From 65bd45bfac3ba76e20842579b2b9fef04a1ee3e3 Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Sat, 31 Aug 2024 16:45:11 +0200
Subject: [PATCH] Isolate the container networking from the host

---
 .../stratus/containers/nextcloud/default.nix  | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/hosts/stratus/containers/nextcloud/default.nix b/hosts/stratus/containers/nextcloud/default.nix
index 615d66c..0d7abbf 100644
--- a/hosts/stratus/containers/nextcloud/default.nix
+++ b/hosts/stratus/containers/nextcloud/default.nix
@@ -11,9 +11,19 @@
     "d /data/nextcloud - - -"
   ];
 
+  networking.useNetworkd = true;
+  systemd.network = {
+    enable = true;
+    networks."40-eno1" = {
+      matchConfig.Name = "eno1";
+      networkConfig.DHCP = "yes";
+    };
+  };
+
   containers.nextcloud = {
     autoStart = true;
     ephemeral = true;
+    macvlans = [ "eno1" ];
     bindMounts = {
       "/run/secrets/nextcloud".isReadOnly = false;
       "/run/secrets/tailscale-auth-key" = { };
@@ -31,8 +41,20 @@
       { domain, ... }:
       {
         system.stateVersion = "24.05";
+        
         networking = {
           inherit domain;
+          useNetworkd = true;
+          useHostResolvConf = false;
+        };
+        systemd.network = {
+          enable = true;
+          networks."40-mv-eno1" = {
+            matchConfig.Name = "mv-eno1";
+            address = [ "192.168.2.254/24" ];
+            networkConfig.DHCP = "yes";
+            dhcpV4Config.ClientIdentifier = "mac";
+          };
         };
 
         imports = [