diff --git a/hosts/ward/kea.nix b/hosts/ward/kea.nix
index 65282ad..bca90db 100644
--- a/hosts/ward/kea.nix
+++ b/hosts/ward/kea.nix
@@ -1,7 +1,6 @@
 {
   lib,
   utils,
-  nodes,
   ...
 }: let
   inherit (lib) net;
@@ -22,7 +21,7 @@ in {
       renew-timer = 1000;
       rebind-timer = 2000;
       interfaces-config = {
-        # XXX: why does this bind other macvtaps?
+        # XXX: BUG: why does this bind other macvtaps?
         interfaces = ["lan-self"];
         service-sockets-max-retries = -1;
       };
diff --git a/hosts/ward/secrets/influxdb/host.pub b/hosts/ward/secrets/influxdb/host.pub
index a929802..9bae884 100644
--- a/hosts/ward/secrets/influxdb/host.pub
+++ b/hosts/ward/secrets/influxdb/host.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMoiozZHb2lXv9sZGXDeL2hdYYVPTMVrxdUl/lRro4zh
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOanBR6abVoPfpH9RyhxaJ1dg0/+VFAUyCfQzFqxGBzk
diff --git a/modules/guests/common-guest-config.nix b/modules/guests/common-guest-config.nix
index 6bb6e92..bce8aac 100644
--- a/modules/guests/common-guest-config.nix
+++ b/modules/guests/common-guest-config.nix
@@ -10,20 +10,18 @@ in {
     gc.automatic = mkForce false;
   };
 
-  systemd.network.networks = {
-    "10-${guestCfg.networking.mainLinkName}" = {
-      matchConfig.Name = guestCfg.networking.mainLinkName;
-      DHCP = "yes";
-      dhcpV4Config.UseDNS = false;
-      dhcpV6Config.UseDNS = false;
-      ipv6AcceptRAConfig.UseDNS = false;
-      networkConfig = {
-        IPv6PrivacyExtensions = "yes";
-        MulticastDNS = true;
-        IPv6AcceptRA = true;
-      };
-      linkConfig.RequiredForOnline = "routable";
+  systemd.network.networks."10-${guestCfg.networking.mainLinkName}" = {
+    matchConfig.Name = guestCfg.networking.mainLinkName;
+    DHCP = "yes";
+    dhcpV4Config.UseDNS = false;
+    dhcpV6Config.UseDNS = false;
+    ipv6AcceptRAConfig.UseDNS = false;
+    networkConfig = {
+      IPv6PrivacyExtensions = "yes";
+      MulticastDNS = true;
+      IPv6AcceptRA = true;
     };
+    linkConfig.RequiredForOnline = "routable";
   };
 
   networking.nftables.firewall = {
diff --git a/modules/guests/container.nix b/modules/guests/container.nix
index 40c3f57..c00052f 100644
--- a/modules/guests/container.nix
+++ b/modules/guests/container.nix
@@ -12,15 +12,12 @@ guestName: guestCfg: {
     flip
     mapAttrs'
     nameValuePair
-    substring
     ;
-
-  initialLinkName = "mv-${(substring 0 12 (builtins.hashString "sha256" guestName))}";
 in {
   ephemeral = true;
   privateNetwork = true;
   autoStart = guestCfg.autostart;
-  macvlans = ["${guestCfg.container.macvlan}:${initialLinkName}"];
+  macvlans = ["${guestCfg.container.macvlan}:${guestCfg.networking.mainLinkName}"];
   extraFlags = [
     "--uuid=${builtins.substring 0 32 (builtins.hashString "sha256" guestName)}"
   ];
@@ -63,14 +60,6 @@ in {
               device = zfsCfg.guestMountpoint;
               options = ["bind"];
             });
-
-          # Rename the network interface to our liking
-          systemd.network.links = {
-            "01-${guestCfg.networking.mainLinkName}" = {
-              matchConfig.Name = initialLinkName;
-              linkConfig.Name = guestCfg.networking.mainLinkName;
-            };
-          };
         }
         (import ./common-guest-config.nix guestName guestCfg)
       ]
diff --git a/modules/guests/default.nix b/modules/guests/default.nix
index 554db85..ace6626 100644
--- a/modules/guests/default.nix
+++ b/modules/guests/default.nix
@@ -31,6 +31,12 @@
     lib.genAttrs backends (_: {})
     // mapAttrs (_: listToAttrs) (groupBy (x: x.value.backend) (attrsToList config.guests));
 
