diff --git a/flake.lock b/flake.lock
index 2815404..5942f7d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -28,11 +28,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1682854491,
-        "narHash": "sha256-xFTgMA+whHZyRAAN6EQUX0gMAjSGi44+sFbIPOXVShw=",
+        "lastModified": 1683715679,
+        "narHash": "sha256-Zq2liHoVTNYql94XPTpEInQq5yY0NjRa9ZLYJv55dgE=",
         "owner": "oddlama",
         "repo": "agenix-rekey",
-        "rev": "7096bf1e2acdbf8c6e8dda6f452d06d9d72fb3a7",
+        "rev": "e5e84230bfa071685a05acdc11a94e3be672e541",
         "type": "github"
       },
       "original": {
@@ -207,11 +207,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1683543852,
-        "narHash": "sha256-aS9qNcg9GwSYFLCWa3Lw+2nVPG11mmQ3B7Oka1hh04M=",
+        "lastModified": 1683651229,
+        "narHash": "sha256-HN0Mw8g1XQIrcdyzqT00YW0Uqi/V/BUUUAgvcK1pcSM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "3f3fa731ad0f99741d4dc98e8e1287b45e30b452",
+        "rev": "983f8a1bb965b261492123cd8e2d07da46d4d50a",
         "type": "github"
       },
       "original": {
diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix
index 09667f3..328d5f2 100644
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@@ -10,8 +10,9 @@
     ./system.nix
     ./xdg.nix
 
-    ../../../modules/wireguard.nix
+    ../../../modules/interface-naming.nix
     ../../../modules/microvms.nix
+    ../../../modules/wireguard.nix
   ];
 
   home-manager = {
diff --git a/hosts/common/core/net.nix b/hosts/common/core/net.nix
index 7de5028..3035f0e 100644
--- a/hosts/common/core/net.nix
+++ b/hosts/common/core/net.nix
@@ -80,16 +80,5 @@ in {
   };
 
   # Rename known network interfaces
-  services.udev.packages =
-    lib.mkIf ((nodeSecrets.networking.interfaces or {}) != {})
-    (let
-      interfaceNamesUdevRules = pkgs.writeTextFile {
-        name = "interface-names-udev-rules";
-        text = concatStringsSep "\n" (mapAttrsToList (
-            interface: attrs: ''SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="${attrs.mac}", NAME:="${interface}"''
-          )
-          nodeSecrets.networking.interfaces);
-        destination = "/etc/udev/rules.d/01-interface-names.rules";
-      };
-    in [interfaceNamesUdevRules]);
+  extra.networking.renameInterfacesByMac = lib.mapAttrs (_: v: v.mac) (nodeSecrets.networking.interfaces or {});
 }
diff --git a/hosts/common/core/nix.nix b/hosts/common/core/nix.nix
index f21905e..c51a231 100644
--- a/hosts/common/core/nix.nix
+++ b/hosts/common/core/nix.nix
@@ -38,7 +38,7 @@
     optimise.automatic = true;
     gc = {
       automatic = true;
-      dates = "biweekly";
+      dates = "monthly";
       options = "--delete-older-than 90d";
     };
     # Define global flakes for this system
diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix
index 7b4313b..c336d09 100644
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@@ -27,12 +27,12 @@
   boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "r8169"];
 
   extra.microvms = let
-    macOffset = config.lib.net.mac.addPrivate nodeSecrets.networking.interfaces."wan-nic".mac;
+    macOffset = config.lib.net.mac.addPrivate nodeSecrets.networking.interfaces.lan.mac;
   in {
     test = {
       autostart = true;
-      mac = macOffset "00:00:00:00:00:01";
-      macvtap = "wan";
+      mac = macOffset "00:00:00:00:00:11";
+      macvtap = "lan";
       system = "x86_64-linux";
     };
   };
diff --git a/hosts/ward/microvms/test/default.nix b/hosts/ward/microvms/test/default.nix
index ead4a9b..4888501 100644
--- a/hosts/ward/microvms/test/default.nix
+++ b/hosts/ward/microvms/test/default.nix
@@ -1,12 +1,4 @@
 {
-  config,
-  inputs,
-  lib,
-  microvm,
-  nixos-hardware,
-  pkgs,
-  ...
-}: {
   imports = [
     ../../../common/core
 
@@ -14,15 +6,4 @@
   ];
 
   home-manager.users.root.home.minimal = true;
-
-  systemd.network.networks = {
-    "10-wan" = {
-      # TODO
-      matchConfig.Name = "en*";
-      DHCP = "yes";
-      networkConfig.IPv6PrivacyExtensions = "kernel";
-      dhcpV4Config.RouteMetric = 20;
-      dhcpV6Config.RouteMetric = 20;
-    };
-  };
 }
diff --git a/hosts/ward/net.nix b/hosts/ward/net.nix
index e71b5eb..2acefcd 100644
--- a/hosts/ward/net.nix
+++ b/hosts/ward/net.nix
@@ -13,24 +13,12 @@ in {
 
   boot.initrd.systemd.network = {
     enable = true;
-    networks."10-wan" = {
-      DHCP = "yes";
-      #address = [
-      #  "192.168.178.2/24"
-      #  "fd00::1/64"
-      #];
-      #gateway = [
-      #];
-      matchConfig.MACAddress = nodeSecrets.networking.interfaces."wan-nic".mac;
-      networkConfig.IPv6PrivacyExtensions = "kernel";
-      dhcpV4Config.RouteMetric = 20;
-      dhcpV6Config.RouteMetric = 20;
-    };
+    networks = {inherit (config.systemd.network.networks) "10-wan";};
   };
 
