{ config, lib, inputs, ... }: { options.sysconfig.opts.virtualization.sandbox.enable = lib.mkOption { type = lib.types.bool; default = false; }; disabledModules = [ "virtualisation/nixos-containers.nix" ]; imports = [ (import "${inputs.nixpkgs-us}/nixos/modules/virtualisation/nixos-containers.nix" { inherit config lib; pkgs = (import inputs.nixpkgs-us { system = "x86_64-linux"; }); }) ]; config = lib.mkIf config.sysconfig.opts.virtualization.sandbox.enable { containers.sandbox = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.31"; timeoutStartSec = "3min"; flake = "${inputs.self}"; bindMounts = { "/dev/nvidia0" = { hostPath = "/dev/nvidia0"; isReadOnly = false; }; "/dev/nvidiactl" = { hostPath = "/dev/nvidiactl"; isReadOnly = false; }; "/dev/nvidia-uvm" = { hostPath = "/dev/nvidia-uvm"; isReadOnly = false; }; "/dev/nvidia-modeset" = { hostPath = "/dev/nvidia-modeset"; isReadOnly = false; }; "/dev/nvidia-uvm-tools" = { hostPath = "/dev/nvidia-uvm-tools"; isReadOnly = false; }; }; allowedDevices = [ { node = "/dev/nvidia0"; modifier = "rw"; } { node = "/dev/nvidiactl"; modifier = "rw"; } { node = "/dev/nvidia-uvm"; modifier = "rw"; } { node = "/dev/nvidia-modeset"; modifier = "rw"; } { node = "/dev/nvidia-uvm-tools"; modifier = "rw"; } ]; }; }; }