flake/modules/nixos/server/containers/default.nix

{ pkgs, lib, config, ... }: {
  options.mods.containers = {
    enable = lib.mkEnableOption {
      default = false;
      description = "enables steam container";
    };
  };

  imports = [
    ./steam.nix
  ];

  config = lib.mkIf config.mods.containers.enable {
    virtualisation.docker.enable = true;
    virtualisation.docker.rootless = {
      enable = true;
      setSocketVariable = true;
    };
    networking.nat = {
      enable = true;
      internalInterfaces = ["ve-+"];
      externalInterface = "enp0s31f6";
    };
    networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];

    # networking.firewall.allowedTCPPorts = [ 4713 6000 ];
    # hardware.pulseaudio = {
    #   enable = true;
    #   systemWide = true;
    #   support32Bit = true;
    #   tcp = { enable = true; anonymousClients = { allowedIpRanges = ["127.0.0.1" "192.168.100.0/24"]; }; };
    # };

    environment.systemPackages = with pkgs; [
      xorg.xhost
    ];
  };
}