-  systemd.network.netdevs."10-wan" = {
+  systemd.network.netdevs."10-lan-self" = {
     netdevConfig = {
-      Name = "wan";
+      Name = "lan-self";
       Kind = "macvtap";
     };
     extraConfig = ''
@@ -41,23 +29,13 @@ in {
 
   systemd.network.networks = {
     "10-lan" = {
-      address = [net.lan.ipv4cidr net.lan.ipv6cidr];
       matchConfig.MACAddress = nodeSecrets.networking.interfaces.lan.mac;
-      networkConfig = {
-        IPForward = "yes";
-        IPv6PrivacyExtensions = "kernel";
-      };
-      dhcpV4Config.RouteMetric = 10;
-      dhcpV6Config.RouteMetric = 10;
-    };
-    "10-wan-nic" = {
-      matchConfig.MACAddress = nodeSecrets.networking.interfaces."wan-nic".mac;
       extraConfig = ''
         [Network]
-        MACVTAP=wan
+        MACVTAP=lan-self
       '';
     };
-    "11-wan" = {
+    "10-wan" = {
       DHCP = "yes";
       #address = [
       #  "192.168.178.2/24"
@@ -65,11 +43,22 @@ in {
       #];
       #gateway = [
       #];
-      matchConfig.Name = "wan";
+      matchConfig.MACAddress = nodeSecrets.networking.interfaces.wan.mac;
       networkConfig.IPv6PrivacyExtensions = "kernel";
       dhcpV4Config.RouteMetric = 20;
       dhcpV6Config.RouteMetric = 20;
     };
+    "11-lan-self" = {
+      address = [net.lan.ipv4cidr net.lan.ipv6cidr];
+      matchConfig.Name = "lan-self";
+      networkConfig = {
+        IPForward = "yes";
+        IPv6PrivacyExtensions = "kernel";
+        ConfigureWithoutCarrier = true;
+      };
+      dhcpV4Config.RouteMetric = 10;
+      dhcpV6Config.RouteMetric = 10;
+    };
   };
 
   networking.nftables.firewall = {
diff --git a/hosts/ward/secrets/secrets.nix.age b/hosts/ward/secrets/secrets.nix.age
index a32f441..b8e6bf8 100644
Binary files a/hosts/ward/secrets/secrets.nix.age and b/hosts/ward/secrets/secrets.nix.age differ
diff --git a/modules/interface-naming.nix b/modules/interface-naming.nix
new file mode 100644
index 0000000..6b92ba7
--- /dev/null
+++ b/modules/interface-naming.nix
@@ -0,0 +1,47 @@
+{
+  config,
+  extraLib,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit
+    (lib)
+    attrValues
+    concatStringsSep
+    mapAttrsToList
+    mkIf
+    mkOption
+    types
+    ;
+
+  cfg = config.extra.networking.renameInterfacesByMac;
+
+  interfaceNamesUdevRules = pkgs.writeTextFile {
+    name = "interface-names-udev-rules";
+    text = concatStringsSep "\n" (mapAttrsToList
+      (name: mac: ''SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="${mac}", NAME:="${name}"'')
+      cfg);
+    destination = "/etc/udev/rules.d/01-interface-names.rules";
+  };
+in {
+  options.extra.networking.renameInterfacesByMac = mkOption {
+    default = {};
+    example = {lan = "11:22:33:44:55:66";};
+    description = "Allows naming of network interfaces based on their physical address";
+    type = types.attrsOf types.str;
+  };
+
+  config = {
+    assertions = let
+      duplicateMacs = extraLib.duplicates (attrValues cfg);
+    in [
+      {
+        assertion = duplicateMacs == [];
+        message = "Duplicate mac addresses found in network interface name assignment: ${concatStringsSep ", " duplicateMacs}";
+      }
+    ];
+
+    services.udev.packages = lib.mkIf (cfg != {}) [interfaceNamesUdevRules];
+  };
+}
diff --git a/modules/microvms.nix b/modules/microvms.nix
index 0861649..1b7adbe 100644
--- a/modules/microvms.nix
+++ b/modules/microvms.nix
@@ -72,6 +72,21 @@
         ];
       };
 
+      extra.networking.renameInterfacesByMac.${vmCfg.linkName} = vmCfg.mac;
+
+      systemd.network.networks = {
+        "10-${vmCfg.linkName}" = {
+          matchConfig.Name = vmCfg.linkName;
+          DHCP = "yes";
+          networkConfig = {
+            IPv6PrivacyExtensions = "kernel";
+            ConfigureWithoutCarrier = true;
+          };
+          dhcpV4Config.RouteMetric = 20;
+          dhcpV6Config.RouteMetric = 20;
+        };
+      };
+
       # TODO change once microvms are compatible with stage-1 systemd
       boot.initrd.systemd.enable = mkForce false;
     };
@@ -90,6 +105,12 @@ in {
           description = mdDoc "Whether this VM should be started automatically with the host";
         };
 
+        linkName = mkOption {
+          type = types.str;
+          default = "wan";
+          description = mdDoc "The main ethernet link name inside of the VM";
+        };
+
         mac = mkOption {
           type = config.lib.net.types.mac;
           description = mdDoc "The MAC address to assign to this VM";