From 07a5d3a778e979b63d11992b3dce0fe969fc29cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 15 May 2026 01:51:12 +0200 Subject: [PATCH] =?UTF-8?q?lifecycle:=20clear=20HOST=5FADDRESS/LOCAL=5FADD?= =?UTF-8?q?RESS/HOST=5FBRIDGE=20=E2=80=94=20start=20script's=20--network-v?= =?UTF-8?q?eth=20was=20forcing=20private=20netns?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hive-c0re/src/lifecycle.rs | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/hive-c0re/src/lifecycle.rs b/hive-c0re/src/lifecycle.rs index 1a0a3d6..2ad9188 100644 --- a/hive-c0re/src/lifecycle.rs +++ b/hive-c0re/src/lifecycle.rs @@ -341,13 +341,27 @@ fn set_nspawn_flags(container: &str, agent_dir: &Path) -> Result<()> { .lines() .filter(|line| { let trimmed = line.trim_start(); + // Strip any network-namespace knobs nixos-container's create + // might have populated. The start script adds `--network-veth` + // whenever HOST_ADDRESS / LOCAL_ADDRESS (or their IPv6 cousins) + // are non-empty — and veth implies a private netns, hiding our + // web-UI port from the host. Force host netns. !trimmed.starts_with("EXTRA_NSPAWN_FLAGS=") && !trimmed.starts_with("PRIVATE_NETWORK=") + && !trimmed.starts_with("HOST_ADDRESS=") + && !trimmed.starts_with("LOCAL_ADDRESS=") + && !trimmed.starts_with("HOST_ADDRESS6=") + && !trimmed.starts_with("LOCAL_ADDRESS6=") + && !trimmed.starts_with("HOST_BRIDGE=") }) .map(str::to_owned) .collect(); - // Share host netns so per-agent web UI ports are reachable directly. lines.push("PRIVATE_NETWORK=0".to_owned()); + lines.push("HOST_ADDRESS=".to_owned()); + lines.push("LOCAL_ADDRESS=".to_owned()); + lines.push("HOST_ADDRESS6=".to_owned()); + lines.push("LOCAL_ADDRESS6=".to_owned()); + lines.push("HOST_BRIDGE=".to_owned()); lines.push(bind_flag); let mut content = lines.join("\n"); content.push('\n');