test: vaultwarden microVM

2025-12-06 21:17:14 -06:00 · 2025-11-08 01:36:52 -06:00 · 2025-11-08 01:36:52 -06:00 · 09ff20b5fa
commit 09ff20b5fa
parent b82d20a955
2 changed files with 56 additions and 62 deletions
--- a/systems/ceres/config/networking.nix
+++ b/systems/ceres/config/networking.nix
@ -12,40 +12,38 @@ in
  # Enable microVM host
  microvm.host.enable = true;

-  # # systemd-networkd for bridge management
-  # # NOTE: Not needed for macvtap - only enable if using TAP interfaces
-  # # TAP requires a bridge on the host, macvtap connects directly to physical interface
-  # systemd.network.enable = true;
+  # systemd-networkd for bridge management (required for TAP interfaces)
+  systemd.network.enable = true;

-  # # Bridge configuration for microVMs (only needed for TAP interfaces)
-  # systemd.network.netdevs."10-br-vms" = {
-  #   netdevConfig = {
-  #     Name = "br-vms";
-  #     Kind = "bridge";
-  #   };
-  # };
+  # Bridge configuration for microVMs
+  systemd.network.netdevs."10-br-vms" = {
+    netdevConfig = {
+      Name = "br-vms";
+      Kind = "bridge";
+    };
+  };

-  # # Attach physical interface and tap interfaces to bridge
-  # systemd.network.networks."20-lan" = {
-  #   matchConfig.Name = [
-  #     "enp10s0"
-  #     "vm-*"
-  #   ];
-  #   networkConfig = {
-  #     Bridge = "br-vms";
-  #   };
-  # };
+  # Attach physical interface and tap interfaces to bridge
+  systemd.network.networks."20-lan" = {
+    matchConfig.Name = [
+      "enp10s0"
+      "vm-*"
+    ];
+    networkConfig = {
+      Bridge = "br-vms";
+    };
+  };

-  # # Bridge gets the host IP
-  # systemd.network.networks."30-br-vms" = {
-  #   matchConfig.Name = "br-vms";
-  #   networkConfig = {
-  #     Address = "192.168.50.240/24";
-  #     Gateway = "192.168.50.1";
-  #     DNS = [ "192.168.50.1" ];
-  #   };
-  #   linkConfig.RequiredForOnline = "routable";
-  # };
+  # Bridge gets the host IP
+  systemd.network.networks."30-br-vms" = {
+    matchConfig.Name = "br-vms";
+    networkConfig = {
+      Address = "192.168.50.240/24";
+      Gateway = "192.168.50.1";
+      DNS = [ "192.168.50.1" ];
+    };
+    linkConfig.RequiredForOnline = "routable";
+  };

  networking = {
    hostName = ceres.name;
@ -53,19 +51,7 @@ in
    networkmanager.enable = false;
    nftables.enable = true;
    useDHCP = false;
-
-    # Declarative interface configuration for the host
-    interfaces.enp10s0 = {
-      useDHCP = false;
-      ipv4.addresses = [
-        {
-          address = "192.168.50.240";
-          prefixLength = 24;
-        }
-      ];
-    };
-    defaultGateway = "192.168.50.1";
-    nameservers = [ "192.168.50.1" ];
+    # Network configuration handled by systemd-networkd bridge

    firewall = {
      enable = true;