I configured all my containers with self defined bridges using systemd.network.netdevs.
{
config,
lib,
pkgs,
...
}:
{
systemd.network = {
enable = true;
config = {
routeTables = {
bridge = 259;
};
};
netdevs = {
"10-br0" = {
netdevConfig = {
Kind = "bridge";
Name = "br0";
MACAddress = "10:00:00:00:00:01";
};
};
};
networks = {
"25-br0" = {
matchConfig.Name = "br0";
address = [
"10.0.0.1/24"
];
routingPolicyRules = [
# custom rules
];
routes = [
{
Gateway = "0.0.0.0";
Table = "bridge";
}
{
Gateway = "::";
Table = "bridge";
}
];
};
};
};
}
A container setup could look like this:
containers.example = {
privateNetwork = true;
hostBridge = "br0";
localAddress = "10.0.0.2/24";
...
config =
{
config,
pkgs,
lib,
...
}:
{
networking = {
defaultGateway = {
address = "10.0.0.1";
};
};
...
}
}
Then you can set up a route table on you host and route traffic between them.