Compare commits
2 commits
e7222b566b
...
8560c11afa
| Author | SHA1 | Date | |
|---|---|---|---|
| 8560c11afa | |||
| 94d5b6a2a1 |
3 changed files with 27 additions and 1 deletions
|
|
@ -29,7 +29,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
# Basic networking
|
# Basic networking
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkForce false;
|
||||||
|
|
||||||
# Allow fred to act as a remote Nix builder (trusted users can import
|
# Allow fred to act as a remote Nix builder (trusted users can import
|
||||||
# unsigned store paths sent by the build client).
|
# unsigned store paths sent by the build client).
|
||||||
|
|
|
||||||
|
|
@ -171,6 +171,23 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Stop 7DTD containers from crash-looping forever — after 5 failures
|
||||||
|
# within 5 minutes, systemd gives up. Without this, a broken container
|
||||||
|
# spawns a new veth pair every 30 s, flooding systemd-networkd and
|
||||||
|
# potentially interfering with DHCP on the WAN interface.
|
||||||
|
systemd.services."docker-7dtd".serviceConfig = {
|
||||||
|
Restart = lib.mkForce "on-failure";
|
||||||
|
RestartSec = "30s";
|
||||||
|
StartLimitIntervalSec = 300;
|
||||||
|
StartLimitBurst = 5;
|
||||||
|
};
|
||||||
|
systemd.services."docker-7dtd-coop".serviceConfig = {
|
||||||
|
Restart = lib.mkForce "on-failure";
|
||||||
|
RestartSec = "30s";
|
||||||
|
StartLimitIntervalSec = 300;
|
||||||
|
StartLimitBurst = 5;
|
||||||
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 26900 26910 ];
|
networking.firewall.allowedTCPPorts = [ 26900 26910 ];
|
||||||
networking.firewall.allowedUDPPorts = [ 26900 26901 26902 26910 26911 26912 ];
|
networking.firewall.allowedUDPPorts = [ 26900 26901 26902 26910 26911 26912 ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -72,9 +72,18 @@ in
|
||||||
"net.ipv6.conf.all.disable_ipv6" = 1;
|
"net.ipv6.conf.all.disable_ipv6" = 1;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Pin interface names to MAC addresses so they never swap across boots.
|
||||||
|
# Without this, "eth0" is an unpredictable kernel name that depends on
|
||||||
|
# device probe order — if the NICs swap, the entire LAN/WAN config breaks.
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="6c:0b:84:0c:4c:58", NAME="eth0"
|
||||||
|
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="6c:0b:84:0c:4c:59", NAME="eno1"
|
||||||
|
'';
|
||||||
|
|
||||||
# --- Interface configuration ---
|
# --- Interface configuration ---
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
networks = {
|
networks = {
|
||||||
"10-wan" = {
|
"10-wan" = {
|
||||||
matchConfig.Name = "eno1";
|
matchConfig.Name = "eno1";
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue