nixconfig/modules/server/containers/default.nix

{ config, pkgs, lib, ... }:
let
  serverCfg = config.syscfg.server;
  builder = import ./builder.nix { inherit config lib serverCfg; };
  enabledConfigs = lib.filterAttrs (name: c: c.enable) serverCfg.containers;
  containerSetsList = lib.mapAttrsToList (name: containerCfg:
  let defs = import (./defs + "/${name}.nix") {inherit config pkgs lib containerCfg builder name;};
  in{
    containers = lib.mapAttrs' (cName: cValue: 
      lib.nameValuePair "${name}-${cName}" cValue
    ) defs.containers;
    paths = defs.paths or [];
  }
) enabledConfigs;
  mergedContainers = lib.attrsets.mergeAttrsList  (lib.map(e: e.containers) containerSetsList);
  allPathConfigs = lib.flatten (lib.map (e: e.paths) containerSetsList);
  allScriptConfigs = lib.flatten (lib.map (e: e.init or "") containerSetsList);
in
{
  config = lib.mkIf ( enabledConfigs != {} ) {

    virtualisation.oci-containers = {
      backend = "podman";
      containers = mergedContainers;
    };

    systemd.services.podman-gc = {
      description = "Podman garbage collection";
      serviceConfig.Type = "oneshot";
      script = ''
        ${pkgs.podman}/bin/podman container prune -f
        ${pkgs.podman}/bin/podman image prune -f
      '';
      startAt = "weekly";
    };
    
    system.activationScripts.container-setup-dirs = {
      deps = [ "users" "groups" ];
      text = lib.concatStringsSep "\n" (map (cfg: ''
        ${pkgs.coreutils}/bin/mkdir -p "${cfg.path}"
        ${pkgs.coreutils}/bin/chown ${cfg.owner} "${cfg.path}"
        ${pkgs.coreutils}/bin/chmod ${cfg.mode} "${cfg.path}"
      '') allPathConfigs);
    };
  };
}