Issues with Virt-Manager: Default Network Down in NixOS 25.11

mateowoetam · July 16, 2025, 2:41am

Issue Description

NixOS Version: 25.11
Virtualization Tool: Virt-Manager / Libvirt
Livbirt version before update: 11.4.0
Libvirt version after update: 11.5.0
Network Configuration: Default NAT network not functioning as expected.

Current Setup

Network Configuration in Virt-Manager:

The default network is defined as follows:

<network>
  <name>default</name>
  <uuid>fc7e73df-8b5d-4624-84c6-18da927b7cd7</uuid>
  <forward mode="nat">
    <nat>
      <port start="1024" end="65535"/>
    </nat>
  </forward>
  <bridge name="virbr0" stp="on" delay="0"/>
  <mac address="52:54:00:d4:a9:02"/>
  <ip address="192.168.122.1" netmask="255.255.255.0">
    <dhcp>
      <range start="192.168.122.2" end="192.168.122.254"/>
    </dhcp>
  </ip>
</network>

Terminal Output:

When checking the active virtual machines with virsh list, no VMs are listed:
```
virsh list
Id   Name   State
--------------------
```

The output of ip addr shows the following relevant interfaces:

3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb state DOWN group default qlen 1000
    link/ether 52:54:00:d4:a9:02 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

UEFI virtual machines also have issues, and do not start:

Error starting domain: operation failed: Unable to find 'efi' firmware that is compatible with the current configuration

Traceback (most recent call last):
  File "/nix/store/3s7rckxjck002zfmqcvj5aqlav6h44kc-virt-manager-5.0.0/share/virt-manager/virtManager/asyncjob.py", line 71, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
    ~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/3s7rckxjck002zfmqcvj5aqlav6h44kc-virt-manager-5.0.0/share/virt-manager/virtManager/asyncjob.py", line 107, in tmpcb
    callback(*args, **kwargs)
    ~~~~~~~~^^^^^^^^^^^^^^^^^
  File "/nix/store/3s7rckxjck002zfmqcvj5aqlav6h44kc-virt-manager-5.0.0/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn
    ret = fn(self, *args, **kwargs)
  File "/nix/store/3s7rckxjck002zfmqcvj5aqlav6h44kc-virt-manager-5.0.0/share/virt-manager/virtManager/object/domain.py", line 1384, in startup
    self._backend.create()
    ~~~~~~~~~~~~~~~~~~~~^^
  File "/nix/store/rgkr4v1ndzlvpaa397xc9shj7x6zndkq-python3.13-libvirt-11.5.0/lib/python3.13/site-packages/libvirt.py", line 1390, in create
    raise libvirtError('virDomainCreate() failed')
libvirt.libvirtError: operation failed: Unable to find 'efi' firmware that is compatible with the current configuration

Configuration

Here is the relevant part of my configuration.nix:

  networking = {
    hostName = "nixos"; 
    networkmanager.enable = true;
    modemmanager.enable = true;
    wireguard.enable = true;
    nameservers = [
      "8.8.8.8"
      "1.1.1.1"
    ];
  };
  programs = {
    virt-manager = {
      enable = true;
      package = pkgs.virt-manager.overrideAttrs (oldAttrs: {
        nativeBuildInputs = oldAttrs.nativeBuildInputs or [ ] ++ [ pkgs.wrapGAppsHook ];
        buildInputs = pkgs.lib.lists.subtractLists [ pkgs.wrapGAppsHook ] oldAttrs.buildInputs ++ [
          pkgs.gst_all_1.gst-plugins-base
          pkgs.gst_all_1.gst-plugins-good
        ];
      });
    };
  };
  virtualisation = {
    spiceUSBRedirection.enable = true;
    libvirtd = {
      enable = true;
      qemu = {
        vhostUserPackages = [ pkgs.virtiofsd ];
        ovmf = {
          enable = true;
          packages = [
            (pkgs.OVMF.override {
              secureBoot = true;
              tpmSupport = true;
            }).fd
          ];
        };
        swtpm.enable = true;
        runAsRoot = true;
      };
    };
  };

Problem Statement

After updating my NixOS configuration using doas nixos-rebuild switch --flake ., the default virtual network (virbr0) is showing as “DOWN” and is not functioning. Despite the network being defined and appearing active in Virt-Manager, I cannot see any active virtual machines with virsh list, and the network does not seem to be providing DHCP services as expected.

