37 lines
1.1 KiB
Nix
37 lines
1.1 KiB
Nix
|
{ host, lib, config, ... }: {
|
||
|
|
networking.nat = {
|
||
|
|
enable = true;
|
||
|
|
# Use "ve-*" when using nftables instead of iptables
|
||
|
|
internalInterfaces = ["ve-+"];
|
||
|
|
externalInterface = "ens18";
|
||
|
|
enableIPv6 = false;
|
||
|
|
};
|
||
|
|
|
||
|
|
containers =
|
||
|
|
if builtins.pathExists ../../hosts/${host}/containers
|
||
|
|
then let
|
||
|
|
containers_files' = builtins.readDir ../../hosts/${host}/containers;
|
||
|
|
containers_files = lib.concatMapAttrs
|
||
|
|
(container: _: {
|
||
|
|
${lib.removeSuffix ".nix" container} = {};
|
||
|
|
}) containers_files';
|
||
|
|
|
||
|
|
in builtins.mapAttrs (container: _: {
|
||
|
|
autoStart = true;
|
||
|
|
bindMounts = builtins.mapAttrs (_: value: { hostPath = value; isReadOnly = false; }) config.container.${container}.config.binds;
|
||
|
|
tmpfs = [ "/" ];
|
||
|
|
config = { lib, ... }: with lib; {
|
||
|
|
imports = [
|
||
|
|
../../hosts/${host}/containers/${container}.nix
|
||
|
|
# ../containers
|
||
|
|
../global/nix.nix
|
||
|
|
../global/dnscrypt-proxy.nix
|
||
|
|
];
|
||
|
|
options = {
|
||
|
|
binds = mkOption { type = types.attrs; default = {}; };
|
||
|
|
};
|
||
|
|
};
|
||
|
|
}) containers_files
|
||
|
|
else {};
|
||
|
|
}
|