From a4a30aad448fb0b43f4a2e8d553015d6af379a32 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Tue, 12 May 2026 09:51:16 -0700 Subject: [PATCH] fix(ringtail): explicitly enable net.ipv4.ip_forward MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After the static IP change, k3s/flannel pod networking broke because ip_forward was 0. NixOS doesn't enable IP forwarding by default — it was previously being set implicitly somewhere in the NM-managed / scripted-DHCP path. With static networking we have to set it ourselves. Verified at runtime via sysctl -w before adding here; pod outbound came back immediately and Tailscale VIP services recovered without any pod restarts. Co-Authored-By: Claude Opus 4.7 (1M context) --- docs/changelog.d/ringtail-static-ip.infra.md | 2 +- nixos/ringtail/configuration.nix | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/changelog.d/ringtail-static-ip.infra.md b/docs/changelog.d/ringtail-static-ip.infra.md index 5137f48..8474b0a 100644 --- a/docs/changelog.d/ringtail-static-ip.infra.md +++ b/docs/changelog.d/ringtail-static-ip.infra.md @@ -1 +1 @@ -Pin ringtail's wired IP to `192.168.1.21` via NixOS scripted networking; NetworkManager no longer manages `enp5s0`. Removes DHCP lease renewal as a failure mode after a silent lease teardown took ringtail offline. +Pin ringtail's wired IP to `192.168.1.21` via NixOS scripted networking; NetworkManager no longer manages `enp5s0`. Removes DHCP lease renewal as a failure mode after a silent lease teardown took ringtail offline. Also explicitly enables `net.ipv4.ip_forward` (previously set implicitly by scripted-DHCP) so k3s pod networking and Tailscale routing continue to work with static networking. diff --git a/nixos/ringtail/configuration.nix b/nixos/ringtail/configuration.nix index bd46222..e8c634a 100644 --- a/nixos/ringtail/configuration.nix +++ b/nixos/ringtail/configuration.nix @@ -31,6 +31,12 @@ in networking.defaultGateway = "192.168.1.1"; networking.nameservers = [ "192.168.1.1" "1.1.1.1" ]; + # K3s pod networking and Tailscale tunnel routing require IP forwarding. + # NixOS leaves this off by default; previously it was being enabled + # implicitly by NM/scripted-DHCP setup, but with static networking we + # have to set it explicitly. + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + # Time zone time.timeZone = "America/Los_Angeles";