{ config, lib, self, ... }: { options.sysconfig.containers.sandbox.enable = lib.mkOption { type = lib.types.bool; default = false; }; config = lib.mkIf config.sysconfig.containers.sandbox.enable { networking = { nat.internalInterfaces = [ "ve-sandbox" ]; }; containers.sandbox = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.32"; ephemeral = true; timeoutStartSec = "3min"; flake = "${self}"; /*bindMounts = { "/dev/nvidia0" = { hostPath = "/dev/nvidia0"; isReadOnly = false; }; "/dev/nvidiactl" = { hostPath = "/dev/nvidiactl"; isReadOnly = false; }; "/dev/nvidia-uvm" = { hostPath = "/dev/nvidia-uvm"; isReadOnly = false; }; "/dev/nvidia-modeset" = { hostPath = "/dev/nvidia-modeset"; isReadOnly = false; }; "/dev/nvidia-uvm-tools" = { hostPath = "/dev/nvidia-uvm-tools"; isReadOnly = false; }; }; allowedDevices = [ { node = "/dev/nvidia0"; modifier = "rw"; } { node = "/dev/nvidiactl"; modifier = "rw"; } { node = "/dev/nvidia-uvm"; modifier = "rw"; } { node = "/dev/nvidia-modeset"; modifier = "rw"; } { node = "/dev/nvidia-uvm-tools"; modifier = "rw"; } ];*/ config = { }; }; }; }