networking fixes

2026-02-24 23:53:50 -08:00
parent 1cbbe64707
commit 3bc41dfdb3
1 changed files with 147 additions and 144 deletions
--- a/common/network/pia-vpn/vpn-container.nix
+++ b/common/network/pia-vpn/vpn-container.nix
@@ -51,6 +51,9 @@ let
 in
 {
  config = mkIf cfg.enable {
+    # Give the container more time to boot (pia-vpn-setup retries can delay readiness)
+    systemd.services."container@pia-vpn".serviceConfig.TimeoutStartSec = "180s";
+
    containers.pia-vpn = {
      autoStart = true;
      ephemeral = true;
@@ -157,7 +160,7 @@ in
              connectToServer '${wgFile}' '${cfg.interfaceName}'

              # 4. Default route through WG
-            ip route add default dev ${cfg.interfaceName}
+              ip route replace default dev ${cfg.interfaceName}
              echo "Default route set through ${cfg.interfaceName}"

              # 5. NAT: masquerade bridge → WG (so service containers' traffic appears to come from VPN IP)