https://gitea.c3d2.de/c3d2/nix-config/src/branch/master/modules/microvm-defaults.nix#L16-L18

    initrd.kernelModules = [
      # required for net.netfilter.nf_conntrack_max appearing in sysfs early at boot
      "nf_conntrack"
    ];

systemd-networkd is being a bit weird. networkctl status says /etc/systemd/network/50-vnet.network: RequiredForOnline=yes and ActivationPolicy=manual, this may cause a delay at boot. but the file is:

:;    cat /etc/systemd/network/50-vnet.network
[Match]
Name=vnet*

[Link]
ActivationPolicy=manual
RequiredForOnline=no-carrier
Unmanaged=true

[Network]
ConfigureWithoutCarrier=true

Hello, I want to configure my both desktop and laptop with topology from following image, really no clue about linux networking:

• What should i use for networking? looks like systemd.networkd and networkmanager exists, but i was daily driving networkmanager while not knowing networkd, one of friend suggests to use networkd, looks like nixpkgs nixos module is quite decent than networkmanager. If networkd, should i scare about WIFI/wireless network usage there?
• the idea is:
  • create physical-named group, adding wlan0 and eth0 to group
  • create nordvpn nixos container(nspawnd, i believe) and network group, uses physical as upstream network, exposing to own network group
  • create cloudflare nixos container and network group, uses nordvpn as upstream network, exposing to own network group.
  • create tailscale nixos container and network group, uses physical as upstream network, exposing to own network group.
  • create main network group which does:
    • uses physical/nordvpn/cloudflare as network upstream. easily swappable
    • merges tailscale's internal IP range
• while researching the article(as nested vpn) shows running custom systemd services which invoke netns command, i believe there must be the another way to configure this; there are many raw resources on linux networking, not sure each things fit my specific use case, so I'm asking: what approach would be ideal?