eyJhb changed the topic of #nixos-on-your-router to: NixOS on your Router || https://logs.nix.samueldr.com/nixos-on-your-router
<andi-> mdlayher: build your home network as VM test and switch once you've confidence in the VM setup... Took me serveral weekends but then it just worked
<andi-> Just came here to say how happy I am with the current setup... I can just reboot the box and it comes back all the time. No more flakly debian init scripts or scripted networking that fails at random places. I can even reboot my home router while I'm not there because it will come back...
<gchristensen> so cool
teto has quit [Ping timeout: 260 seconds]
hpfr has quit [Ping timeout: 240 seconds]
Ox4A6F has quit [Ping timeout: 244 seconds]
Dandellion has quit [Ping timeout: 244 seconds]
hpfr has joined #nixos-on-your-router
Ox4A6F has joined #nixos-on-your-router
Dandellion has joined #nixos-on-your-router
nwspk has quit [Quit: nwspk]
andi- has quit [Remote host closed the connection]
nwspk has joined #nixos-on-your-router
andi- has joined #nixos-on-your-router
Dezgeg has quit [Ping timeout: 260 seconds]
Dezgeg has joined #nixos-on-your-router
NightA is now known as night
<NinjaTrappeur> +1, my home network is also networkd-managed, I'm having very few consistency issues when compared to the couple of obsd routers I have to manage...
<NinjaTrappeur> resolved need to go though. I'd be in favor of disabling it by default.
<NinjaTrappeur> I had so much issues with it :(
<andi-> NinjaTrappeur: nice to see that we are on the same page about resolved there :) I'm very happy with unbound and kresd instead of it. It is a pity as resolved comes with a huge promise but it isn't a full-time developed DNS server and that is sadly still required in 2020. Especially with the amount of "intelligence" they've added to it.
<Ke> somehow resolved is started, while I don't seem to be enabling it
teto has joined #nixos-on-your-router
<Ke> I use networkd though, wonder if it somehow pulls it in
<NinjaTrappeur> Yes, it gets enabled if you enable networkd. That's what I meant by "I'd be in favor of disabling it by default"
<Ke> systemd.network.networks.<name>.dhcpV4Config = UseDNS = false; maybe
<NinjaTrappeur> andi-: same setup here.
<Ke> with {}
<NinjaTrappeur> services.resolved.enable = false;
teto has quit [Quit: WeeChat 2.9]
teto has joined #nixos-on-your-router
<q3k> with scripted networking it also seems like changing even an interface config restarts my bgp sessions
<q3k> that's fun.
<q3k> yeah, any address reconfiguration pokes network-setup
<q3k> also anyone every observed nscd being extremely memory hungry on nixos routing setups? https://object.ceph-waw3.hswaw.net/q3k-personal/9102162beca485d940a6ec25be9b086208ac55ee1b49c15aa71ee855e7065b67.png
<q3k> *ever
<Ke> NinjaTrappeur: ie. documentation is wrong, thanks
<Ke> well at least missleading
<andi-> q3k: that is worrying. What happens if you restart nscd?
<q3k> i killed it, now it seems fine
<q3k> but yeah worrying indeed.
<andi-> Curious what triggers that... is nscd listening to all route updates or something?
<makefu> q3k: i had issues of another kind with nscd - it just cached previously failed hostname lookups too eagerly
<andi-> even with a bazilion hostnames that is ~13GB!
<makefu> it was more like "this new host can now be resolved, stop telling me otherwise"
<makefu> but yeah, the 13gb are a LOT
<q3k> next time this happens i'll get a coredump
<q3k> but this was close enough to my router's physical RAM that i prefered killing it before it expanded any further and something started ooming :P
<makefu> q3k: the oomkiller will probably choose PID1 instead of this giant inflated nscd service
<q3k> well not pid1, but BIRD or something :P
<q3k> the oomkiller is not very smart
<andi-> oomkiller hasn't really killed stuff for me in a loooong time. It instead prefers to continously trashes pages that are backed by files on disk. Resulting in huge I/O spikes but never any progress on the actual workload.
