From f2ed78747c83e4b106ad1fa3eda886c5ca0ba2d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Fri, 24 Apr 2026 20:55:18 +0200 Subject: [PATCH] fix damocles cgroup broken after sleep with network switch --- nixosConfigurations/damocles/default.nix | 8 +++++++- nixosConfigurations/muede-lpt2/default.nix | 7 ++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix index a91e131..4cdd6f7 100644 --- a/nixosConfigurations/damocles/default.nix +++ b/nixosConfigurations/damocles/default.nix @@ -1,4 +1,4 @@ -{ pkgs, self, ... }: +{ pkgs, lib, self, ... }: { imports = [ ./android-dev.nix ]; @@ -6,6 +6,12 @@ boot.isContainer = true; + # Container shares host network namespace (privateNetwork = false), so the + # host's tailscale already covers this. Running a second tailscaled in the + # same netns fights over routing and breaks connectivity after sleep/wake. + services.tailscale.enable = lib.mkForce false; + networking.firewall.checkReversePath = lib.mkForce "strict"; + allowedUnfreePackages = [ "claude-code" ]; environment.systemPackages = with pkgs; [ diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index 2f5e949..19b2119 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -69,7 +69,12 @@ # Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn # before it finishes halting, leaving cgroups busy and breaking restarts. - systemd.services."container@damocles".serviceConfig.TimeoutStopSec = "60s"; + systemd.services."container@damocles".serviceConfig = { + TimeoutStopSec = "60s"; + # After a SIGKILL of nspawn, the kernel needs a moment to reap its cgroups. + # Without this, the immediate restart attempt fails with "Device or resource busy". + RestartSec = "5s"; + }; boot.enableContainers = true; virtualisation.containers.enable = true;