From 32cb3b7510ebf18a89d00e38367922aa360ee80c Mon Sep 17 00:00:00 2001 From: DannyDannyDanny Date: Sun, 19 Apr 2026 21:09:37 +0200 Subject: [PATCH] =?UTF-8?q?feat(clan):=20add=20internet=20networking=20ins?= =?UTF-8?q?tance=20for=20LAN=20reachability=20=F0=9F=9B=A3=EF=B8=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit clan-cli preferred the zerotier networking export (priority 900, user defaulted to root@) over our clan.core.networking.targetHost setting, which broke \`clan machines update\` with "Host key verification failed" against the ZT IPv6 address as root@. Declaring an inventory.instances .internet instance with priority 2000 makes clan-cli prefer the LAN hostname and explicit danny@ user, so updates go over the LAN (ZT stays available for SSH aliases and service-level use). --- flake-modules/clan.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/flake-modules/clan.nix b/flake-modules/clan.nix index 3c6d5ba..ddd9a94 100644 --- a/flake-modules/clan.nix +++ b/flake-modules/clan.nix @@ -37,6 +37,22 @@ in { roles.peer.machines.sunken-ship = { }; }; + # Direct SSH reachability on the LAN. Priority 2000 > ZT's 900, so + # `clan machines update` prefers LAN hostnames over ZT IPv6 — and uses + # the right user (ZT service defaults to root@). + inventory.instances.internet = { + module.name = "internet"; + module.input = "clan-core"; + roles.default.machines.sunken-ship.settings = { + host = "sunken-ship"; + user = "danny"; + }; + roles.default.machines.phantom-ship.settings = { + host = "phantom-ship"; + user = "danny"; + }; + }; + # Preserve current network / init stack (no systemd-networkd/resolved, # no boot.initrd.systemd, no extra debug packages). Revisit per-service # in later stages rather than flipping this fleet-wide.