eyJhb changed the topic of #nixos-on-your-router to: NixOS on your Router || https://logs.nix.samueldr.com/nixos-on-your-router
jasom has joined #nixos-on-your-router
<jasom> So I run nixos on my router and just found out about this channel; it's a very beefy machine though (Xeon-D) so not sure if my approach is generally applicable
<jasom> I use dhcpcd/dhcpd/radvd/firehol and I have dhcpcd set up to take a delegated /64 from my ISP and configure the LAN interface with that. All of the packages were already there, but I had to put a lot of configuration entries in strings as the configuration modules do not appear to anticipate my setup (nor have anything for firehol at all)
<gchristensen> definitely applies! many-to-all of us use fairly powerful hardware for our routers, I don't know of anyone here using hardware traditionally router-sized
<hexa-> APU2 is somewhat router-sized, unless you're talking embedded devices
<gchristensen> ehhh fair, though I meant really small
<gchristensen> like telent's nixos on his router
<jasom> GX-412TC is fairly small, but 4GB of ram is not.
<andi-> jasom: I recommend networkd if you want to get away from stringly typed stuff :)
<jasom> I've been ... burned by networkd in the past may try again, or may write some nix for what I currently use
<andi-> jasom: let me know if you find some pitfalls. I'm trying to make NixOS as your router a good experience as I'm using that myself :)
<jasom> plus, just moved this to nixos a few months ago from a non-systemd setup, I'm changing things slowly
<jasom> I'm already fairly happy as 1. firehol is already reasonably declarative, and 2. my dhcpcd configuration hasn't changed for almost 5 years now
<andi-> I like the networkd setup much better as it tries to comply with RFC7084 more than most of the others.
<jasom> some of what I hate about newtorkd is just Ubuntu's fault anyways. "Let's default out-of-the-box with resolv.conf and networkd being configured completely separately and let the user guess which programs use which for resolving DNS!"
<andi-> yeah
<andi-> if you are on any of the other unmanaged distros guessing your way around it isn't great :)
<gchristensen> I thought ubuntu decided to invent their own thing for networks
<andi-> ifupdown(2)?
<jasom> Ubuntu is *much* worse than unmanaged; it's poorly managed. They default all sorts of things for you so that things work poorly rather than not at all. I need to stop talking about Ubuntu though because it's OT and I could rant about it for hours
<gchristensen> no no
<gchristensen> netplan
<andi-> oh yeah
<hexa-> snap!
<andi-> flokli likes netplan ;)
<gchristensen> yuke
<gchristensen> puke
<andi-> he tried to convince me and fpletz to use that for NixOS on the networkd meetup last year
<gchristensen> no
<hexa-> hell no
<andi-> I wouldn't want to use it..
<gchristensen> it is yet another wrapper around `if`
<gchristensen> ip*
<gchristensen> and its error messages are worse than Nix's
<andi-> BUT it can be a good influence on how we could design an interface in Nix.
<cransom> has anyone ever come across or have opinions on ifupdown2?
<andi-> cransom: same shit new packaging?
<hexa-> the python2 reimplementation from cumulus?
<cransom> i only remember it as a thing that cumulus wrote and would rather use rather than the default stuff.
<hexa-> ifupdown-ng is better maintained
<cransom> and being that cumulus is a networking company, i'd hope the bar is slightly higher, but dunno.
<hexa-> if you care for the ifupdown kind of thing
<andi-> Would an ifupdown backend to replace our custom scripting be already a step forward?
<gchristensen> ....ehhh?
<hexa-> lol
<andi-> :P
<andi-> I hate the scripted backend
<andi-> anything is better
<gchristensen> yeah but also ifupdown
<andi-> I mean I still want networkd as well
<andi-> but there might be "legacy" users that prefer something "battle tested"
<gchristensen> as a "legacy" user I just don't want to be "bothered" :P
<hexa-> sure, but we need to move the default network story to networkd
<andi-> gchristensen: alright, legacy users will just stay offline
<andi-> that has many benefits
<gchristensen> :shipit:
<gchristensen> I'm about to hand Packet some new installer images, want to port them to networkd real quick?
<gchristensen> :P
<andi-> networking.useNetworkd = true;
<gchristensen> I'm pretty sure it wouldn't be that simple
<gchristensen> but maybe it would
<andi-> the bonding there is still a mistery
<andi-> I still blame their switch config which they will not show us.
<gchristensen> yea
<gchristensen> [root@ams1-c2-large-arm-01:~]# nixos-rebuild test
<andi-> gchristensen: you just need bonding, right?
<andi-> on two interfaces where you know the names?
<andi-> gchristensen: alright, give me a few to write this down
<gchristensen> sure
<andi-> gchristensen: those machines have no ipv4 default route?
<gchristensen> andi-: root@
<andi-> gchristensen: https://termbin.com/0yxk3
<andi-> that should work for that machine
<andi-> actually make it this: https://termbin.com/62s5 that rejects v6 RAs on the bare bond links and (explicitly) accepts it on the bond
<andi-> If that doesn't work (but is valid syntax) we've to add the mac address to the netdev config
<gchristensen> we'll def. need the macs
<gchristensen> and the /127: nfc
<andi-> ok, can I just mutate that system?
