I’ve been using quickgui for a bit and it’s quite handy. Recently, I tried to allow one of the VMs to access the LAN through a bridge. Now the VM won’t start. Giving me this error:
failed to create tun device: Operation not permitted
qemu-system-x86_64: -nic bridge,br=br0,model=virtio-net-pci: bridge helper failed
Pertinent part of my configuration.nix file:
networking = {
hostName = "oak";
networkmanager.enable = true;
wireless.enable = true;
firewall = rec {
trustedInterfaces = [ "br0" ];
allowedTCPPorts = [
3128 # SPICE
# 3131 # deskreen
];
allowedTCPPortRanges = [
{
# Allow KDEconnect to work:
from = 1714;
to = 1764;
}
];
allowedUDPPortRanges = allowedTCPPortRanges;
};
bridges = {
br0 = {
interfaces = [ "enp4s0" ];
};
};
interfaces.br0.ipv4 = {
addresses = [
{
address = "192.168.1.111";
prefixLength = 24;
}
];
routes = [
{
address = "192.168.1.0";
prefixLength = 24;
via = "192.168.1.1";
}
];
};
};
virtualisation = {
libvirtd = {
enable = true;
allowedBridges = [
"virbr0"
"br0"
];
qemu.vhostUserPackages = with pkgs; [ virtiofsd ];
};
spiceUSBRedirection.enable = true;
};
programs.virt-manager.enable = true;
Bridge is up and working as expected (I think):
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
link/ether 74:56:3c:49:65:51 brd ff:ff:ff:ff:ff:ff
altname enx74563c496551
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 74:56:3c:49:65:51 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.111/24 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::7656:3cff:fe49:6551/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 80:af:ca:eb:99:c7 brd ff:ff:ff:ff:ff:ff
altname wlp0s20f0u11u3u1u4u3u1
altname wlx80afcaeb99c7
inet 192.168.1.232/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan0
valid_lft 84835sec preferred_lft 84835sec
inet6 fe80::74af:d1f:ab12:d4a2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
Complete error from running quickemu manually:
quickemu --vm proxmox-ve-9.1-1.conf
proxmox-ve-9.1-1.conf: line 9: tap: command not found
Quickemu 4.9.9 using /nix/store/bi3pasa54bi5sarwa5pj8qbiv7vbksdf-qemu-10.2.1/bin/qemu-system-x86_64 v10.2.1
- Host: NixOS 26.05 (Yarara) running Linux 6.18.15 oak
- CPU: Intel(R) Core(TM) i9-14900K
- CPU VM: host, 1 Socket(s), 8 Core(s), 2 Thread(s)
- RAM VM: 4G RAM
- BOOT: EFI (Linux), OVMF (/nix/store/bi3pasa54bi5sarwa5pj8qbiv7vbksdf-qemu-10.2.1/share/qemu/edk2-x86_64-code.fd), EFI Vars (proxmox-ve-9.1-1/OVMF_VARS.fd), SecureBoot (off).
- Disk: proxmox-ve-9.1-1/disk.qcow2 (20G)
- Display: GTK, virtio-vga-gl, GL (on), VirGL (on) @ (1280 x 800)
- Sound: intel-hda (hda-micro)
- ssh: On host: ssh user@localhost -p 22220
- WebDAV: On guest: dav://localhost:9843/
- 9P: On guest: sudo mount -t 9p -o trans=virtio,version=9p2000.L,msize=104857600 Public-sergio ~/Public
- smbd: On guest: smb://10.0.2.4/qemu
- Network: Bridged (br0)
- Monitor: On host: socat -,echo=0,icanon=0 unix-connect:proxmox-ve-9.1-1/proxmox-ve-9.1-1-monitor.socket
- Serial: On host: socat -,echo=0,icanon=0 unix-connect:proxmox-ve-9.1-1/proxmox-ve-9.1-1-serial.socket
- Process: ERROR! Failed to start proxmox-ve-9.1-1.conf as proxmox-ve-9.1-1
failed to create tun device: Operation not permitted
qemu-system-x86_64: -nic bridge,br=br0,model=virtio-net-pci: bridge helper failed
Contents of proxmox-ve-9.1-1.conf:
#!/nix/store/62p3pgibss3kp7awxxjjcxrhnrmmdala-quickemu-4.9.7-unstable-2025-12-28/bin/quickemu --vm
guest_os="linux"
disk_img="proxmox-ve-9.1-1/disk.qcow2"
iso="proxmox-ve-9.1-1/proxmox-ve_9.1-1.iso"
disk_size="20G"
ram="4G"
network="br0"
Anybody manage to get this working?