /not/ want to have a dynamic routing protocol for dynamic routing? ;-)
<gchristensen> lol
teto has quit [Quit: WeeChat 2.8]