Compare commits

...

2 commits

Author SHA1 Message Date
8560c11afa fix NIC naming: use udev rules instead of .link files
systemd.network.links didn't generate files; use udev extraRules
to pin NIC names to MACs. Also disable networking.useDHCP catch-all
that silently misconfigured the LAN NIC when it got a wrong name.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 09:31:57 +01:00
94d5b6a2a1 pin NIC names to MAC + limit 7DTD restart loops
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 09:31:57 +01:00
3 changed files with 27 additions and 1 deletions

View file

@ -29,7 +29,7 @@
]; ];
# Basic networking # Basic networking
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkForce false;
# Allow fred to act as a remote Nix builder (trusted users can import # Allow fred to act as a remote Nix builder (trusted users can import
# unsigned store paths sent by the build client). # unsigned store paths sent by the build client).

View file

@ -171,6 +171,23 @@
}; };
}; };
# Stop 7DTD containers from crash-looping forever — after 5 failures
# within 5 minutes, systemd gives up. Without this, a broken container
# spawns a new veth pair every 30 s, flooding systemd-networkd and
# potentially interfering with DHCP on the WAN interface.
systemd.services."docker-7dtd".serviceConfig = {
Restart = lib.mkForce "on-failure";
RestartSec = "30s";
StartLimitIntervalSec = 300;
StartLimitBurst = 5;
};
systemd.services."docker-7dtd-coop".serviceConfig = {
Restart = lib.mkForce "on-failure";
RestartSec = "30s";
StartLimitIntervalSec = 300;
StartLimitBurst = 5;
};
networking.firewall.allowedTCPPorts = [ 26900 26910 ]; networking.firewall.allowedTCPPorts = [ 26900 26910 ];
networking.firewall.allowedUDPPorts = [ 26900 26901 26902 26910 26911 26912 ]; networking.firewall.allowedUDPPorts = [ 26900 26901 26902 26910 26911 26912 ];
}; };

View file

@ -72,9 +72,18 @@ in
"net.ipv6.conf.all.disable_ipv6" = 1; "net.ipv6.conf.all.disable_ipv6" = 1;
}; };
# Pin interface names to MAC addresses so they never swap across boots.
# Without this, "eth0" is an unpredictable kernel name that depends on
# device probe order — if the NICs swap, the entire LAN/WAN config breaks.
services.udev.extraRules = ''
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="6c:0b:84:0c:4c:58", NAME="eth0"
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="6c:0b:84:0c:4c:59", NAME="eno1"
'';
# --- Interface configuration --- # --- Interface configuration ---
systemd.network = { systemd.network = {
enable = true; enable = true;
networks = { networks = {
"10-wan" = { "10-wan" = {
matchConfig.Name = "eno1"; matchConfig.Name = "eno1";