From 7ec1ce92cf0121b585205ade830abc93503221c9 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sun, 1 Mar 2026 17:34:09 +0000
Subject: [PATCH] fix: auto-detect kube-vip interface and tighten SSH fallback

---
 nixos/kubeadm/modules/k8s-common.nix           | 18 ++++++++++++++++++
 nixos/kubeadm/scripts/rebuild-and-bootstrap.sh |  6 ++++++
 2 files changed, 24 insertions(+)

diff --git a/nixos/kubeadm/modules/k8s-common.nix b/nixos/kubeadm/modules/k8s-common.nix
index 3f9d1fd..5d463ed 100644
--- a/nixos/kubeadm/modules/k8s-common.nix
+++ b/nixos/kubeadm/modules/k8s-common.nix
@@ -101,6 +101,15 @@ in
       set -euo pipefail
 
       iface="${config.terrahome.kubeadm.controlPlaneInterface}"
+      if ! ip link show "$iface" >/dev/null 2>&1; then
+        iface="$(ip -o -4 route show to default | awk 'NR==1 {print $5}')"
+      fi
+
+      if [ -z "''${iface:-}" ]; then
+        echo "Could not determine network interface for kube-vip"
+        exit 1
+      fi
+
       suffix="${toString config.terrahome.kubeadm.controlPlaneVipSuffix}"
       pod_subnet="${config.terrahome.kubeadm.podSubnet}"
       service_subnet="${config.terrahome.kubeadm.serviceSubnet}"
@@ -155,6 +164,15 @@ in
       fi
 
       iface="${config.terrahome.kubeadm.controlPlaneInterface}"
+      if ! ip link show "$iface" >/dev/null 2>&1; then
+        iface="$(ip -o -4 route show to default | awk 'NR==1 {print $5}')"
+      fi
+
+      if [ -z "''${iface:-}" ]; then
+        echo "Could not determine network interface for kube-vip"
+        exit 1
+      fi
+
       suffix="${toString config.terrahome.kubeadm.controlPlaneVipSuffix}"
       local_ip_cidr=$(ip -4 -o addr show dev "$iface" | awk 'NR==1 {print $4}')
       if [ -z "''${local_ip_cidr:-}" ]; then
diff --git a/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh b/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh
index 5d67f0c..2852784 100755
--- a/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh
+++ b/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh
@@ -86,6 +86,7 @@ remote() {
   local quoted_cmd
   local candidate
   local candidates=()
+  local rc=0
 
   candidates+=("$ACTIVE_SSH_USER")
   for candidate in $SSH_USER_CANDIDATES; do
@@ -100,6 +101,11 @@ remote() {
       ACTIVE_SSH_USER="$candidate"
       return 0
     fi
+
+    rc=$?
+    if [ "$rc" -ne 255 ]; then
+      return "$rc"
+    fi
   done
 
   echo "Remote command failed for all SSH users on $host_ip"
-- 
2.49.1