<gchristensen> you bet
<gchristensen> I was going to destroy it before I sniped you ;)
<andi-> fingers crossed..
<gchristensen> I can't even undo actually
<gchristensen> b/c I don't have a root password for the console
<gchristensen> oh, I can reboot and rollback at the bootloader
<andi-> Ha, I think I should have ran that switch via tmux..
<andi-> gchristensen: go ahead and reset it once please
<gchristensen> rollback?
<andi-> gchristensen: I think it works :)
<gchristensen> oh I just rebooted :D
<andi-> the wait online target failed but the network is up
<gchristensen> oh I didn't confirm reboot
<andi-> mhhm, does nixos not properly cleanup etc?
<andi-> There werew old 40-* network files..
<andi-> weird
<gchristensen> wat
<gchristensen> networking.hostName = "ams1-c2-large-arm-01";
<gchristensen> needing to s/./-/ chews me up a bit
<andi-> yeah, that old issue..
<gchristensen> did you reboot?
<andi-> yeah
<andi-> I was trying to see if it comes back up
<gchristensen> cool
<andi-> but it doesn't look like it does..
<gchristensen> give it an eternity to decide its println-debugged firmware is done
<gchristensen> ssh ro-yNMv2L3By7PD47vYYzRjfCa8L@nyc1.tmate.io
<gchristensen> shall I reboot it again and we can watch bootup?
<andi-> yeah
<andi-> The developer of this firmware was like: Must log more hex!
<gchristensen> lol
* andi- ponders
<gchristensen> rollback?
<andi-> yes, please
<gchristensen> we can check the journal
<gchristensen> andi-: did you switch 2x?
<andi-> yeah
<andi-> I moved up 2 generations
<gchristensen> ok
<andi-> oh, shit that means my key isn't there o.O
<gchristensen> I added it with ~/.ssh/auth...
<gchristensen> but it seems that we can't connect *anyway*
<gchristensen> wtaf
<gchristensen> welp
<gchristensen> rip
<gchristensen> oh it is up now
v0|d has quit [Remote host closed the connection]
v0|d has joined #nixos-on-your-router
<gchristensen> btw you didn't need to use my tmux to edit, I opened it up and then wandered off to do some self-harm of looking at the results
<gchristensen> ooooh
<gchristensen> we shoulda set ar oot password
<andi-> yeah
<gchristensen> ah
<gchristensen> andi-: I held it at the bootloader for you
<andi-> yeah, I saw it
<andi-> will check in a bit
<gchristensen> cool, just didn't want you rushing back
<andi-> it is that stupid mac address issues again....
<gchristensen> yeah I was sure it would be
<andi-> I actually set it in the config.. at least so I thought
<gchristensen> oh
<andi-> MACAddress=
<andi-> The MAC address to use for the device. For "tun" or "tap" devices, setting MACAddress= in the [NetDev] section is not supported. Please specify it in [Link] section of the corresponding systemd.network(5) file.
<andi-> If this option is not set, "vlan" devices inherit the MAC address of the physical interface. For other kind of netdevs, if this option is not set, then MAC address is generated based on the interface name and
<andi-> the machine-id(5).
<andi-> I have a feeling this applies to bond as well..
<gchristensen> hm
<gchristensen> (aside: I love having a dedicated key for "kill this cgroup")
<andi-> gchristensen: you seeing that spam? I think that also points at their user...
<andi-> s/user/switch/
<gchristensen> oof I did
<andi-> gchristensen: can you hit that virtual reboot button again?
<gchristensen> ye
<gchristensen> 1s I killed my browser
<gchristensen> ugh have to log in
<andi-> So one of the two links is still dropping packets..
<andi-> Even thought the MAC address is now fixed
<gchristensen> andi-: I'm shutting down for the night
<andi-> gchristensen: good choice
<andi-> I was just writing on a Nix issue that I had in mind for days
<gchristensen> nice
<gchristensen> send it to me when you can
<gchristensen> g'night :)
<{^_^}> nix#4218 (by andir, 1 minute ago, open): flakes: allow composing from multiple files
<andi-> If you can't fight it join them.
<flokli> andi-: gchristensen: I need to set this correct, I didnt really consider using netplan only, but get some inspiration from its mental model, and how the different attributes/options are named.
cransom has quit [Ping timeout: 260 seconds]
cransom has joined #nixos-on-your-router
sphalerite has quit [Ping timeout: 260 seconds]
hexa- has quit [Ping timeout: 272 seconds]
sphalerite has joined #nixos-on-your-router
hexa- has joined #nixos-on-your-router
<gchristensen> :D
superherointj has joined #nixos-on-your-router
teto has joined #nixos-on-your-router
superherointj has quit [Quit: Leaving]
v0|d has quit [Read error: Connection reset by peer]
nwspk has quit [Quit: nwspk]
nwspk has joined #nixos-on-your-router