From ce8f7cc03d319996f07a320cd075ebc715ff87fe Mon Sep 17 00:00:00 2001
From: Nick <nickjhiebert@proton.me>
Date: Thu, 6 Nov 2025 17:47:14 -0600
Subject: [PATCH] chore: moved wireguard config

---
 systems/ceres/config/bridge.nix     |  2 ++
 systems/ceres/config/networking.nix | 25 +++++++++++++++++++++++++
 systems/ceres/config/wireguard.nix  |  0
 3 files changed, 27 insertions(+)
 mode change 100644 => 100755 systems/ceres/config/wireguard.nix

diff --git a/systems/ceres/config/bridge.nix b/systems/ceres/config/bridge.nix
index 17f6b59..78a4c36 100755
--- a/systems/ceres/config/bridge.nix
+++ b/systems/ceres/config/bridge.nix
@@ -26,6 +26,7 @@
         networkConfig = {
           Bridge = "br-vms";
           ConfigureWithoutCarrier = true;
+          KeepConfiguration = "yes";
         };
         linkConfig = {
           RequiredForOnline = false;
@@ -37,6 +38,7 @@
         matchConfig.Name = "br-vms";
         networkConfig = {
           DHCP = "ipv4";
+          KeepConfiguration = "yes";
         };
         linkConfig = {
           RequiredForOnline = "routable";
diff --git a/systems/ceres/config/networking.nix b/systems/ceres/config/networking.nix
index b3a13a0..d6cd947 100755
--- a/systems/ceres/config/networking.nix
+++ b/systems/ceres/config/networking.nix
@@ -31,6 +31,31 @@ in
       ];
     };
   };
+
+  # Remote rebuild safeguards:
+  # These settings prevent network services from restarting during nixos-rebuild,
+  # which would otherwise drop SSH connections when done remotely.
+  # The bridge configuration changes enp10s0, so we need to prevent systemd-networkd
+  # and NetworkManager from restarting to maintain connectivity.
+
+  # Prevent SSH connections from being killed during network reconfiguration
+  systemd.services.sshd = {
+    stopIfChanged = false;
+    reloadIfChanged = true;
+  };
+
+  # Prevent systemd-networkd from restarting during switches to avoid dropping SSH
+  systemd.services.systemd-networkd = {
+    stopIfChanged = false;
+    restartTriggers = lib.mkForce [ ];
+  };
+
+  # Prevent NetworkManager from restarting during config changes
+  systemd.services.NetworkManager = {
+    stopIfChanged = false;
+    reloadIfChanged = true;
+  };
+
   services = {
     avahi = {
       enable = true;
diff --git a/systems/ceres/config/wireguard.nix b/systems/ceres/config/wireguard.nix
old mode 100644
new mode 100755