From c30fe1919b81d89e0d6e22a58028c7b7e112c16d Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Tue, 2 Nov 2021 13:07:44 +0100
Subject: [PATCH] netns-isolation: don't auto-assign IPv6 addrs to peer links

This simplifies the host's address configuration.

This also removes unused addresses that are returned when resolving
container hostnames via nss-mymachines:
`getent ahosts nb-test`
---
 modules/netns-isolation.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix
index 49484e8..a2dc63f 100644
--- a/modules/netns-isolation.nix
+++ b/modules/netns-isolation.nix
@@ -173,6 +173,8 @@ in {
             ${ip} link add ${veth} type veth peer name ${peer}
             ${ip} link set ${veth} netns ${netnsName}
             ${ipNetns} addr add ${v.address}/24 dev ${veth}
+            # The peer link is never used directly, so don't auto-assign an IPv6 address
+            echo 1 > /proc/sys/net/ipv6/conf/${peer}/disable_ipv6
             ${ip} link set ${peer} up
             ${ipNetns} link set ${veth} up
             ${ip} link set ${peer} master nb-br