{ lib, ... }:
let
    services = {
        jellyfin = {
            hostByte = 2;
        };
        jellyseerr = {
            hostByte = 3;
        };
    };
in {
    config = lib.mkMerge ([{
        # Config always added
        networking = {
            nat = {
                enable = true;
                externalInterface = "wlp2s0";
            };
        };
    }] ++ builtins.map (serviceName: {
        # Config added per-service
        containers.${serviceName} = {
            privateNetwork = true;
            # Give it an address of 172.30.0.X on the host-side and 172.30.1.X inside the container
            # This appears to be necessary as both having addresses the same seems to cause issues
            hostAddress = "172.30.0.${builtins.toString services.${serviceName}.hostByte}";
            localAddress = "172.30.1.${builtins.toString services.${serviceName}.hostByte}";

            bindMounts."/etc/resolv.conf" = {
                hostPath = "/etc/resolv.conf";
                isReadOnly = true;
            };
        };

        networking = {
            firewall.trustedInterfaces = [ "ve-${serviceName}" ];
            nat.internalInterfaces = [ "ve-${serviceName}" ];
            networkmanager.unmanaged = [ "interface-name:ve-${serviceName}" ];
        };
    }) (builtins.attrNames services));
}