test: vaultwarden microVM

systems/ceres/config/networking.nix

@@ -13,9 +13,11 @@ in
   microvm.host.enable = true;
 
   # # systemd-networkd for bridge management
+  # # NOTE: Not needed for macvtap - only enable if using TAP interfaces
+  # # TAP requires a bridge on the host, macvtap connects directly to physical interface
   # systemd.network.enable = true;
 
-  # # Bridge configuration for microVMs
+  # # Bridge configuration for microVMs (only needed for TAP interfaces)
   # systemd.network.netdevs."10-br-vms" = {
   #   netdevConfig = {
   #     Name = "br-vms";
@@ -47,11 +49,24 @@ in
 
   networking = {
     hostName = ceres.name;
-    # NetworkManager disabled - using systemd-networkd for bridge management
+    # NetworkManager disabled - using declarative networking
-    # Having both enabled causes multiple DHCP leases and IP conflicts
     networkmanager.enable = false;
     nftables.enable = true;
-    useDHCP = lib.mkDefault false; # systemd-networkd handles DHCP via bridge
+    useDHCP = false;
+
+    # Declarative interface configuration for the host
+    interfaces.enp10s0 = {
+      useDHCP = false;
+      ipv4.addresses = [
+        {
+          address = "192.168.50.240";
+          prefixLength = 24;
+        }
+      ];
+    };
+    defaultGateway = "192.168.50.1";
+    nameservers = [ "192.168.50.1" ];
+
     firewall = {
       enable = true;
       allowedTCPPorts = [