From f2a76df23905e68c6a3066747f108ead20c97daa Mon Sep 17 00:00:00 2001 From: Kyle Isom Date: Wed, 10 Jun 2026 17:12:47 -0700 Subject: [PATCH] straylight: enable MCP agent (becoming core host) Add configs/mcp.nix (mcp user UID 850 + mcp-agent service) and open firewall ports for DNS/mc-proxy/agent/master as straylight takes over the master + MCIAS + MCNS core role from rift. Co-Authored-By: Claude Opus 4.8 --- hw/straylight/default.nix | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/hw/straylight/default.nix b/hw/straylight/default.nix index 7a44f76..01fff55 100644 --- a/hw/straylight/default.nix +++ b/hw/straylight/default.nix @@ -5,16 +5,27 @@ ../../configs/desktop.nix ../../configs/qemu.nix ../../configs/mcpkg.nix + ../../configs/mcp.nix # MCP agent + mcp user (straylight is becoming the core host) ]; - # DNS: MCNS for internal zones, public resolvers as fallback. - networking.nameservers = [ - "192.168.88.181" - "100.95.252.120" - "1.1.1.1" - "8.8.8.8" - ]; - services.resolved.domains = [ - "~mcp.metacircular.net" - ]; + config = { + # Allow rootless containers (podman) to bind low ports (53 for MCNS, + # 443/8443/9443 for mc-proxy) as straylight takes over the core role. + boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53; + + # Open ports: DNS (53), mc-proxy (443/8443/9443), agent (9444), master (9555). + networking.firewall.allowedTCPPorts = [ 53 443 8443 9443 9444 9555 ]; + networking.firewall.allowedUDPPorts = [ 53 ]; + + # DNS: MCNS for internal zones, public resolvers as fallback. + networking.nameservers = [ + "192.168.88.181" + "100.95.252.120" + "1.1.1.1" + "8.8.8.8" + ]; + services.resolved.domains = [ + "~mcp.metacircular.net" + ]; + }; }