eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

fix(ringtail): explicitly enable net.ipv4.ip_forward

Browse source 
After the static IP change, k3s/flannel pod networking broke because
ip_forward was 0. NixOS doesn't enable IP forwarding by default — it
was previously being set implicitly somewhere in the NM-managed /
scripted-DHCP path. With static networking we have to set it ourselves.

Verified at runtime via sysctl -w before adding here; pod outbound
came back immediately and Tailscale VIP services recovered without
any pod restarts.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Erich Blume 2026-05-12 09:51:16 -07:00
commit a4a30aad44
2 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nixos/ringtail/configuration.nix
View file

@ -31,6 +31,12 @@ in
networking.defaultGateway = "192.168.1.1";
networking.nameservers = [ "192.168.1.1" "1.1.1.1" ];
# K3s pod networking and Tailscale tunnel routing require IP forwarding.
# NixOS leaves this off by default; previously it was being enabled
# implicitly by NM/scripted-DHCP setup, but with static networking we
# have to set it explicitly.
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
# Time zone
time.timeZone = "America/Los_Angeles";