<Church_>
Yeah gonna have to try out bird2 once I have wireguard up on the new router.
<name54>
Admittedly it seems that most folks are using keepalived as opposed to ucarp these days. Did I mention I've got baggage? lol
<name54>
For example, I'm also still using OpenVPN as opposed to wireguard X)
kalbasit has joined #nixos-on-your-router
<Church_>
Heh openvpn is a pain. Give me some lovely wireguard
<cransom>
i felt much better about life when i flipped work over to not use vpns at all. the couple services that are internet accessible aren't critical or interesting and are just behind an easy http basic auth. no part of my life is now spent troubleshooting why their vpn on their mac doesn't work, but then is fine after a reboot.
<cransom>
(but i also enjoy the wireguard)
<name54>
I haven't yet played w/ wireguard although I'm looking forward to it a bit. I generally prefer to just forward ports via ssh but the transparency provided by a VPN (esp. "road warrior" mode) is sometimes extremely handy.
<name54>
Meanwhile, Church, the derivation file you provided seems to have done the trick. I got ucarp to build (y)
<name54>
Of course, I'm wondering a little bit how I actually did it?!?! Lol
<name54>
Or, maybe better stated... exactly why it was easier than just ./configure, make, and make install. Which it did seem to be.
<name54>
I found something very strange too... inside the derivation file you placed a link to the src tar. But, after I ran "nix-shell file-you-made.nix" it claimed:
<name54>
except I couldn't actually find the src anywhere in the directory, which seemed strange.
<Church_>
cransom: Just deployed a VPN at work
<Church_>
Despite some issues with routing loops it was fairly painless.
<Church_>
Just gotta roll it out to the rest of my fleet now.
<Church_>
name54: I would ask these questions in #nixos :)
<Church_>
They can better explain it.
<name54>
lol
<Church_>
Suffice it to say, the nix store is your answer
<Church_>
After a fashion
<cransom>
server side of the vpn, those are easy problems. it's just clients and users that are a time suck
<Church_>
cransom: Honestly the clients were the easiest part
<name54>
I'm sure there's a good explanation. But did I do everything as I should have? I get the feeling I cheated.
<Church_>
Using tailscale, been a breeze there so far except for like two cases.
<Church_>
name54: The joy of nix! :)
<Church_>
Now you still need a service wrapping around that, which I can provide tomorrow.
<name54>
I guess the service wrapping will let me specify ucarp's config (perhaps in /etc/nixos/configuration.nix) and add have it show up in systemctl, is that right?
<Church_>
Bingo. :)
<name54>
ok, ok, so I'll have to bone up on the nix store a little bit so that I get everything in the right spot... for now I just did it in a nix-shell of my user
<name54>
also in a test VM... there's definitely a lot for me to do before I can move by "big" router over to nixos but this is a pretty big step in the right direction, thanks again 1e6 to
<name54>
Tailscale sounds cool... but it looks proprietary to me. The market demands free as in beer. Lol
<Church->
name54: In some sense. They're simply using tailscale and wrapping it with a custom semi-proprietary management plane
<Church->
Their client is OSS, as is their NAT traversal relay servers
<Church->
Can talk to danderson over in #nixos, he's one of their engineers
<name54>
Well sure, I'm an advocate of open-source but I'm not so naive to think that it's suited for everything. Maybe we should move that conversation to #nixos-politics though ;D
claudiii has quit [Ping timeout: 272 seconds]
mdlayher has quit [Ping timeout: 256 seconds]
mdlayher has joined #nixos-on-your-router
betawaffle has quit [Ping timeout: 272 seconds]
betawaffle has joined #nixos-on-your-router
<Church->
Heh, perhaps
claudiii has joined #nixos-on-your-router
betawaffle has quit [Max SendQ exceeded]
betawaffle has joined #nixos-on-your-router
teozkr_ has quit [Ping timeout: 244 seconds]
teozkr_ has joined #nixos-on-your-router
<Church->
Welp, my router didn't last long. RIP the SSD or storage controller.
nullheroes has quit [Quit: WeeChat 2.9]
<cransom>
who needs disk io on your router. time for netboot.