I’ve resolved it, I think, and it was nothing to do with being on unstable.
I noticed that when trying to build I was getting a lot of failures where hosts could not be resolved.
Searching around, I found this post about DNS not resolving. Checking my /etc/resolv.conf, I found that it was using Tailscale’s MagicDNS nameservers (100.100.100.100) not the nameservers I had set in my config.
A few more rabbit holes suggested that Tailscale overrides the nameservers you set unless you use resolved:
services.resolved = {
enable = true;
settings.Resolve = {
DNSOverTLS = "true";
DNSSEC = "true";
Domains = [ "~." ];
FallbackDNS = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
};
};
The next build went perfectly.
I think I only bumped into this problem recently because the builds involved a lot of new packages, so it was more likely that resolving the host would time out.
As a nice side-effect, I’m not getting the puzzling delays to load some web pages that I was getting before, and which I (wrongly) attributed to an unreliable internet connection.