From 16af5ab8aad5ae3cf162a2d91befbc8b35e621cb Mon Sep 17 00:00:00 2001
From: Dmitriy Kholkin <ataraxiadev@ataraxiadev.com>
Date: Wed, 16 Jul 2025 19:37:24 +0300
Subject: [PATCH] fix: trust libvirt interfaces

---
 hosts/andromedae/default.nix                    | 5 +++++
 modules/nixos/virtualisation/virtualisation.nix | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/hosts/andromedae/default.nix b/hosts/andromedae/default.nix
index c679f30..b228949 100644
--- a/hosts/andromedae/default.nix
+++ b/hosts/andromedae/default.nix
@@ -149,6 +149,11 @@ in
     useRoutingFeatures = "client";
   };
 
+  networking.firewall.trustedInterfaces = [
+    "virbr-lan"
+    "virbr-wan"
+  ];
+
   # Mesa from unstable channel
   hardware.graphics.package = pkgs.mesaUnstable;
   hardware.graphics.package32 = pkgs.mesaUnstablei686;
diff --git a/modules/nixos/virtualisation/virtualisation.nix b/modules/nixos/virtualisation/virtualisation.nix
index a79b2e2..14b59b2 100644
--- a/modules/nixos/virtualisation/virtualisation.nix
+++ b/modules/nixos/virtualisation/virtualisation.nix
@@ -110,6 +110,8 @@ in
       ];
     };
 
+    networking.firewall.trustedInterfaces = mkIf cfg.libvirt [ "virbr0" ];
+
     security.unprivilegedUsernsClone = true;
 
     persist.state.directories = [