#nixos-systemd on 2020-12-16

2020-11-24 14:32 ChanServ changed the topic of #nixos-systemd to: NixOS <3 systemd | https://jitsi.nixcon.net/systemd | Next meeting 08.12.2020 14:00 UTC (every two weeks)

02:39 manveru[m] has quit [Ping timeout: 268 seconds]

02:39 emily has quit [Ping timeout: 268 seconds]

02:39 aanderse has quit [Ping timeout: 268 seconds]

02:39 manveru[m] has joined #nixos-systemd

02:39 aanderse has joined #nixos-systemd

02:40 emily has joined #nixos-systemd

03:50 andi- has quit [Ping timeout: 258 seconds]

04:06 andi- has joined #nixos-systemd

05:38 <Mic92> arianvp: it predates our configuration generation options.

05:38 <Mic92> these days a free form module would do.

16:20 pie_ has quit [Quit: No Ping reply in 180 seconds.]

16:21 pie_ has joined #nixos-systemd

19:19 <flokli> arianvp: Mic92: any idea on the networkd privacy test situation?

19:19 <Mic92> flokli: I have not looked into the problem

19:20 <flokli> Yeah, same here.

19:22 <Mic92> flokli: someone bisected it however

19:24 <Mic92> But I am also done for today

19:34 <Mic92> flokli: I would give this a debugging session, if somebody has some tested code on how to reproduce this without nixos tests.

19:35 <flokli> I think it's mostly a matter of checking which ipv6 addresses are on the interfaces

19:36 <flokli> But I don't really understand what the regex is checking

19:36 <flokli> It might be useful to check upstreams' test coverage for it, too.

19:57 <Mic92> flokli: it checks probably the source address that is included ip route get

19:57 <flokli> yes

19:58 <flokli> but how to distinguish EUI-64 from private ones with grep…

20:08 <hexa-> fuzzy ff:fe matching

20:08 <hexa-> or check for a mngtmpaddr maybe, idk

20:11 <kloenk> maybe the json output of ip can help to make matching easier?

20:14 <flokli> the thing is, I don't think matching is the problem

20:14 <flokli> but this is indeed a regression

20:15 <flokli> ip -6 -br a shows me one fd00:1234:5678:1:5054:ff:fe12:{101,102}/64 (plus link-local with the same last 64 bits)

20:15 <flokli> 101 on the "client" vm, 102 on the "clientwithprivacy"

20:16 <flokli> cat /proc/sys/net/ipv6/conf/eth1/use_tempaddr is "-1" on both machines

20:19 <flokli> I don't understand the point of setting networking.interfaces.eth1.tempAddress = "default"

20:21 <flokli> scrolling through nixos/modules/tasks/network-interfaces.nix, this should cause the "net.ipv6.conf.$interface.use_tempaddr" sysctl to be set to "1" (not -1)

20:22 <flokli> IIRC, networkd does do some funky stuff with handling ndisc by itself, and not asking the kernel to do it, so not sure how much these still apply

20:23 <flokli> on the other hand, we have something in nixos/modules/tasks/network-interfaces-systemd.nix explicitly setting networkConfig.IPv6PrivacyExtensions = "kernel"

20:23 <flokli> maybe that part regressed in systemd

20:30 <flokli> hah, I got a fix!

20:38 <flokli> https://github.com/NixOS/nixpkgs/pull/107061

20:38 <{^_^}> #107061 (by flokli, 24 seconds ago, open): nixos/network-interfaces-systemd: fix IPv6 privacy extensions

22:12 <flokli> https://github.com/NixOS/nixpkgs/pull/107067

22:12 <{^_^}> #107067 (by flokli, 1 minute ago, open): systemd: 247.1 -> 247.2

22:39 <flokli> ^ pbb: you might want to review this, we maybe want to go to 247.2 directly, considering 247.1 rebuild didn't yet happen.

23:15 <pbb> flokli: thanks, I'm on it!