nixconfig/modules/server/containers/default.nix

{ config, pkgs, lib, ... }:
let
  cfg = config.syscfg.server.containers;
  enabledConfigs = lib.filterAttrs (name: c: c.enable) cfg;
  containerSetsList = lib.mapAttrsToList (name: containerCfg:
    import (./defs + "/${name}.nix") {
      inherit config pkgs lib  containerCfg;
    }
  ) enabledConfigs;
  mergedContainers = lib.attrsets.mergeAttrsList  (lib.map(e: e.containers) containerSetsList);
in
{
  config = lib.mkIf ( enabledConfigs != {} ) {
    virtualisation.oci-containers = {
      backend = "podman";
      containers = mergedContainers;
    };

    systemd.services.init-podman-network = {
      description = "Create Podman network with subnet";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig.Type = "oneshot";
      script = ''
        ${pkgs.podman}/bin/podman network inspect podnet || \
        ${pkgs.podman}/bin/podman network create --subnet=10.88.0.0/16 podnet
      '';
    };
  };
}