@@ 27,10 27,21 @@ fail on any host that doesn't happen to satisfy their hidden assumptions.
so there's no risk of binding the wrong one. Rename the file to drop the
stale interface-name hint.
+4) Hard-coded public DNS (`8.8.8.8` / `9.9.9.9` / `1.1.1.1`) in the guest's
+ `/etc/resolv.conf` makes the VM resolve internal hostnames (e.g.
+ `git.srht.bigb.es`) to their *public* address. On a self-hosted forge whose
+ public IP routes back through the user's own ISP, the worker container
+ can't NAT-hairpin to itself and every `git clone` from a build dies with
+ "Couldn't connect to server". Use QEMU SLIRP's built-in DNS proxy
+ (`10.0.2.3`) instead: SLIRP forwards each query through the host process's
+ `/etc/resolv.conf`, which inside the worker container is Docker's embedded
+ resolver, which knows the LAN DNS — so internal hostnames resolve to the
+ LAN IP and the path stays entirely on-LAN.
+
Apply when refreshing the apk recipe tree on the image-builder host:
cd /var/lib/images
- patch -p0 < builds-images-ubuntu-genimg.patch
+ patch -p1 < builds-images-ubuntu-genimg.patch
--- a/ubuntu/genimg
+++ b/ubuntu/genimg
@@ 42,11 53,12 @@ Apply when refreshing the apk recipe tree on the image-builder host:
trap cleanup EXIT
if [ "$arch" = "amd64" ]
-@@ -85,9 +86,9 @@
+@@ -85,9 +86,8 @@
rm -f /mnt/etc/resolv.conf
- echo 'nameserver 8.8.8.8' >/mnt/etc/resolv.conf
- echo 'nameserver 8.8.4.4' >>/mnt/etc/resolv.conf
+-echo 'nameserver 8.8.8.8' >/mnt/etc/resolv.conf
+-echo 'nameserver 8.8.4.4' >>/mnt/etc/resolv.conf
-cat >/mnt/etc/systemd/network/25-ens3.network <<EOF
++echo 'nameserver 10.0.2.3' >/mnt/etc/resolv.conf
+cat >/mnt/etc/systemd/network/25-ethernet.network <<EOF
[Match]
-Name=ens3
@@ 54,7 66,7 @@ Apply when refreshing the apk recipe tree on the image-builder host:
[Network]
Address=10.0.2.15/24
-@@ -163,7 +164,7 @@
+@@ -163,7 +163,7 @@
name = builds.sr.ht
email = builds@sr.ht
EOF