{ pkgs, lib, configVars, ... }: let containerName = "jellyfin"; containerIp = "10.0.10.44"; #configVars.networking.addresses.jellyfin.ip; gatewayIp = configVars.networking.addresses.gateway.ip; homeshareDataLocation = configVars.locations.homeshareDataLocation; jellyfinContainerData = configVars.locations.jellyfinContainerData; pubKeys = lib.filesystem.listFilesRecursive ../../users/keys; in { networking.nat.enable = true; networking.nat.internalInterfaces = ["ve-+"]; networking.nat.externalInterface = "br0"; environment.persistence."/persist" = { hideMounts = true; directories = [ "/var/lib/nixos-containers/${containerName}" ]; }; containers."${containerName}" = { autoStart = true; privateNetwork = true; hostBridge = "br0"; nixpkgs = pkgs.path; allowedDevices = [ { node = "/dev/nvidia0"; modifier = "rwm"; } { node = "/dev/nvidiactl"; modifier = "rwm"; } { node = "/dev/dri/card1"; modifier = "rwm"; } { node = "/dev/dri/renderD128"; modifier = "rwm"; } ]; bindMounts = { "/media/media" = { hostPath = "${homeshareDataLocation}/media"; isReadOnly = true; }; "/var/lib/jellyfin" = { hostPath = "${jellyfinContainerData}"; isReadOnly = false; }; }; config = { pkgs, lib, ... }: { networking = { defaultGateway = "${gatewayIp}"; interfaces.eth0.ipv4.addresses = [ { "address" = "${containerIp}"; "prefixLength" = 24; } ]; firewall = { enable = true; allowedTCPPorts = [ ]; }; useHostResolvConf = lib.mkForce false; }; services.resolved.enable = true; imports = [ ]; environment.systemPackages = [ pkgs.vim pkgs.git ]; services.jellyfin = { enable = true; openFirewall = true; user = "jellyfin"; }; services.openssh = { enable = true; settings.PasswordAuthentication = false; }; users.users = { root = { openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); }; }; system.stateVersion = "24.05"; }; }; }