Initial commit

modules/server/containers.nix

@@ -0,0 +1,36 @@
+{ host, lib, config, ... }: {
+  networking.nat = {
+    enable = true;
+    # Use "ve-*" when using nftables instead of iptables
+    internalInterfaces = ["ve-+"];
+    externalInterface = "ens18";
+    enableIPv6 = false;
+  };
+
+  containers =
+    if builtins.pathExists ../../hosts/${host}/containers
+    then let
+      containers_files' = builtins.readDir ../../hosts/${host}/containers;
+      containers_files = lib.concatMapAttrs
+        (container: _: {
+          ${lib.removeSuffix ".nix" container} = {};
+        }) containers_files';
+
+    in builtins.mapAttrs (container: _: {
+      autoStart = true;
+      bindMounts = builtins.mapAttrs (_: value: { hostPath = value; isReadOnly = false; }) config.container.${container}.config.binds;
+      tmpfs = [ "/" ];
+      config = { lib, ... }: with lib; {
+        imports = [
+          ../../hosts/${host}/containers/${container}.nix
+          # ../containers
+          ../global/nix.nix
+          ../global/dnscrypt-proxy.nix
+        ];
+        options = {
+          binds = mkOption { type = types.attrs; default = {}; };
+        };
+      };
+    }) containers_files
+    else {};
+}