nixos-config/modules/server/containers.nix

{ host, lib, config, ... }: {
  networking.nat = {
    enable = true;
    # Use "ve-*" when using nftables instead of iptables
    internalInterfaces = ["ve-+"];
    externalInterface = "ens18";
    enableIPv6 = false;
  };

  containers =
    if builtins.pathExists ../../hosts/${host}/containers
    then let
      containers_files' = builtins.readDir ../../hosts/${host}/containers;
      containers_files = lib.concatMapAttrs
        (container: _: {
          ${lib.removeSuffix ".nix" container} = {};
        }) containers_files';

    in builtins.mapAttrs (container: _: {
      autoStart = true;
      bindMounts = builtins.mapAttrs (_: value: { hostPath = value; isReadOnly = false; }) config.container.${container}.config.binds;
      tmpfs = [ "/" ];
      config = { lib, ... }: with lib; {
        imports = [
          ../../hosts/${host}/containers/${container}.nix
          # ../containers
          ../global/nix.nix
          ../global/dnscrypt-proxy.nix
        ];
        options = {
          binds = mkOption { type = types.attrs; default = {}; };
        };
      };
    }) containers_files
    else {};
}