diff --git a/services/game-servers.nix b/services/game-servers.nix index 6cf75ee..7d49ee4 100644 --- a/services/game-servers.nix +++ b/services/game-servers.nix @@ -171,6 +171,23 @@ }; }; + # Stop 7DTD containers from crash-looping forever — after 5 failures + # within 5 minutes, systemd gives up. Without this, a broken container + # spawns a new veth pair every 30 s, flooding systemd-networkd and + # potentially interfering with DHCP on the WAN interface. + systemd.services."docker-7dtd".serviceConfig = { + Restart = lib.mkForce "on-failure"; + RestartSec = "30s"; + StartLimitIntervalSec = 300; + StartLimitBurst = 5; + }; + systemd.services."docker-7dtd-coop".serviceConfig = { + Restart = lib.mkForce "on-failure"; + RestartSec = "30s"; + StartLimitIntervalSec = 300; + StartLimitBurst = 5; + }; + networking.firewall.allowedTCPPorts = [ 26900 26910 ]; networking.firewall.allowedUDPPorts = [ 26900 26901 26902 26910 26911 26912 ]; }; diff --git a/services/router.nix b/services/router.nix index ecc7247..fde6002 100644 --- a/services/router.nix +++ b/services/router.nix @@ -75,6 +75,21 @@ in # --- Interface configuration --- systemd.network = { enable = true; + + # Pin interface names to MAC addresses so they never swap across boots. + # Without this, "eth0" is an unpredictable kernel name that depends on + # device probe order — if the NICs swap, the entire LAN/WAN config breaks. + links = { + "10-wan" = { + matchConfig.MACAddress = "6c:0b:84:0c:4c:59"; + linkConfig.Name = "eno1"; + }; + "20-lan" = { + matchConfig.MACAddress = "6c:0b:84:0c:4c:58"; + linkConfig.Name = "eth0"; + }; + }; + networks = { "10-wan" = { matchConfig.Name = "eno1";