Steps Taken

Verified the network configuration in Virt-Manager.
Checked the status of the virbr0 interface using ip addr.
Restarted the libvirt service with doas systemctl restart libvirtd.
Attempted to manually bring up the virbr0 interface using doas ip link set virbr0 up, but it remains in a “NO-CARRIER” state.

if it is actually related to the libvirtd veresion, I have yet to learn how to keep it at the old version.

I tried a regression to libvirt 11.4 but that didn’t solve the issue, both the virtual networks and VMs with UEFI are still non-functioning.

  virtualisation = {
    spiceUSBRedirection.enable = true;
    libvirtd = {
      enable = true;
      package = pkgs.libvirt.overrideAttrs (old: {
        version = "11.4.0";
        src = pkgs.fetchFromGitHub {
           owner = "libvirt";
           repo = "libvirt";
           tag = "11.4.0";
           hash = "sha256-0bOX95Ly8d1/XZan/EyxI6JaACJvOu9QsTkFNQTreqI=";
        };
      });
      qemu = {
        vhostUserPackages = [ pkgs.virtiofsd ];
        ovmf.enable = true;
        swtpm.enable = true;
        runAsRoot = true;
      };
    };
  };

leo-hstone · July 25, 2025, 8:39am

Hi! I am experiencing the exact same issue while trying to setup a windows VM. I am stuck as I cannot connect the VM to the internet.

same xml config (apart from mac address of course)
same output of ip addr
same output of virsh list as well as virsh net-list

My setup:

NixOS 25.05 difference to your setup
Libvirtd version 11.5.0

My config:

  # Enable dconf (System Management Tool)
  programs.dconf.enable = true;

  # Add user to libvirtd group
  users.groups.libvirtd.members = ["<replaced for post>"];

  # Install necessary packages
  environment.systemPackages = with pkgs; [
    # quickemu
    quickemu
    # needed for display==spice-app in quickemu
    virt-viewer 

    virt-manager
    spice spice-gtk
    spice-protocol
    win-virtio
    win-spice
    # gnome.adwaita-icon-theme
  ];

  # Manage the virtualisation services
  virtualisation = {
    libvirtd = {
      enable = true;
      qemu = {
        swtpm.enable = true; # enable tpm support
        ovmf.enable = true;
        ovmf.packages = [ pkgs.OVMFFull.fd ];
      };
    };
    spiceUSBRedirection.enable = false; # we dont need this for now
  };
  services.spice-vdagentd.enable = true;

A quickemu windows VM works flawless but does not give me as much options currently to customize (in the general goal I am working towards GPU passtrough).

Have you had any progress? Greetings!

Edit

sudo virsh net-list lists the network adapter correctly (i assume?)

 Name      State    Autostart   Persistent
--------------------------------------------
 default   active   yes         yes

mateowoetam · July 25, 2025, 8:50pm

After looking at the issues in the NixOS/nixpkgs GitHub, I found the solution thanks to one of the commenters:

Including wlp5s0, the fix initially seemed not to work. However, I realized that you need to turn on the VM with that network for it to show as active.

Before the VM is on:

ip addr show virbr0
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb state DOWN group default qlen 1000
    link/ether 52:54:00:d4:a9:02 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever

When the VM is on:

ip addr show virbr0
3: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP group default qlen 1000
    link/ether 52:54:00:d4:a9:02 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever

To me, this seems like a regression in the configuration. Why do we now need to explicitly trust these networks? Unless you’re particularly cautious and prefer them off, I believe the default should be to trust these networks.

Working configuration:

networking = {
    hostName = "nixos"; # Define your hostname.
    networkmanager.enable = true;
    firewall = {
        trustedInterfaces = [ "wlp5s0" "virbr0" ];
    };
};

DocBrown101 · July 26, 2025, 10:33am

Unfortunately, it didn’t work for me. I still get the same error:
libvirt.libvirtError: Requested operation is not valid: network 'default' is not active

It only works when I start it manually, and my configuration looks almost exactly like yours!
sudo virsh net-start default

    networking = {
      bridges.virbr0.interfaces = ["enp2s0"];
      firewall.trustedInterfaces = ["enp2s0" "virbr0"];
      interfaces.virbr0 = {
        useDHCP = true;
        macAddress = "ac:79:26:f1:5c:81";
      };
    };

susanthenerd · July 30, 2025, 7:57pm

As stated in libvirt docs on the wiki, you have to use sudo virsh net-autostart default

Check this: Libvirt - NixOS Wiki