<andi-> tries earlyoom a while ago and not sure it did help at all
<Ke> I am having problems with getting usePredictableInterfaceNames = true; to work, is there something also here with systemd-networkd?
<andi-> Ke: no, that is done through udev
<Ke> ah
<Ke> boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];
<Ke> + kernelParams = lib.mkForce ["console=ttyS0"];
<gchristensen> why do you use mkForce there?
<andi-> Yeah, you might ahve to reboot
<Ke> I need to rethink my overlaying
<Ke> because I have custom modules that set console=tty0 and extlinux seems to only pick one of them
<andi-> IIRC the order of console=… statements might matter but mkForce would probably be the wrong option then
<Ke> or similar, did not check, why the console got missing earlier
<Ke> yes, but the order needs to be current to make recovery shell work IIRC
<Ke> ie. initrd recovery shell
<Ke> I think I just need to set this individually for each setup
<Ke> hmm, though I believe missing that parameter should make the interface names predictable?
<Ke> 80-net-setup-link.rules is identical to my debian rules
<Ke> maybe I could try net.ifnames=1
<andi-> IIRC the program that eventually does the renaming checks for that kernel commandline and those changes only take effect after a fresh reboot
<q3k> Ke: you have to reboot, and also check /proc/cmdline after reboot to see how all the options get synthesized into the actual cmdline
<Ke> well I have extlinux.conf
<Ke> systemConfig=/nix/store/vxzsibmc0814z0svais43057v7ffc26d-nixos-system-lohtuchai-20.09beta514.a9226f2b3a5 init=/nix/store/vxzsibmc0814z0svais43057v7ffc26d-nixos-system-lohtuchai-20.09beta514.a9226f2b3a5/init console=ttyS0
<Ke> really confirms mkForce worked
<Ke> also as I just noted that parameter should not even have been emitted
V is now known as v
v is now known as V
<Ke> now I at least have something routing, but still no stable network names
<Ke> systemConfig=/nix/store/xbwi3xxnj7lm855lb59lfpjr1rfkig5f-nixos-system-lohtuchai-20.09beta514.a9226f2b3a5 init=/nix/store/xbwi3xxnj7lm855lb59lfpjr1rfkig5f-nixos-system-lohtuchai-20.09beta514.a9226f2b3a5/init boot.shell_on_fail net.ifnames=1 loglevel=7 console=ttyS0
<Ke> is now cmdline after I added that net.ifnames=1
<Ke> anyway even bigger issue is that dnsmasq DNS does not seem to work anyone could guess, what could be the issue
<Ke> ok just trying out different random things, it works without dnssec
<Ke> anyone here having working dnsmasq dnssec?
<andi-> why dnsmasq?
<Ke> well I am not fundamentally bound to it, but it was simple to configure at the time
<Ke> and fairly mainstream for this function
<andi-> I think dnsmasq is just broken beyond repair. If you are looking for a (stub) resolver use something like unbound or kresd or even (if you are up for the ride) systemd-resolved
<gchristensen> kresd is nice
<Ke> I did not know systemd-resolved serves clients outside local system
<hexa-> unbound or kresd then
<cransom> i think this was discussed before, but i'm not sure how dnsmasq is broken beyond repair. i've used it forever and i can't think of any complaints on my use case.
<andi-> cransom: I've seen plenty of issues with DNSSec and dnsmasq
<hexa-> dnsmasq is an embedded version of the eierlegende wollmilchsau
<hexa-> it's commandline for everything ipv6 is atrocious
<hexa-> unbound and kresd are simply put two well maintained resolvers
<Ke> commandline sounds like non-declarative stuff?
<hexa-> pretty sure it's quite representative of the config file
<hexa-> maybe a nixos module hides most of the nastyness :)
tsmanner has joined #nixos-on-your-router
teto has quit [Quit: WeeChat 2.9]
tsmanner has left #nixos-on-your-router [#nixos-on-your-router]