From e98ab785e43e1fc94dc875bf74a19fc814b4f8da Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Tue, 30 Jan 2024 15:28:08 -0500
Subject: dragon

---
 modules/router.nix | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/modules/router.nix b/modules/router.nix
index b0ef7fa..ae534d3 100644
--- a/modules/router.nix
+++ b/modules/router.nix
@@ -106,21 +106,22 @@ let
     }];
     systemd.services.he0-netdev.after = ["kjlan-netdev.service"];
 
-    systemd.timers.fix-proc-sys = {
-      wantedBy = ["multi-user.target"];
-      timerConfig = {
-        Persistent = true;
-        OnBootSec = "1m";
-        OnUnitActiveSec = "15m";
-      };
-    };
-    systemd.services.fix-proc-sys = {
-      description = "Remount /proc/sys as rw";
-      wantedBy = ["multi-user.target"];
-      script = ''
-        /run/wrappers/bin/mount -o remount,rw /proc/sys
-      '';
-    };
+    # Fixed with the VFS environment variable instead.
+    # systemd.timers.fix-proc-sys = {
+    #   wantedBy = ["multi-user.target"];
+    #   timerConfig = {
+    #     Persistent = true;
+    #     OnBootSec = "1m";
+    #     OnUnitActiveSec = "15m";
+    #   };
+    # };
+    # systemd.services.fix-proc-sys = {
+    #   description = "Remount /proc/sys as rw";
+    #   wantedBy = ["multi-user.target"];
+    #   script = ''
+    #     /run/wrappers/bin/mount -o remount,rw /proc/sys
+    #   '';
+    # };
 
     networking.iproute2.enable = true;
     networking.iproute2.rttablesExtraConfig = ''
@@ -347,6 +348,7 @@ in {
       after = ["router-netns.service"];
       requires = ["router-netns.service"];
       wantedBy = ["network.target"];
+      environment."SYSTEMD_NSPAWN_API_VFS_WRITABLE" = "network";
     };
     systemd.services.dhcpcd.partOf = ["container@router.service"];
 
-- 
cgit v1.2.3