chore: use flushBeforeStage2=true to avoid networking issues; fix loki listen address

2025-10-11 07:10:39 +02:00 · 2023-06-06 01:04:39 +02:00 · 2023-06-06 01:04:39 +02:00 · 972b0456da
commit 972b0456da
parent 90499504b5
4 changed files with 10 additions and 10 deletions
--- a/flake.lock
+++ b/flake.lock
@ -348,16 +348,14 @@
    "nixpkgs": {
      "locked": {
        "lastModified": 1685290091,
-        "narHash": "sha256-GGQYNZ7POoqPTtXgPOLUuSiHkOKFRWYpCoWUOSeSRoU=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "4e37b4e55b60fb7d43d2b62deb51032a489bcbe8",
-        "type": "github"
+        "narHash": "sha256-eJ4hOd5fA8i9uhpPFrpjLAb09wqfB+NH9utHh0PGD4k=",
+        "type": "git",
+        "url": "file:///root/projects/nixpkgs-test"
      },
      "original": {
        "owner": "NixOS",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
-        "rev": "4e37b4e55b60fb7d43d2b62deb51032a489bcbe8",
        "type": "github"
      }
    },
--- a/flake.nix
+++ b/flake.nix
@ -37,7 +37,7 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

-    nixpkgs.url = "github:NixOS/nixpkgs?rev=4e37b4e55b60fb7d43d2b62deb51032a489bcbe8";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

    microvm = {
      url = "github:astro/microvm.nix";
--- a/hosts/common/core/net.nix
+++ b/hosts/common/core/net.nix
@ -14,6 +14,9 @@
    mkForce
    ;
 in {
+  # TODO needed until https://github.com/NixOS/nixpkgs/issues/236146 is resolved
+  boot.initrd.network.flushBeforeStage2 = true;
+
  networking = {
    hostName = nodeName;
    useDHCP = mkForce false;
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@ -253,7 +253,6 @@ in {

    networking.nftables.firewall = {
      zones = lib.mkForce {
-        #local-vms.interfaces = ["local-vms"];
        proxy-sentinel.interfaces = ["proxy-sentinel"];
        sentinel = {
          parent = "proxy-sentinel";
@ -278,7 +277,7 @@ in {
        auth_enabled = false;

        server = {
-          http_listen_address = config.extra.wireguard."${parentNodeName}-local-vms".ipv4;
+          http_listen_address = config.extra.wireguard.proxy-sentinel.ipv4;
          http_listen_port = 3100;
          log_level = "warn";
        };
@ -340,6 +339,6 @@ in {
    };

    # TODO this for other vms and services too?
-    systemd.services.loki.after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "local-vms"}.device"];
+    systemd.services.loki.after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "proxy-sentinel"}.device"];
  };
 }