41 lines
1.3 KiB
Nix
41 lines
1.3 KiB
Nix
{ lib, ... }:
|
|
let
|
|
services = {
|
|
jellyfin = {
|
|
hostByte = 2;
|
|
};
|
|
jellyseerr = {
|
|
hostByte = 3;
|
|
};
|
|
};
|
|
in {
|
|
config = lib.mkMerge ([{
|
|
# Config always added
|
|
networking = {
|
|
nat = {
|
|
enable = true;
|
|
externalInterface = "wlp2s0";
|
|
};
|
|
};
|
|
}] ++ builtins.map (serviceName: {
|
|
# Config added per-service
|
|
containers.${serviceName} = {
|
|
privateNetwork = true;
|
|
# Give it an address of 172.30.0.X on the host-side and 172.30.1.X inside the container
|
|
# This appears to be necessary as both having addresses the same seems to cause issues
|
|
hostAddress = "172.30.0.${builtins.toString services.${serviceName}.hostByte}";
|
|
localAddress = "172.30.1.${builtins.toString services.${serviceName}.hostByte}";
|
|
|
|
bindMounts."/etc/resolv.conf" = {
|
|
hostPath = "/etc/resolv.conf";
|
|
isReadOnly = true;
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
firewall.trustedInterfaces = [ "ve-${serviceName}" ];
|
|
nat.internalInterfaces = [ "ve-${serviceName}" ];
|
|
networkmanager.unmanaged = [ "interface-name:ve-${serviceName}" ];
|
|
};
|
|
}) (builtins.attrNames services));
|
|
}
|