The docs IPv6 Configuration — NixOS Manual documentation suggest I should be able to disable ipv6 on my interface
enp0s20f0u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
with
# both `true` and `1` fail to have any effect after a reboot
boot.kernel.sysctl."net.ipv6.conf.enp0s20f0u2.disable_ipv6" = true;
Alas, after rebuilding and rebooting, I still get
[anton@nixos:~/nixconf]$ sysctl net.ipv6.conf.enp0s20f0u2.disable_ipv6
net.ipv6.conf.enp0s20f0u2.disable_ipv6 = 0
If I manually execute sudo sysctl -w net.ipv6.conf.enp0s20f0u2.disable_ipv6=1
, I get what I want - no ipv6
on the interface.
If I disable all
then it seems to stick (i.e, I get net.ipv6.conf.all.disable_ipv6 = 1
after a reboot) but, as expected, that doesn’t actually disable anything ipv6
related that affects me… networking.enableIPv6 = false;
seems to just be an alias for this, and setting this also doesn’t have the effect of actually stopping my interfaces getting ipv6
addresses.
The only thing so far that has enabled me to disable anything is boot.kernelParams = [ "ipv6.disable=1" ];
, but I actually need ipv6
internally for docker, so that doesn’t help…
Any pointers?
EDIT: it’s coming back to me… I’m fairly certain the reason for net.ipv6.conf.enp0s20f0u2.disable_ipv6
still being 0
after boot is because when sysctl
gets applied, the interface hasn’t yet been created… so it obviously fails. So at the very least the docs are wrong - it could never work. The values are actually added to /etc/sysctl.d/60-nixos.conf
, so all that is required is a sudo sysctl --system
and the values will get applied. Now I guess I could do one of those in a timer after logging on… but that just feels really nasty. Any other suggestions?