From 7257f72f4a7c98b72a630cb8f6127f76b71aad2c Mon Sep 17 00:00:00 2001 From: archipelago Date: Thu, 23 Apr 2026 04:16:42 -0400 Subject: [PATCH] fix(first-boot): use podman host-gateway magic for host.containers.internal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous code computed HOST_GATEWAY from `ip route show default` to work around an alleged podman 4.3.x limitation. Two problems: 1. The comment was wrong. Podman 4.4+ supports --add-host=host-gateway natively, and we ship 5.4.2. 2. More critically, `ip route show default` returns the LAN router (e.g. 192.168.1.254) — the gateway to the internet, not the gateway to the host. Every container configured with DAEMON_URL or --bitcoind.rpchost=host.containers.internal was therefore dialing the WiFi router instead of the host machine, silently failing. Symptoms this caused on .228: - LND crash-looped with "dial tcp 192.168.1.254:8332: connection refused" - Dashboard showed no LND connect details or QR - ElectrumX DAEMON_URL broken; stuck at 2 KB index for days - Any service reaching bitcoin-core through the `archy-net` bridge Replace the computed value with the literal string "host-gateway", which podman translates to the correct in-network gateway at container start. Also drop the stale HOST_GATEWAY reference in the Tor-bootstrap branch (it always fell back to TARGET_IP anyway). Verified on .228: after recreating bitcoin-core/electrumx/lnd with the new flag, LND reached the chain backend, ElectrumX resumed indexing, and the dashboard /lnd-connect-info endpoint succeeded. --- scripts/first-boot-containers.sh | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/scripts/first-boot-containers.sh b/scripts/first-boot-containers.sh index 74b34889..a604b6c8 100644 --- a/scripts/first-boot-containers.sh +++ b/scripts/first-boot-containers.sh @@ -168,11 +168,14 @@ fi TARGET_IP=$(hostname -I 2>/dev/null | awk '{print $1}') [ -z "$TARGET_IP" ] && TARGET_IP="127.0.0.1" -# Resolve host-gateway for --add-host (podman 4.3.x doesn't support "host-gateway") -# Use the default gateway IP from the podman network, falling back to host LAN IP -HOST_GATEWAY=$(ip route show default 2>/dev/null | awk '/default/ {print $3}' | head -1) -[ -z "$HOST_GATEWAY" ] && HOST_GATEWAY="$TARGET_IP" -ADD_HOST_FLAG="--add-host=host.containers.internal:${HOST_GATEWAY}" +# Map host.containers.internal to the rootless-podman host gateway. +# Podman 4.4+ supports the magic string "host-gateway" which resolves to +# the correct in-container-network gateway IP at container start. We used +# to compute a value from `ip route` here, but that returned the LAN +# router (e.g. 192.168.1.254 or 192.168.1.1) — the gateway out to the +# internet, not the gateway to the host — which broke every container +# trying to reach bitcoin-core's RPC on the host (LND, ElectrumX, etc). +ADD_HOST_FLAG="--add-host=host.containers.internal:host-gateway" log() { echo "$(date '+%Y-%m-%d %H:%M:%S') $*" | tee -a "$LOG"; } @@ -641,7 +644,7 @@ if [ -f "$BOOTSTRAP_CONF" ]; then "http://127.0.0.1:18332/" >/dev/null 2>&1; then USE_BOOTSTRAP=true # Containers reach host via host.containers.internal (set by $ADD_HOST_FLAG) - BTC_HOST="${HOST_GATEWAY:-$TARGET_IP}" + BTC_HOST="$TARGET_IP" BTC_HOST_PORT=18332 BTC_RPC_USER="$BOOT_USER" BTC_RPC_PASS="$BOOTSTRAP_RPC_PASS"