{ ... }: {

    flake.nixosModules.default = { config, lib, pkgs, ... }: {

        options.sysconfig.docker = {
            enable = with lib; mkOption {
                type = with types; bool;
                default = false;
            };

            nvidia = with lib; mkOption {
                type = with types; bool;
                default = false;
            };
        };

        config = lib.mkIf config.sysconfig.docker.enable {

            networking.nat.internalInterfaces = [ "docker0" "docker-main" ];

            virtualisation = {
                docker = {
                    enable = true;
                    storageDriver = "btrfs";
                };

                oci-containers = {
                    backend = "docker";
                };
            };

            hardware.nvidia-container-toolkit.enable = config.sysconfig.docker.nvidia;

            systemd.services."docker-network-setup" = {
                path = [ pkgs.docker ];
                serviceConfig = {
                    Type = "oneshot";
                    RemainAfterExit = true;
                    ExecStop = "docker network rm -f docker-main";
                };
                script = ''
                    docker network inspect docker-main ||
                    docker network create -d bridge docker-main \
                    --attachable --subnet 192.168.101.0/24 --ip-range 192.168.101.0/24 \
                    --gateway 192.168.101.1 \
                    -o "com.docker.network.bridge.name"="docker-main" \
                    -o "com.docker.network.bridge.trusted_host_interfaces"="wt0:ve-netbird:ve-traefik"
                    '';
                wantedBy = [ "docker-net.target" ];
            };

            systemd.targets."docker-net" = {
                wantedBy = [ "multi-user.target" ];
            };
        };
    };
}