diff --git a/hosts/skydick/default.nix b/hosts/skydick/default.nix index 612b730..2dd64c8 100644 --- a/hosts/skydick/default.nix +++ b/hosts/skydick/default.nix @@ -70,11 +70,11 @@ useDHCP = false; useNetworkd = true; - - # bond40g: 2x40G ConnectX-3 (enp130s0 + enp130s0d1), LACP 802.3ad - # layer3+4 to cisco port-channel (Po?). Carries 10.0.1.1/16 since the - # switch side configured + cabled; cutover done 2026-05-15. bond40g now - # carries 10.0.1.1/16; the old bond0 (ConnectX-4 LX 25G) was removed. + # bond40g: 2× 40G ConnectX-3 (enp130s0 + enp130s0d1) in LACP 802.3ad + # layer3+4 to cisco Po5 (Eth1/51 + Eth1/52). Carries 10.0.1.1/16 and the + # default route since the 2026-05-15 cutover from the original 25G + # ConnectX-4 LX bond0 (active-backup), which was torn down — its + # ports enp4s0f0np0 / enp4s0f1np1 are now standalone DOWN. bonds.bond40g = { interfaces = [ "enp130s0" "enp130s0d1" ]; driverOptions = { @@ -85,8 +85,7 @@ }; }; - - # bond40g carries the host IP (was on bond0 before 2026-05-15 cutover). + # bond40g carries the host IP (moved off bond0 at the 2026-05-15 cutover). interfaces.bond40g = { ipv4.addresses = [{ address = "10.0.1.1"; @@ -106,7 +105,7 @@ # Prefer IPv4 for outbound connections — IPv6 goes through wg-outbound # on 10.0.0.1 which masquerades with ULA (not globally routable). # `enableIPv6 = false` alone doesn't stop the kernel from processing - # router advertisements on bond40g — the gateway's radvd was leaking + # router advertisements on bond40g — the gateway's radvd was leaking # an IPv6 link-DNS (fd99:23eb:1682::1) into systemd-resolved, which # then took precedence for AAAA queries and broke clean NXDOMAIN. # Sysctl accept_ra=0 (in boot.kernel.sysctl) handles kernel-level RA @@ -180,7 +179,7 @@ boot.kernel.sysctl = { # IPv6 RA suppression — see networking.enableIPv6 = false. Without # these, the gateway's radvd kept seeding fd99:23eb:1682::1 as a - # link-DNS on bond40g (was bond0 pre-cutover), breaking clean NXDOMAIN for AAAA queries. + # link-DNS on bond40g, breaking clean NXDOMAIN for AAAA queries. "net.ipv6.conf.all.accept_ra" = 0; "net.ipv6.conf.default.accept_ra" = 0; "net.ipv6.conf.bond40g.accept_ra" = 0;