From 67c86188d770503aba496328b35bdefd82fa030c Mon Sep 17 00:00:00 2001
From: Bartosz Stebel <implr@hackerspace.pl>
Date: Fri, 18 Dec 2020 16:39:52 +0100
Subject: [PATCH] bgpwtf/edge01: as-deployed: add qemu-bridge-helper config to
 fix anchorvm

Change-Id: I305c498f8332de8addac435da57ba88e1b34c7f0
---
 bgpwtf/machines/modules/anchorvm.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/bgpwtf/machines/modules/anchorvm.nix b/bgpwtf/machines/modules/anchorvm.nix
index 9c7b17fb..9eddde96 100644
--- a/bgpwtf/machines/modules/anchorvm.nix
+++ b/bgpwtf/machines/modules/anchorvm.nix
@@ -24,6 +24,15 @@ in {
     };
   };
 
+  config.environment = {
+    # qemu-bridge-helper (needed for -nic bridge) requires this file to exist.
+    # We're running as root and don't care about the ACL functionality, so just
+    # make a minimal file that allows the interface.
+    # This snippet stolen from nixpkgs//libvirtd.nix
+    etc."qemu/bridge.conf".text = lib.concatMapStringsSep "\n" (e:
+      "allow ${e}") [cfg.bridge];
+  };
+
   config.systemd.services.anchorvm = {
     wantedBy = [ "multi-user.target" ];
     after = [