<cransom>
my gateway into nix was from the network side. you controlled every bit of a juniper device with a juniper.conf. no linux before nixos to me had that option. freebsd was the pretty much the closest with rc.conf but it didn't capture the full system state.
<hexa->
though the network story of nixos is a bit lacking as well :)
<hexa->
lots of people are still using that weird scripted networking
<cransom>
yeah, it falls apart on firewall/network configuration a little bit, but it's ok to me.
<hexa->
yeah, it's missing a composable nftables story as well
NightA has joined #nixos-on-your-router
<name54>
I'm a very new user... so, the only observation I have to make at this point is that the NixOS project clearly has lofty and worthwhile intentions. That said, I'm a bit concerned it's taking an overly dogmatic approach. Maybe it's just the same old "worse is better" debate?
<Church->
hexa-: Scripted networking?
<Church->
We talking about programmatically generating iptables rules or something?
<Church->
Incidentally bqve has a nice nftables module he showed off the other day
<hexa->
Church-: have firewall rules alongside the service they belong to with working reload etc.
<hexa->
and having configurable ordering inside chains
<Church->
Huh. Interesting.
<Church->
I think
<hexa->
there is `networking.nftables.ruleset`
<hexa->
but can I set it multiple times? If I can, what is the ordering?