From 972b0456daf941c5f7aaaf48a6bd41bde0e048ef Mon Sep 17 00:00:00 2001 From: oddlama Date: Tue, 6 Jun 2023 01:04:39 +0200 Subject: [PATCH] chore: use flushBeforeStage2=true to avoid networking issues; fix loki listen address --- flake.lock | 10 ++++------ flake.nix | 2 +- hosts/common/core/net.nix | 3 +++ hosts/ward/default.nix | 5 ++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 8c461f5..a53d157 100644 --- a/flake.lock +++ b/flake.lock @@ -348,16 +348,14 @@ "nixpkgs": { "locked": { "lastModified": 1685290091, - "narHash": "sha256-GGQYNZ7POoqPTtXgPOLUuSiHkOKFRWYpCoWUOSeSRoU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "4e37b4e55b60fb7d43d2b62deb51032a489bcbe8", - "type": "github" + "narHash": "sha256-eJ4hOd5fA8i9uhpPFrpjLAb09wqfB+NH9utHh0PGD4k=", + "type": "git", + "url": "file:///root/projects/nixpkgs-test" }, "original": { "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", - "rev": "4e37b4e55b60fb7d43d2b62deb51032a489bcbe8", "type": "github" } }, diff --git a/flake.nix b/flake.nix index 4b27e87..9cf6c95 100644 --- a/flake.nix +++ b/flake.nix @@ -37,7 +37,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixpkgs.url = "github:NixOS/nixpkgs?rev=4e37b4e55b60fb7d43d2b62deb51032a489bcbe8"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; microvm = { url = "github:astro/microvm.nix"; diff --git a/hosts/common/core/net.nix b/hosts/common/core/net.nix index ed093a1..ed1ddb6 100644 --- a/hosts/common/core/net.nix +++ b/hosts/common/core/net.nix @@ -14,6 +14,9 @@ mkForce ; in { + # TODO needed until https://github.com/NixOS/nixpkgs/issues/236146 is resolved + boot.initrd.network.flushBeforeStage2 = true; + networking = { hostName = nodeName; useDHCP = mkForce false; diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix index 3b2e16d..e7977ac 100644 --- a/hosts/ward/default.nix +++ b/hosts/ward/default.nix @@ -253,7 +253,6 @@ in { networking.nftables.firewall = { zones = lib.mkForce { - #local-vms.interfaces = ["local-vms"]; proxy-sentinel.interfaces = ["proxy-sentinel"]; sentinel = { parent = "proxy-sentinel"; @@ -278,7 +277,7 @@ in { auth_enabled = false; server = { - http_listen_address = config.extra.wireguard."${parentNodeName}-local-vms".ipv4; + http_listen_address = config.extra.wireguard.proxy-sentinel.ipv4; http_listen_port = 3100; log_level = "warn"; }; @@ -340,6 +339,6 @@ in { }; # TODO this for other vms and services too? - systemd.services.loki.after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "local-vms"}.device"]; + systemd.services.loki.after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "proxy-sentinel"}.device"]; }; }