test: vaultwarden microVM

2025-12-06 21:17:14 -06:00 · 2025-11-06 22:20:14 -06:00 · 2025-11-06 22:20:14 -06:00 · 9f6f5cda5e
commit 9f6f5cda5e
parent 9c19cdf131
5 changed files with 219 additions and 234 deletions
--- a/systems/ceres/config/bridge.nix
+++ b/systems/ceres/config/bridge.nix
@ -1,66 +0,0 @@
-{
-  lib,
-  ...
-}:
-{
-  # Enable systemd-networkd for bridge management
-  systemd.network = {
-    enable = true;
-
-    netdevs = {
-      "20-br-vms" = {
-        netdevConfig = {
-          Name = "br-vms";
-          Kind = "bridge";
-        };
-        bridgeConfig = {
-          STP = false;
-        };
-      };
-    };
-
-    networks = {
-      # Connect physical interface to bridge
-      "30-enp10s0" = {
-        matchConfig.Name = "enp10s0";
-        networkConfig = {
-          Bridge = "br-vms";
-          ConfigureWithoutCarrier = true;
-          KeepConfiguration = "yes";
-        };
-        linkConfig = {
-          RequiredForOnline = false;
-        };
-      };
-
-      # Configure bridge to get IP from LAN DHCP
-      "40-br-vms" = {
-        matchConfig.Name = "br-vms";
-        networkConfig = {
-          DHCP = "ipv4";
-          KeepConfiguration = "yes";
-        };
-        linkConfig = {
-          RequiredForOnline = "routable";
-        };
-      };
-
-      # VM tap interface to bridge
-      "50-vm-forgejo" = {
-        matchConfig.Name = "vm-forgejo";
-        networkConfig = {
-          Bridge = "br-vms";
-          ConfigureWithoutCarrier = true;
-        };
-        linkConfig = {
-          RequiredForOnline = false;
-        };
-      };
-    };
-  };
-
-  # IP forwarding (needed for both bridge networking and WireGuard NAT)
-  boot.kernel.sysctl = {
-    "net.ipv4.ip_forward" = 1;
-  };
-}
--- a/systems/ceres/config/networking.nix
+++ b/systems/ceres/config/networking.nix
@ -34,24 +34,6 @@ in
    };
  };

-  # Remote rebuild safeguards:
-  # These settings prevent network services from restarting during nixos-rebuild,
-  # which would otherwise drop SSH connections when done remotely.
-  # The bridge configuration changes enp10s0, so we need to prevent systemd-networkd
-  # and NetworkManager from restarting to maintain connectivity.
-
-  # Prevent SSH connections from being killed during network reconfiguration
-  systemd.services.sshd = {
-    stopIfChanged = false;
-    reloadIfChanged = true;
-  };
-
-  # Prevent systemd-networkd from restarting during switches to avoid dropping SSH
-  systemd.services.systemd-networkd = {
-    stopIfChanged = false;
-    restartTriggers = lib.mkForce [ ];
-  };
-
  services = {
    avahi = {
      enable = true;