35 lines
1.1 KiB
Nix
35 lines
1.1 KiB
Nix
|
{ lib, ... }:
|
||
|
|
let
|
||
|
|
services = {
|
||
|
|
jellyfin = {
|
||
|
|
hostByte = 2;
|
||
|
|
ports = [];
|
||
|
|
};
|
||
|
|
};
|
||
|
|
in {
|
||
|
|
config = lib.mkMerge ([{
|
||
|
|
# Config always added
|
||
|
|
networking = {
|
||
|
|
nat = {
|
||
|
|
enable = true;
|
||
|
|
externalInterface = "wlp2s0";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
}] ++ builtins.map (serviceName: {
|
||
|
|
# Config added per-service
|
||
|
|
containers.${serviceName} = {
|
||
|
|
privateNetwork = true;
|
||
|
|
# Give it an address of 172.30.0.X on the host-side and 172.30.1.X inside the container
|
||
|
|
# This appears to be necessary as both having addresses the same seems to cause issues
|
||
|
|
hostAddress = "172.30.0.${builtins.toString services.${serviceName}.hostByte}";
|
||
|
|
localAddress = "172.30.1.${builtins.toString services.${serviceName}.hostByte}";
|
||
|
|
};
|
||
|
|
|
||
|
|
networking = {
|
||
|
|
firewall.trustedInterfaces = [ "ve-${serviceName}" ];
|
||
|
|
nat.internalInterfaces = [ "ve-${serviceName}" ];
|
||
|
|
networkmanager.unmanaged = [ "interface-name:ve-${serviceName}" ];
|
||
|
|
};
|
||
|
|
}) (builtins.attrNames services));
|
||
|
|
}
|