+  # List the necessary mount units for the given guest
+  fsMountUnitsFor = guestCfg:
+    map
+    (x: "${utils.escapeSystemdPath x.hostMountpoint}.mount")
+    (attrValues guestCfg.zfs);
+
   # Configuration required on the host for a specific guest
   defineGuest = _guestName: guestCfg: {
     # Add the required datasets to the disko configuration of the machine
@@ -43,7 +49,6 @@
     systemd.services = mkMerge (flip map (attrValues guestCfg.zfs) (zfsCfg: let
       fsMountUnit = "${utils.escapeSystemdPath zfsCfg.hostMountpoint}.mount";
     in {
-      # Ensure that the zfs dataset exists before it is mounted.
       "zfs-ensure-${utils.escapeSystemdPath zfsCfg.hostMountpoint}" = {
         wantedBy = [fsMountUnit];
         before = [fsMountUnit];
@@ -68,14 +73,9 @@
 
   defineMicrovm = guestName: guestCfg: {
     # Ensure that the zfs dataset exists before it is mounted.
-    systemd.services."microvm@${guestName}" = let
-      fsMountUnits =
-        map
-        (x: "${utils.escapeSystemdPath x.hostMountpoint}.mount")
-        (attrValues guestCfg.zfs);
-    in {
-      requires = fsMountUnits;
-      after = fsMountUnits;
+    systemd.services."microvm@${guestName}" = {
+      requires = fsMountUnitsFor guestCfg;
+      after = fsMountUnitsFor guestCfg;
     };
 
     microvm.vms.${guestName} = import ./microvm.nix guestName guestCfg attrs;
@@ -83,19 +83,15 @@
 
   defineContainer = guestName: guestCfg: {
     # Ensure that the zfs dataset exists before it is mounted.
-    systemd.services."container@${guestName}" = let
-      fsMountUnits =
-        map
-        (x: "${utils.escapeSystemdPath x.hostMountpoint}.mount")
-        (attrValues guestCfg.zfs);
-    in {
-      requires = fsMountUnits;
-      after = fsMountUnits;
+    systemd.services."container@${guestName}" = {
+      requires = fsMountUnitsFor guestCfg;
+      after = fsMountUnitsFor guestCfg;
       # Don't use the notify service type. Using exec will always consider containers
       # started immediately and donesn't wait until the container is fully booted.
       # Containers should behave like independent machines, and issues inside the container
       # will unnecessarily lock up the service on the host otherwise.
-      # This causes issues on system activation.
+      # This causes issues on system activation or when containers take longer to start
+      # than TimeoutStartSec.
       serviceConfig.Type = lib.mkForce "exec";
     };
 
@@ -162,7 +158,7 @@ in {
 
           macvtapInterface = mkOption {
             type = types.str;
-            description = "The host macvtap interface to which the microvm should be attached";
+            description = "The host interface to which the microvm should be attached via macvtap";
           };
         };
 
@@ -174,12 +170,15 @@ in {
           };
         };
 
-        networking = {
-          mainLinkName = mkOption {
-            type = types.str;
-            default = "wan";
-            description = "The main ethernet link name inside of the VM";
-          };
+        networking.mainLinkName = mkOption {
+          type = types.str;
+          description = "The main ethernet link name inside of the guest. For containers, this cannot be named similar to an existing interface on the host.";
+          default =
+            if submod.config.backend == "microvm"
+            then submod.config.microvm.macvtapInterface
+            else if submod.config.backend == "container"
+            then "mv-${submod.config.container.macvlan}"
+            else throw "Invalid backend";
         };
 
         zfs = mkOption {