downloads: disable resolv.conf copying

2024-12-22 19:23:12 +00:00 · 2024-12-22 19:23:12 +00:00 · b01de0ff03
commit b01de0ff03
parent f8b367f523
2 changed files with 13 additions and 22 deletions
--- a/flake.lock
+++ b/flake.lock
@ -175,11 +175,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1734424634,
-        "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=",
-        "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33",
+        "lastModified": 1734896512,
+        "narHash": "sha256-dMReTqK6G2CkLos5USJ0r3XY2lyiZIwUc1QK1gZ+q24=",
+        "rev": "462ba8d694bb40234ceab090666c76e583be6cf2",
        "type": "tarball",
-        "url": "https://gitea.hillion.co.uk/api/v1/repos/JakeHillion/nixpkgs/archive/d3c42f187194c26d9f0309a8ecc469d6c878ce33.tar.gz"
+        "url": "https://gitea.hillion.co.uk/api/v1/repos/JakeHillion/nixpkgs/archive/462ba8d694bb40234ceab090666c76e583be6cf2.tar.gz"
      },
      "original": {
        "type": "tarball",
--- a/modules/services/downloads.nix
+++ b/modules/services/downloads.nix
@ -1,9 +1,12 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, nixpkgs-unstable, ... }:

 let
  cfg = config.custom.services.downloads;
 in
 {
+  imports = [ "${nixpkgs-unstable}/nixos/modules/virtualisation/nixos-containers.nix" ];
+  disabledModules = [ "virtualisation/nixos-containers.nix" ];
+
  options.custom.services.downloads = {
    enable = lib.mkEnableOption "downloads";

@ -102,7 +105,11 @@ in
      ephemeral = true;

      additionalCapabilities = [ "CAP_NET_ADMIN" ];
-      extraFlags = [ "--network-namespace-path=/run/netns/downloads" ];
+      extraFlags = [
+        "--resolv-conf=off"
+        "--network-namespace-path=/run/netns/downloads"
+      ];
+      copyResolvConf = false;

      bindMounts = {
        "/var/lib/caddy" = { hostPath = "${cfg.metadataPath}/caddy"; isReadOnly = false; };
@ -146,22 +153,6 @@ in

            script = with pkgs; "${iproute2}/bin/ip link set up lo";
          };
-          systemd.services.setup-resolv = {
-            description = "Setup resolv.conf.";
-            before = [ "network-online.target" ];
-
-            serviceConfig.Type = "oneshot";
-            serviceConfig.RemainAfterExit = true;
-
-            script = with pkgs; ''
-              cat <<EOF >/etc/resolv.conf
-              # Generated by setup-resolv.service
-              nameserver 1.1.1.1
-              nameserver 8.8.4.4
-              options edns0
-              EOF
-            '';
-          };
          networking = {
            nameservers = [ "1.1.1.1" "8.8.8.8" ];
            hosts = { "127.0.0.1" = builtins.map (x: "${x}.downloads.ts.hillion.co.uk") [ "prowlarr" "sonarr" "radarr" "deluge" ]; };