diff --git a/nix/nixos-module/server/lxc-containers.nix b/nix/nixos-module/server/lxc-containers.nix
index 4f45b20..9992abb 100644
--- a/nix/nixos-module/server/lxc-containers.nix
+++ b/nix/nixos-module/server/lxc-containers.nix
@@ -24,9 +24,15 @@ let
   # linux iface name max length = 15
   shortenNetName = name:
     if builtins.match "priv(.*)" name != null
-    then "pr" + builtins.substring 4 9 name
+    then "p" + builtins.substring 4 9 name
     else name;
 
+  checkIfname = ifname: let
+      len = builtins.stringLength ifname;
+    in if len > 15
+    then throw "Interface name ${ifname} is ${toString (len - 15)} chars too long."
+    else ifname;
+
   # `lxc.net.*` formatter for lxc.container.conf files
   netConfig = ctName: interfaces:
     let
@@ -35,17 +41,17 @@ let
           ifData = interfaces.${netName};
         in {
           type = ifData.type;
-          name = netName;
+          name = checkIfname netName;
           flags = "up";
           hwaddr = if ifData ? hwaddr && ifData.hwaddr != null
                    then ifData.hwaddr
                    else "0A:14:48:xx:xx:xx";
         } // (lib.optionalAttrs (ifData.type == "veth") {
-          veth.pair = "${ctName}-${shortenNetName netName}";
-          veth.mode = "bridge";
-          link = "${netName}";
+          veth.pair = checkIfname "${shortenNetName ctName}-${shortenNetName netName}";
+          veth.mode = checkIfname "bridge";
+          link = checkIfname netName;
         }) // (lib.optionalAttrs (ifData.type == "phys") {
-          link = "ext-${netName}";
+          link = checkIfname "ext-${netName}";
         })
       ) (builtins.attrNames interfaces);