Merge pull request 'C1: pin ringtail wired IP to 192.168.1.21 (static)' (#355) from ringtail-static-ip into main

2026-05-12 09:59:59 -07:00 · 2026-05-12 09:59:59 -07:00 · bc8ceb502b
commit bc8ceb502b
parent dc0916a548 a4a30aad44
3 changed files with 33 additions and 1 deletions
--- a/docs/changelog.d/ringtail-static-ip.infra.md
+++ b/docs/changelog.d/ringtail-static-ip.infra.md
@ -0,0 +1 @@
+Pin ringtail's wired IP to `192.168.1.21` via NixOS scripted networking; NetworkManager no longer manages `enp5s0`. Removes DHCP lease renewal as a failure mode after a silent lease teardown took ringtail offline. Also explicitly enables `net.ipv4.ip_forward` (previously set implicitly by scripted-DHCP) so k3s pod networking and Tailscale routing continue to work with static networking.
--- a/docs/reference/infrastructure/ringtail.md
+++ b/docs/reference/infrastructure/ringtail.md
@ -25,6 +25,19 @@ Service host and gaming PC. Custom-built PC running NixOS.
 | **OS** | NixOS 25.11 (Sway/Wayland) |
 | **Tailscale hostname** | `ringtail.tail8d86e.ts.net` |

+## Networking
+
+| Property | Value |
+|----------|-------|
+| **Interface (wired)** | `enp5s0` |
+| **IP** | `192.168.1.21/24` (static, set by NixOS scripted networking) |
+| **Gateway** | `192.168.1.1` (UX7) |
+| **DNS** | `192.168.1.1`, `1.1.1.1` (used as Tailscale's upstream resolvers; `/etc/resolv.conf` is owned by Tailscale's MagicDNS at `100.100.100.100`) |
+| **DHCP reservation** | UniFi "Fixed IP" tied to ringtail's MAC; belt-and-suspenders so the UX7 won't lease `192.168.1.21` to anyone else even though ringtail no longer asks for it |
+| **Wireless** | `wlp6s0` still managed by NetworkManager as a fallback path |
+
+NetworkManager is enabled but explicitly excluded from managing `enp5s0` via `networking.networkmanager.unmanaged = [ "interface-name:enp5s0" ]`. The wired address is configured by a deterministic `network-addresses-enp5s0.service` oneshot — no daemon, no lease, no renewal.
+
 ## Software

 Managed declaratively via `nixos/ringtail/configuration.nix`. Home-manager handles ringtail-specific sway/waybar config; chezmoi manages cross-platform dotfiles.
--- a/nixos/ringtail/configuration.nix
+++ b/nixos/ringtail/configuration.nix
@ -16,8 +16,26 @@ in
  systemd.tpm2.enable = false;

  # Networking
+  # Wired interface (enp5s0) uses a static IP configured by NixOS scripted
+  # networking; NetworkManager is left enabled for the wireless fallback only.
  networking.hostName = "ringtail";
-  networking.networkmanager.enable = true;
+  networking.networkmanager = {
+    enable = true;
+    unmanaged = [ "interface-name:enp5s0" ];
+  };
+  networking.useDHCP = false;
+  networking.interfaces.enp5s0.ipv4.addresses = [{
+    address = "192.168.1.21";
+    prefixLength = 24;
+  }];
+  networking.defaultGateway = "192.168.1.1";
+  networking.nameservers = [ "192.168.1.1" "1.1.1.1" ];
+
+  # K3s pod networking and Tailscale tunnel routing require IP forwarding.
+  # NixOS leaves this off by default; previously it was being enabled
+  # implicitly by NM/scripted-DHCP setup, but with static networking we
+  # have to set it explicitly.
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;

  # Time zone
  time.timeZone = "America/Los_Angeles";
				`@ -0,0 +1 @@`
				Pin ringtail's wired IP to `192.168.1.21` via NixOS scripted networking; NetworkManager no longer manages `enp5s0`. Removes DHCP lease renewal as a failure mode after a silent lease teardown took ringtail offline. Also explicitly enables `net.ipv4.ip_forward` (previously set implicitly by scripted-DHCP) so k3s pod networking and Tailscale routing continue to work with static networking.