C1: pin ringtail wired IP to 192.168.1.21 (static) #355

Merged

eblume merged 2 commits from ringtail-static-ip into main 2026-05-12 10:00:10 -07:00

Conversation 0 Commits 2 Files changed 3 +33 -1

eblume commented 2026-05-12 09:34:30 -07:00

Owner

Copy link

Summary

Pins ringtail's wired interface (enp5s0) to 192.168.1.21/24 via NixOS scripted networking. NetworkManager remains enabled for wireless fallback only — it no longer manages the wired interface. Removes DHCP lease renewal as a failure mode.

Why

On 2026-05-12 ~06:51 PDT, ringtail dropped off the tailnet for ~2.5h. Diagnosis:

• The IP and all associated routes (LAN subnet + default gateway) were removed from enp5s0.
• The physical link never went down — zero kernel ring-buffer entries for the NIC.
• NetworkManager (the only network service in the config) was completely silent in the journal at the disconnect moment.
• The host stayed up; only L3 connectivity was lost. From indri's side, ringtail was registered in the netmap but with LastHandshake: 0001-01-01 (never).
• Cascading impact: ssh/tailscale/k3s probes failed; Authentik, Ntfy, Frigate were all unreachable (k3s-ringtail workloads); Frigate camera FPS alert fired.

Most likely root cause: silent DHCP lease teardown by NetworkManager (or NM itself crashing silently — its journal had only two entries since 2026-04-30). There was also no DHCP reservation on the UX7 for ringtail's MAC, so the IP wasn't even pinned at the router level.

Change

• networking.networkmanager.unmanaged = [ "interface-name:enp5s0" ] — NM no longer touches the wired interface.
• networking.useDHCP = false — no scripted DHCP on any interface.
• Static address, gateway, and nameservers for enp5s0.
• DNS: 192.168.1.1 (UX7) + 1.1.1.1 (fallback). These become Tailscale's upstream resolvers since MagicDNS owns /etc/resolv.conf.

UniFi: 192.168.1.21 is now also set as a "Fixed IP" reservation tied to ringtail's MAC, so even though ringtail won't ask for DHCP, the UX7 won't lease this IP to anything else.

Test plan

• mise run provision-ringtail from this branch — deploy the static config.
• During activation, watch for ssh control mux glitch (known risk: NM releasing enp5s0 while scripted networking reclaims it). Physical console available at the desk if needed.
• After deploy: confirm ip addr show enp5s0 shows 192.168.1.21/24, ip route show default shows via 192.168.1.1 dev enp5s0, and the route comes from proto static (not proto dhcp).
• Verify ssh still works over tailnet (ssh ringtail).
• Verify k3s services are healthy (mise run services-check).
• Reboot ringtail and confirm it comes back online without manual intervention.

🤖 Generated with Claude Code

## Summary Pins ringtail's wired interface (`enp5s0`) to `192.168.1.21/24` via NixOS scripted networking. NetworkManager remains enabled for wireless fallback only — it no longer manages the wired interface. Removes DHCP lease renewal as a failure mode. ## Why On 2026-05-12 ~06:51 PDT, ringtail dropped off the tailnet for ~2.5h. Diagnosis: - The IP and all associated routes (LAN subnet + default gateway) were removed from `enp5s0`. - The physical link never went down — zero kernel ring-buffer entries for the NIC. - NetworkManager (the only network service in the config) was completely silent in the journal at the disconnect moment. - The host stayed up; only L3 connectivity was lost. From indri's side, ringtail was registered in the netmap but with `LastHandshake: 0001-01-01` (never). - Cascading impact: ssh/tailscale/k3s probes failed; Authentik, Ntfy, Frigate were all unreachable (k3s-ringtail workloads); Frigate camera FPS alert fired. Most likely root cause: silent DHCP lease teardown by NetworkManager (or NM itself crashing silently — its journal had only two entries since 2026-04-30). There was also no DHCP reservation on the UX7 for ringtail's MAC, so the IP wasn't even pinned at the router level. ## Change - `networking.networkmanager.unmanaged = [ "interface-name:enp5s0" ]` — NM no longer touches the wired interface. - `networking.useDHCP = false` — no scripted DHCP on any interface. - Static address, gateway, and nameservers for `enp5s0`. - DNS: `192.168.1.1` (UX7) + `1.1.1.1` (fallback). These become Tailscale's upstream resolvers since MagicDNS owns `/etc/resolv.conf`. UniFi: `192.168.1.21` is now also set as a "Fixed IP" reservation tied to ringtail's MAC, so even though ringtail won't ask for DHCP, the UX7 won't lease this IP to anything else. ## Test plan - [ ] `mise run provision-ringtail` from this branch — deploy the static config. - [ ] During activation, watch for ssh control mux glitch (known risk: NM releasing `enp5s0` while scripted networking reclaims it). Physical console available at the desk if needed. - [ ] After deploy: confirm `ip addr show enp5s0` shows `192.168.1.21/24`, `ip route show default` shows `via 192.168.1.1 dev enp5s0`, and the route comes from `proto static` (not `proto dhcp`). - [ ] Verify ssh still works over tailnet (`ssh ringtail`). - [ ] Verify k3s services are healthy (`mise run services-check`). - [ ] Reboot ringtail and confirm it comes back online without manual intervention. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

eblume added 1 commit 2026-05-12 09:34:30 -07:00

C1: pin ringtail wired IP to 192.168.1.21 (static) ... d0b5423135

Removes DHCP lease renewal as a failure mode on ringtail after an outage
on 2026-05-12 where the IP and routes silently disappeared from enp5s0
without any kernel link event. NetworkManager stays enabled for wireless
fallback but no longer manages the wired interface.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

eblume added 1 commit 2026-05-12 09:51:28 -07:00

fix(ringtail): explicitly enable net.ipv4.ip_forward ... a4a30aad44

After the static IP change, k3s/flannel pod networking broke because
ip_forward was 0. NixOS doesn't enable IP forwarding by default — it
was previously being set implicitly somewhere in the NM-managed /
scripted-DHCP path. With static networking we have to set it ourselves.

Verified at runtime via sysctl -w before adding here; pod outbound
came back immediately and Tailscale VIP services recovered without
any pod restarts.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

eblume merged commit bc8ceb502b into main 2026-05-12 10:00:10 -07:00

eblume referenced this pull request from a commit 2026-05-12 10:00:16 -07:00

Merge pull request 'C1: pin ringtail wired IP to 192.168.1.21 (static)' (#355) from ringtail-static-ip into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

eblume/blumeops!355

No description provided.