From 6191e4060fca7012f1b0a1f809f4e84b8d277ab5 Mon Sep 17 00:00:00 2001 From: Zuckerberg Date: Tue, 24 Feb 2026 23:37:15 -0800 Subject: [PATCH] networking fixes --- common/network/pia-vpn/default.nix | 4 ++-- common/network/pia-vpn/service-container.nix | 1 - common/network/pia-vpn/vpn-container.nix | 4 +++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/common/network/pia-vpn/default.nix b/common/network/pia-vpn/default.nix index cfe6907..304503d 100644 --- a/common/network/pia-vpn/default.nix +++ b/common/network/pia-vpn/default.nix @@ -175,8 +175,8 @@ in # Enable systemd-networkd for bridge management systemd.network.enable = true; - # Don't let systemd-networkd-wait-online block boot on bridge - systemd.network.wait-online.ignoredInterfaces = [ cfg.bridgeName ]; + # TODO: re-enable once primary networking uses networkd + systemd.network.wait-online.enable = false; # Tell NetworkManager to ignore VPN bridge and container interfaces networking.networkmanager.unmanaged = mkIf config.networking.networkmanager.enable [ diff --git a/common/network/pia-vpn/service-container.nix b/common/network/pia-vpn/service-container.nix index f02a26e..b2531d4 100644 --- a/common/network/pia-vpn/service-container.nix +++ b/common/network/pia-vpn/service-container.nix @@ -40,7 +40,6 @@ let Gateway = cfg.vpnAddress; DNS = [ cfg.vpnAddress ]; }; - linkConfig.RequiredForOnline = "no"; }; # DNS through VPN container (queries go through WG tunnel = no DNS leak) diff --git a/common/network/pia-vpn/vpn-container.nix b/common/network/pia-vpn/vpn-container.nix index de1a55e..1e29e32 100644 --- a/common/network/pia-vpn/vpn-container.nix +++ b/common/network/pia-vpn/vpn-container.nix @@ -81,9 +81,11 @@ in Address = "${cfg.vpnAddress}/${cfg.subnetPrefixLen}"; DHCPServer = false; }; - linkConfig.RequiredForOnline = "no"; }; + # Ignore WG interface for wait-online (it's configured manually, not by networkd) + systemd.network.wait-online.ignoredInterfaces = [ cfg.interfaceName ]; + # Enable forwarding so bridge traffic can go through WG boot.kernel.sysctl."net.ipv4.ip_forward" = 1;