From dde6a33ef89e23124b4a42fe0fdcf81cb075eecd Mon Sep 17 00:00:00 2001
From: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Date: Thu, 16 Jan 2025 17:18:05 +0100
Subject: [PATCH] packages/nixos: temporarily use 6.11 kernel for peer pods

There is a breaking change in Linux 6.12 which prohibits `SO_REUSEPORT` on
non `AF_INET*` sockets. To cope with this, we temporarily default to a
6.11 kernel on peer-pods pod VMs until the fix has landed.
---
 packages/nixos/azure.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/packages/nixos/azure.nix b/packages/nixos/azure.nix
index c5527ded5d..ee4a32e64f 100644
--- a/packages/nixos/azure.nix
+++ b/packages/nixos/azure.nix
@@ -55,8 +55,14 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+    # Temporarily not use a latest kernel.
+    # This is because of this change in the Linux kernel:
+    # https://github.com/containerd/ttrpc-rust/blob/0610015a92c340c6d88f81c0d6f9f449dfd0ecba/src/common.rs#L175
+    # which breaks the ttRPC socket that the Kata agent creates.
+    # Upstream fix: https://github.com/containerd/ttrpc-rust/pull/280
+    # TODO(msanft): Go back to a latest kernel once ttrpc-rust / kata adopt the fix.
     # TODO(burgerdev): find a recent kernel tailored for Azure.
-    boot.kernelPackages = pkgs.linuxPackages_latest;
+    boot.kernelPackages = pkgs.linuxPackages_6_11;
 
     boot.initrd = {
       kernelModules = [