{ pkgs, config, lib, ... }: with lib; let cfg = config.eboskma.libvirtd; in { options.eboskma.libvirtd = { enable = mkEnableOption "libvirtd"; }; config = mkIf (cfg.enable) { virtualisation.libvirtd = { enable = true; allowedBridges = [ "br0" ]; }; systemd.network = { netdevs = { "40-br0" = { enable = true; netdevConfig = { Kind = "bridge"; Name = "br0"; }; extraConfig = '' [Bridge] STP=yes ''; }; }; networks = { "40-br0" = { enable = true; matchConfig = { Name = "br0"; }; linkConfig = { MACAddress = "04:d9:f5:f9:c2:c6"; }; networkConfig = { DHCP = "yes"; IPv6PrivacyExtensions = "kernel"; }; }; "40-enp4s0" = { enable = true; bridge = [ "br0" ]; matchConfig = { Name = "enp4s0"; }; networkConfig = { DHCP = mkForce "no"; IPv6PrivacyExtensions = "kernel"; }; }; }; }; systemd.services.docker = { serviceConfig = { ExecStartPre = "${pkgs.iptables}/bin/iptables -I DOCKER-USER -i br0 -o br0 -j ACCEPT"; }; }; users.users.${config.eboskma.var.mainUser}.extraGroups = [ "libvirtd" ]; environment.systemPackages = with pkgs; [ virt-manager ]; }; }