How does this have anything to do with ads? Advertisements are used to fund the content you watch, not the infrastructure. Infrastructure is funded with the money you pay each month to your ISP.
That depends. Are Facebook, Instagram, Reddit, Wikia, etc. the content or the infrastucture? A lot of content online is created for free but still infested by advertisements added by those handling the distribution.
I do, no issues at all with the beta Asahi kernel, you basically have to git clone https://github.com/tpwrules/nixos-apple-silicon in /etc/nixos/, include a file from that repo in the configuration.nix and configure as you like (beta gpu driver or not, which kernel, 4k pages or not, ecc). The experience then is exactly the same as a stock NixOS installation.
Mmh no, a company isn't the same thing as a physical person (seen as a human being, not as a single person business), for example. As such, they are threated differently.
You can accumulate/partition statistical numbers in different granularity. Here it's done by countries. You could also do it by men or women or whatever partitioning you want. And of course you can choose to not partition at all and report only one global number.
Calling it still earth overshoot day after partitioning might be not fully correct.
Efficiency is not a known concept here in Italy. There are people/companies who get fined for paying taxes, and other people/companies who don't get fined for not paying them. There is no presumption of innocence when dealing with italian tax authority. And things are super slow.
Yeah the state of the country is just sad. And obviously like in every disfunctional company there are the usual gaslighting liars who insist it's just normal and it's like this everywhere.
Pet theory: it's because not enough Italians speak English and Italy is the only place where Italian is a majority language. You end up with a culturally backwards country.
My router (a VM with passed through network card) is currently running on NixOS, I’m really happy so far, it makes kernel patching (which in my case is required for the nic to work properly at 2500BASE-T) much easier than manually patching and building the kernel every time. It also gives me the guarantee that I will be able to rebuild the exact same host almost bit by bit in the future, in case of necessity, which is important for something like a router (I also take vm snapshots but upgrades are crucial for something potentially facing the internet and handling firewall). Looking forward to move away from proxmox to a fully NixOS virtualisation host too.
Yeah I used to use pfSense but hated having a load of config and firewall rules created manually, it all felt quite brittle.
Moved to NixOS almost 5 years ago now and haven’t looked back, my router config is in Git and I’m able to make changes with confidence.
Best part is making a change/installing an update and being able to rollback if I mess something up. I also use Nixus to push new configs which has a nifty feature where it will autorollback if you e.g make a config change that locks you out of SSH.
I also moved from ESXI to NixOS for a virtualisation host more recently and that has been great as these machines are inherently long lived so you can’t apply the “cattle not pets” mindset here, but I feel like I can make changes and install updates with confidence. It also helped when I migrated to a Threadripper build where there were some strange quirks which needed Linux kernel patches, it’s nice being able to do this declaratively and to store everything in a versioned Git repo.
A couple years ago I was searching for a good way to declaratively manage them, and the best I came up with was libvirt + terraform + nixos-generators for images. It feels like you should just be able to set them up as systemd units, but I couldn’t figure it out.
Not OP (and I suspect they don’t have what you’re looking for since they have stated they treat the VMs as pets, not cattle). I currently use libvirt, but I eschew persistent VMs and instead build the libvirt domain XML with Nix, and then start VMs with `virsh create /path/to/myvm.xml`. Using an absolute path means that libvirt will not persist the domain, and makes it easier to declaratively manage the config with Nix.
However, none of my VMs are always-on, so I don’t have to deal with restarts on config change. That said, when libvirt isn’t managing the lifecycle of the VMs as much, writing a systemd unit should be quite a bit easier.
The VMs themselves are a mix of some manually created ones (the VM configs are still NixOS though), and some IaC VMs which I just use Terraform and the libvirt provider. It's a bit clunky but I wouldn't want to embed the VM config in the hypervisor configuration as the VMs can be live migrated to other hypervisors.
MicroVM looks awesome though, thanks for the pointer!
I appreciate your comment here, and the parent comment.
I've been using OPNSense[0] as my router for the past several months. So far, I am quite happy with it, but I've also thought that NixOS would be the next step.
My OPNSense router has 30+ VLANs and many layered firewall rules (my take on "zEr0 tRuSt") and so the task of converting it all to NixOS seems a little daunting.
I appreciate the utility of OPNSense's web GUI when configuring and troubleshooting my router config. It would be awesome if something like that could be integrated with NixOS. Additionally, something like nsh[1] to provide a traditional router/switch style CLI would be a dream come true.
NixOS is great for a basic home router (I use it for my home router) but it’s networking config is still pretty rudimentary, and some things I would expect to work just don’t - i.e. port forwarding only works from outside your network, not inside.
I haven’t done much with vlans yet so I can’t comment on that.
This has more to do with iptables/nftables I think. I solved this by adding my port forwarding rules to the prerouting chain and the output chain. You can use a jump to consolidate the rules, like so - https://gist.github.com/madjam002/d30f6000adf0761e92623f7de2...
As other commentators have said, switching to systemd networkd has allowed for more advanced network configurations than I ever managed with pfSense. IPv6 works pretty much out of the box with my ISP which uses DHCP prefix delegation, I can assign /64's to different VLAN networks, and more recently I set up network prefix translation (I think that's what it's called) for my lab kubernetes cluster so each pod gets a unique IPv6 address in the RFC 4193 range which maps to my actual ISP provided IPv6 prefix, so if I change ISP the IPs in the cluster would remain the same. Being able to expose Kubernetes services directly to the internet with unique IPv6 addresses is pretty nice :)
Not sure what you mean by config wrapper, but yes, systems-networkd is quite nice. Here's my home router setup with vlan1 for uplink to ISP, a bunch of other vlans for internal networks, and IPv6 prefix delegation to internal networks, and of course fireguard. All configured using systemd-networkd:
Port forwarding not working from inside the gateway sounds like it’s not doing hairpin NAT by default. I’m running a NixOS home router pair, not currently doing any port forwarding but now I’ll have to check that tonight, if nothing else people might appreciate an option for it.
One drawback I realized about NixOS as a router for home use is that if you need to share administration of the network, then it has to be easy for non-experts. In that case something like OpenWRT might be a better choice.
Just use a for loop in Python over all characters and ignore each char that is not in the ASCII range of letters, numbers and punctuation. Or retype by hand if you don't know Python.
