{ lib, config, ... }:
with lib;
let
  cfg = config.container;
in
{
  options = {
    container = {
      enable = mkEnableOption "Containers!!";

      autoStart = mkOption {
        default = false;
        type = types.bool;
      };

      host = mkOption {
        default = "0.0.0.0";
        type = types.str;
      };

      localAccess = mkOption {
        default = "0.0.0.0";
        type = types.str;
      };

      storage = mkOption {
        default = "/tmp/container";
        type = types.str;
      };

      domain = mkOption {
        default = "local";
        type = types.str;
      };

      interface = mkOption {
        default = "lo";
        type = types.str;
      };

      media = mkOption {
        default = { };
        type = types.attrs;
      };
    };
  };

  config = mkIf cfg.enable {
    # This is the network for all the containers.
    # They are not available to the external interface by default,
    # instead they all expose specific ports in their configuration.
    networking = {
      nat = {
        enable = true;
        internalInterfaces = [ "ve-+" ];
        externalInterface = config.container.interface;
      };
      networkmanager.unmanaged = [ "interface-name:ve-*" ];
    };
  };
}