From 41b3d217f8a2626932243482d86dfb3ae2d436ad Mon Sep 17 00:00:00 2001
From: DannyDannyDanny <dth@taiga.ai>
Date: Mon, 20 Apr 2026 10:39:24 +0200
Subject: [PATCH] =?UTF-8?q?feat(clan):=20use=20ZT=20IPv6=20as=20clan=20net?=
 =?UTF-8?q?working=20target=20=F0=9F=9B=B0=EF=B8=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

clan-cli's upload / build / copy steps each resolve the SSH target
independently. With `internet.host = "sunken-ship"` (bare hostname),
off-LAN / missing-mDNS cases broke \`clan machines update\` because the
mac couldn't resolve the hostname. Pin both the inventory internet
instance's host AND clan.core.networking.{target,build}Host to each
machine's stable ZT IPv6, so every update path works regardless of
LAN DNS state — and the mac reaches the servers the same way it does
for ssh sunken-ship-zt / phantom-ship-zt.
---
 flake-modules/clan.nix | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/flake-modules/clan.nix b/flake-modules/clan.nix
index ddd9a94..216f05b 100644
--- a/flake-modules/clan.nix
+++ b/flake-modules/clan.nix
@@ -37,18 +37,18 @@ in {
       roles.peer.machines.sunken-ship = { };
     };
 
-    # Direct SSH reachability on the LAN. Priority 2000 > ZT's 900, so
-    # `clan machines update` prefers LAN hostnames over ZT IPv6 — and uses
-    # the right user (ZT service defaults to root@).
+    # `clan machines update` connection target. Priority 2000 > ZT's 900
+    # and overrides the ZT service's root@ default. Using the ZT IPv6 as
+    # the host makes updates work regardless of LAN DNS / mDNS state.
     inventory.instances.internet = {
       module.name = "internet";
       module.input = "clan-core";
       roles.default.machines.sunken-ship.settings = {
-        host = "sunken-ship";
+        host = "fdd5:53a2:de33:d269:6499:93d5:53a2:de33";
         user = "danny";
       };
       roles.default.machines.phantom-ship.settings = {
-        host = "phantom-ship";
+        host = "fdd5:53a2:de33:d269:6499:936c:48a:bbdc";
         user = "danny";
       };
     };
@@ -60,8 +60,8 @@ in {
       imports = [
         {
           clan.core.enableRecommendedDefaults = false;
-          clan.core.networking.targetHost = "danny@sunken-ship";
-          clan.core.networking.buildHost = "danny@sunken-ship";
+          clan.core.networking.targetHost = "danny@[fdd5:53a2:de33:d269:6499:93d5:53a2:de33]";
+          clan.core.networking.buildHost = "danny@[fdd5:53a2:de33:d269:6499:93d5:53a2:de33]";
         }
         ../nixos/hosts/sunken-ship.nix
         config.flake.nixosModules.dotfiles-rebuild
@@ -78,8 +78,8 @@ in {
       imports = [
         {
           clan.core.enableRecommendedDefaults = false;
-          clan.core.networking.targetHost = "danny@phantom-ship";
-          clan.core.networking.buildHost = "danny@phantom-ship";
+          clan.core.networking.targetHost = "danny@[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]";
+          clan.core.networking.buildHost = "danny@[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]";
         }
         inputs.nix-openclaw.nixosModules.openclaw-gateway
         ../nixos/hosts/phantom-ship.nix