From 94d5b6a2a116fd3b90eaee15683e906f6de78f48 Mon Sep 17 00:00:00 2001 From: rope Date: Fri, 22 May 2026 09:02:03 +0100 Subject: [PATCH 1/2] pin NIC names to MAC + limit 7DTD restart loops Co-Authored-By: Claude Opus 4.6 --- services/game-servers.nix | 17 +++++++++++++++++ services/router.nix | 15 +++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/services/game-servers.nix b/services/game-servers.nix index 6cf75ee..7d49ee4 100644 --- a/services/game-servers.nix +++ b/services/game-servers.nix @@ -171,6 +171,23 @@ }; }; + # Stop 7DTD containers from crash-looping forever — after 5 failures + # within 5 minutes, systemd gives up. Without this, a broken container + # spawns a new veth pair every 30 s, flooding systemd-networkd and + # potentially interfering with DHCP on the WAN interface. + systemd.services."docker-7dtd".serviceConfig = { + Restart = lib.mkForce "on-failure"; + RestartSec = "30s"; + StartLimitIntervalSec = 300; + StartLimitBurst = 5; + }; + systemd.services."docker-7dtd-coop".serviceConfig = { + Restart = lib.mkForce "on-failure"; + RestartSec = "30s"; + StartLimitIntervalSec = 300; + StartLimitBurst = 5; + }; + networking.firewall.allowedTCPPorts = [ 26900 26910 ]; networking.firewall.allowedUDPPorts = [ 26900 26901 26902 26910 26911 26912 ]; }; diff --git a/services/router.nix b/services/router.nix index ecc7247..fde6002 100644 --- a/services/router.nix +++ b/services/router.nix @@ -75,6 +75,21 @@ in # --- Interface configuration --- systemd.network = { enable = true; + + # Pin interface names to MAC addresses so they never swap across boots. + # Without this, "eth0" is an unpredictable kernel name that depends on + # device probe order — if the NICs swap, the entire LAN/WAN config breaks. + links = { + "10-wan" = { + matchConfig.MACAddress = "6c:0b:84:0c:4c:59"; + linkConfig.Name = "eno1"; + }; + "20-lan" = { + matchConfig.MACAddress = "6c:0b:84:0c:4c:58"; + linkConfig.Name = "eth0"; + }; + }; + networks = { "10-wan" = { matchConfig.Name = "eno1"; From 8560c11afaf3c7c54c5aaad0e6187714d1d18dd3 Mon Sep 17 00:00:00 2001 From: rope Date: Fri, 22 May 2026 09:27:10 +0100 Subject: [PATCH 2/2] fix NIC naming: use udev rules instead of .link files systemd.network.links didn't generate files; use udev extraRules to pin NIC names to MACs. Also disable networking.useDHCP catch-all that silently misconfigured the LAN NIC when it got a wrong name. Co-Authored-By: Claude Opus 4.6 --- hosts/FredOS-Mediaserver.nix | 2 +- services/router.nix | 22 ++++++++-------------- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/hosts/FredOS-Mediaserver.nix b/hosts/FredOS-Mediaserver.nix index 3f98e1d..f9f3c95 100644 --- a/hosts/FredOS-Mediaserver.nix +++ b/hosts/FredOS-Mediaserver.nix @@ -29,7 +29,7 @@ ]; # Basic networking - networking.useDHCP = lib.mkDefault true; + networking.useDHCP = lib.mkForce false; # Allow fred to act as a remote Nix builder (trusted users can import # unsigned store paths sent by the build client). diff --git a/services/router.nix b/services/router.nix index fde6002..63df5ea 100644 --- a/services/router.nix +++ b/services/router.nix @@ -72,24 +72,18 @@ in "net.ipv6.conf.all.disable_ipv6" = 1; }; + # Pin interface names to MAC addresses so they never swap across boots. + # Without this, "eth0" is an unpredictable kernel name that depends on + # device probe order — if the NICs swap, the entire LAN/WAN config breaks. + services.udev.extraRules = '' + SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="6c:0b:84:0c:4c:58", NAME="eth0" + SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="6c:0b:84:0c:4c:59", NAME="eno1" + ''; + # --- Interface configuration --- systemd.network = { enable = true; - # Pin interface names to MAC addresses so they never swap across boots. - # Without this, "eth0" is an unpredictable kernel name that depends on - # device probe order — if the NICs swap, the entire LAN/WAN config breaks. - links = { - "10-wan" = { - matchConfig.MACAddress = "6c:0b:84:0c:4c:59"; - linkConfig.Name = "eno1"; - }; - "20-lan" = { - matchConfig.MACAddress = "6c:0b:84:0c:4c:58"; - linkConfig.Name = "eth0"; - }; - }; - networks = { "10-wan" = { matchConfig.Name = "eno1";