diff --git a/hosts/FredOS-Mediaserver.nix b/hosts/FredOS-Mediaserver.nix index 3f98e1d..f9f3c95 100644 --- a/hosts/FredOS-Mediaserver.nix +++ b/hosts/FredOS-Mediaserver.nix @@ -29,7 +29,7 @@ ]; # Basic networking - networking.useDHCP = lib.mkDefault true; + networking.useDHCP = lib.mkForce false; # Allow fred to act as a remote Nix builder (trusted users can import # unsigned store paths sent by the build client). diff --git a/services/game-servers.nix b/services/game-servers.nix index 6cf75ee..7d49ee4 100644 --- a/services/game-servers.nix +++ b/services/game-servers.nix @@ -171,6 +171,23 @@ }; }; + # Stop 7DTD containers from crash-looping forever — after 5 failures + # within 5 minutes, systemd gives up. Without this, a broken container + # spawns a new veth pair every 30 s, flooding systemd-networkd and + # potentially interfering with DHCP on the WAN interface. + systemd.services."docker-7dtd".serviceConfig = { + Restart = lib.mkForce "on-failure"; + RestartSec = "30s"; + StartLimitIntervalSec = 300; + StartLimitBurst = 5; + }; + systemd.services."docker-7dtd-coop".serviceConfig = { + Restart = lib.mkForce "on-failure"; + RestartSec = "30s"; + StartLimitIntervalSec = 300; + StartLimitBurst = 5; + }; + networking.firewall.allowedTCPPorts = [ 26900 26910 ]; networking.firewall.allowedUDPPorts = [ 26900 26901 26902 26910 26911 26912 ]; }; diff --git a/services/router.nix b/services/router.nix index ecc7247..63df5ea 100644 --- a/services/router.nix +++ b/services/router.nix @@ -72,9 +72,18 @@ in "net.ipv6.conf.all.disable_ipv6" = 1; }; + # Pin interface names to MAC addresses so they never swap across boots. + # Without this, "eth0" is an unpredictable kernel name that depends on + # device probe order — if the NICs swap, the entire LAN/WAN config breaks. + services.udev.extraRules = '' + SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="6c:0b:84:0c:4c:58", NAME="eth0" + SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="6c:0b:84:0c:4c:59", NAME="eno1" + ''; + # --- Interface configuration --- systemd.network = { enable = true; + networks = { "10-wan" = { matchConfig.Name = "eno1";