diff --git a/modules/libvirtd/default.nix b/modules/libvirtd/default.nix
index ba0b7b6..f09ff9c 100644
--- a/modules/libvirtd/default.nix
+++ b/modules/libvirtd/default.nix
@@ -9,23 +9,60 @@ in
   config = mkIf (cfg.enable) {
     virtualisation.libvirtd = {
       enable = true;
+      allowedBridges = [ "br0" ];
     };
-    networking = {
-      interfaces = {
-        br0 = {
-          useDHCP = true;
-          macAddress = "04:d9:f5:f9:c2:c6";
+
+    systemd.network = {
+      netdevs = {
+        "40-br0" = {
+          enable = true;
+          netdevConfig = {
+            Kind = "bridge";
+            Name = "br0";
+          };
+          extraConfig = ''
+            [Bridge]
+            STP=yes
+          '';
         };
       };
 
-      bridges = {
-        "br0" = {
-          interfaces = [ "enp4s0" ];
-          # rstp = true;
+      networks = {
+        "40-br0" = {
+          enable = true;
+          matchConfig = {
+            Name = "br0";
+          };
+          linkConfig = {
+            MACAddress = "04:d9:f5:f9:c2:c6";
+          };
+          networkConfig = {
+            DHCP = "yes";
+            IPv6PrivacyExtensions = "kernel";
+          };
+        };
+
+        "40-enp4s0" = {
+          enable = true;
+          bridge = [ "br0" ];
+          matchConfig = {
+            Name = "enp4s0";
+          };
+          networkConfig = {
+            DHCP = mkForce "no";
+            IPv6PrivacyExtensions = "kernel";
+          };
         };
       };
     };
 
+    systemd.services.docker = {
+      serviceConfig = {
+        ExecStartPre = "${pkgs.iptables}/bin/iptables -I DOCKER-USER -i br0 -o br0 -j ACCEPT";
+      };
+    };
     users.users.${config.eboskma.var.mainUser}.extraGroups = [ "libvirtd" ];
+
+    environment.systemPackages = with pkgs; [ virt-manager ];
   };
 }