Update interface names because usePredictableInterfaceNames is now off

Possible memos fix
Fix tinyproxy starting before VPN bridge is configured
2026-03-01 14:09:01 -08:00 · 2026-03-01 13:32:35 -08:00 · 2026-03-01 13:20:56 -08:00
2 changed files with 1 additions and 5 deletions
--- a/common/network/pia-vpn/default.nix
+++ b/common/network/pia-vpn/default.nix
@@ -234,9 +234,6 @@ in
      before = [ "container@pia-vpn.service" ];
      after = [ "systemd-networkd.service" ];
      requires = [ "systemd-networkd.service" ];
      serviceConfig.ExecStartPre = [
        "+${pkgs.systemd}/lib/systemd/systemd-networkd-wait-online --interface=${cfg.bridgeName}:no-carrier --timeout=60"
      ];
    };
    # WireGuard interface creation (host-side oneshot)
--- a/machines/storage/s0/default.nix
+++ b/machines/storage/s0/default.nix
@@ -341,8 +341,7 @@
    enable = true;
    settings.MEMOS_PORT = "57643";
  };
-  # ReadWritePaths doesn't work with ProtectSystem=strict on ZFS submounts (/var/lib is a separate dataset)
+  systemd.services.memos.serviceConfig.PrivateUsers = lib.mkForce false;
  systemd.services.memos.serviceConfig.ProtectSystem = lib.mkForce "full";
  services.outline = {
    enable = true;
Author	SHA1	Message	Date
Zuckerberg	5a8daad590	Update interface names because usePredictableInterfaceNames is now off Some checks failed Check Flake / check-flake (push) Failing after 14m3s Details	2026-03-01 14:09:01 -08:00
Zuckerberg	07f31b66eb	Possible memos fix Some checks failed Check Flake / check-flake (push) Failing after 33m12s Details	2026-03-01 13:32:35 -08:00
Zuckerberg	674e6f1d3c	Fix tinyproxy starting before VPN bridge is configured Some checks failed Check Flake / check-flake (push) Has been cancelled Details tinyproxy binds to the bridge IP but had no ordering dependency on systemd-networkd, so it could start before the bridge existed.	2026-03-01 13:20:56 -08:00