fix: realize mkif earlier to disable local-vms definition

2025-10-11 07:10:39 +02:00 · 2023-06-21 01:43:00 +02:00 · 2023-06-21 01:43:00 +02:00 · e32d5575b4
commit e32d5575b4
parent b545967e7a
1 changed files with 21 additions and 21 deletions
--- a/modules/microvms.nix
+++ b/modules/microvms.nix
@ -167,29 +167,29 @@
        extra.networking.renameInterfacesByMac.${vmCfg.networking.mainLinkName} = mac;
-        systemd.network.networks = let
+        systemd.network.networks =
-          wgConfig = parentConfig.extra.wireguard."${nodeName}-local-vms".unitConfName;
+          {
-        in {
+            "10-${vmCfg.networking.mainLinkName}" = {
-          # Remove requirement for the wireguard interface to come online,
+              matchConfig.MACAddress = mac;
-          # to allow microvms to be deployed more easily (otherwise they
+              DHCP = "yes";
-          # would not come online if the private key wasn't rekeyed yet).
+              networkConfig = {
-          # FIXME ideally this would be conditional at runtime if the
+                IPv6PrivacyExtensions = "yes";
-          # agenix activation had an error, but this is not trivial.
+                MulticastDNS = true;
-          ${wgConfig} = mkIf vmCfg.localWireguard {
+                IPv6AcceptRA = true;
-            linkConfig.RequiredForOnline = "no";
+              };
-          };
+              linkConfig.RequiredForOnline = "routable";
-
+            };
-          "10-${vmCfg.networking.mainLinkName}" = {
+          }
-            matchConfig.MACAddress = mac;
+          // optionalAttrs vmCfg.localWireguard {
-            DHCP = "yes";
+            # Remove requirement for the wireguard interface to come online,
-            networkConfig = {
+            # to allow microvms to be deployed more easily (otherwise they
-              IPv6PrivacyExtensions = "yes";
+            # would not come online if the private key wasn't rekeyed yet).
-              MulticastDNS = true;
+            # FIXME ideally this would be conditional at runtime if the
-              IPv6AcceptRA = true;
+            # agenix activation had an error, but this is not trivial.
            ${parentConfig.extra.wireguard."${nodeName}-local-vms".unitConfName} = {
              linkConfig.RequiredForOnline = "no";
            };
            linkConfig.RequiredForOnline = "routable";
          };
        };
        # TODO mkForce nftables
        networking.nftables.firewall = {