From 9e609128af80f815929c7c713bfd6f910e8e3ac2 Mon Sep 17 00:00:00 2001
From: Pierre Bourdon <delroth@gmail.com>
Date: Sun, 23 Jun 2024 03:14:26 +0200
Subject: [PATCH] network: add a wan bridge for VMs/containers

---
 modules/network.nix | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/modules/network.nix b/modules/network.nix
index f2b1d08..e3203e8 100644
--- a/modules/network.nix
+++ b/modules/network.nix
@@ -34,12 +34,29 @@
     linkConfig.Name = "nat-lan";
   };
 
-  systemd.network.networks."10-wan" = {
-    matchConfig.Name = "wan";
+  systemd.network.netdevs."10-wan-br" = {
+    netdevConfig.Name = "wan-br";
+    netdevConfig.Kind = "bridge";
+    netdevConfig.MACAddress = "none";
+    bridgeConfig.MulticastSnooping = false;
+  };
+
+  systemd.network.links."10-wan-br" = {
+    matchConfig.Name = "wan-br";
+    linkConfig.MACAddressPolicy = "none";
+  };
+
+  systemd.network.networks."10-wan-br" = {
+    matchConfig.Name = "wan-br";
     linkConfig.RequiredForOnline = true;
     networkConfig.Address = [ config.networking.newtype.currentHost.ipv6 ];
   };
 
+  systemd.network.networks."10-wan" = {
+    matchConfig.Name = "wan";
+    networkConfig.Bridge = "wan-br";
+  };
+
   systemd.network.links."10-wan" = {
     matchConfig.MACAddress = "3c:ec:ef:7e:bd:c9";
     linkConfig.Name = "wan";