<Ke>
I mean spectrum doesn't have intrusive patches on top
<Ke>
?
<JJJollyjim>
spectrum doesn’t exist as an OS in any recognisable form
<JJJollyjim>
the nixpkgs fork mostly just adds packages
<JJJollyjim>
there’s no spectrum iso or anything
<Ke>
and a desktop session module?
<Ke>
or no?
<Ke>
I guess a system, which runs inside the vm
<qyliss>
we have various test systems that run inside VMs
<qyliss>
but they're not usable for day to day computing yet
<qyliss>
right now I'm working mostly on the virtual machine software itself
<qyliss>
so what we have so far in Spectrum Nixpkgs is various VMs that help me test that
leah2 has quit [Ping timeout: 250 seconds]
leah2 has joined #spectrum
<qyliss>
puck: the NDP proxy would be for if I wanted to have multiple VMs on my local network, right?
<qyliss>
if I want to have one VM that acts as a router for the others, that shouldn't require an NDP proxy AIUI?
<puck>
qyliss: okay, so
<puck>
qyliss: normally, ipv6 network routing works ~like this
<puck>
your modem/router gets an IPv6 address, and requests a /64 from the ISP; the ISP now knows that that entire /64 is "run" by your modem/router
<puck>
so any traffic for IPs in that range get sent to that modem
<puck>
but when connected to your router, that /64 is used to handle the entire subnet, and you can't really subdivide it any further. at this point, the IPv6 router advertisements kick in
<puck>
your router broadcasts "hey this /64 is where you can get your IPs from", and any device on that network can then get any IP from that subnet, statelessly
<puck>
but that means that you need a ~equivalent to ARP, to be able to tell who owns an IP. this is where NDP comes in
<qyliss>
oh I see
<puck>
the issue is, if you want to give a VM an IPv6 address, it'll probably come out of that /64 too
<qyliss>
right now I'm statically assigning ULAs to VMs
<puck>
because, well, why would you do IPv6 NAT
<puck>
but because you're not on the same physical link (presumably), you can't use NDP to ask "hey who owns $vm_external_ip"
<puck>
so at that point you need an NDP proxy, to basically ask the VM "hey do you own this IP", and if yes, then the NDP proxy responds to your router with "i own this ip, send the traffic to me"
<qyliss>
right, I see
<qyliss>
I think I need to think about how this should work in cases where VMs shouldn't get to know the IP of the local network, e.g. when there's a Tor gateway involved
<puck>
and, fwiw, you can have >1 "router" on one physical link, with different subnets announced
<puck>
so you can announce a /64 ULA, and optionally forward the router advertisements from the outside world
<Shados>
puck: you can't have SLAAC if you do this, but otherwise you *can* subnet a /64 with dhcpv6 on each of your subnets, it's just not terribly recommended
<puck>
yes
<puck>
i know that :p
<puck>
but if you're running a normal home network, that won't be the case
<puck>
if your ISP gets you less than a /64 i'd be amazed
<Shados>
I thought you might know that, but wasn't sure re. your comment that "you can't really subdivide it any further"; this is a valid option in some cases, even if it's not amazing
<puck>
most software assumes a /64 is the smallest subnet that someone will get usually, though
<puck>
e.g. scaleway giving out /128s, which means unless there's a special exception, one person will get a whole lot of machines banned
<Shados>
Oh that's quite cursed
<Shados>
My ISP is nice enough to hand out /56s on my services
<puck>
yeah, that's standard
<puck>
i can DHCPv6-PD against my modem/router and get a /64 out of that range
<Shados>
The situation with my servers is variable and often worse, amusingly