test: vaultwarden microVM

2025-12-06 21:17:14 -06:00 · 2025-11-07 23:54:02 -06:00 · 2025-11-07 23:54:02 -06:00 · 1ef584f800
commit 1ef584f800
parent 7ba592c0c5
8 changed files with 218 additions and 113 deletions
--- a/systems/ceres/config/networking.nix
+++ b/systems/ceres/config/networking.nix
@ -9,6 +9,42 @@ let
  wireguardService = instances.wireGuard;
 in
 {
+  # Enable microVM host
+  microvm.host.enable = true;
+
+  # systemd-networkd for bridge management
+  systemd.network.enable = true;
+
+  # Bridge configuration for microVMs
+  systemd.network.netdevs."10-br-vms" = {
+    netdevConfig = {
+      Name = "br-vms";
+      Kind = "bridge";
+    };
+  };
+
+  # Attach physical interface and tap interfaces to bridge
+  systemd.network.networks."20-lan" = {
+    matchConfig.Name = [
+      "enp10s0"
+      "vm-*"
+    ];
+    networkConfig = {
+      Bridge = "br-vms";
+    };
+  };
+
+  # Bridge gets the host IP
+  systemd.network.networks."30-br-vms" = {
+    matchConfig.Name = "br-vms";
+    networkConfig = {
+      Address = "192.168.50.240/24";
+      Gateway = "192.168.50.1";
+      DNS = [ "192.168.50.1" ];
+    };
+    linkConfig.RequiredForOnline = "routable";
+  };
+
  networking = {
    hostName = ceres.name;
    # NetworkManager disabled - using systemd-networkd for bridge management