{ lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }: let libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; }; in { containers = { rdesktop = libx.mkContainer { hostname = "rdesktop"; ip = "2"; unfree = true; desktop = "gnome"; }; }; # Networking config networking.bridges.nix-br0.interfaces = []; # Add an IP address to the bridge interface. networking.localCommands = ''ip address add 192.168.2.1/24 dev nix-br0''; # Firewall commands allowing traffic to go in and out of the bridge interface # (and to the guest LXD instance). Also sets up the actual NAT masquerade rule. networking.firewall.extraCommands = '' iptables -A INPUT -i nix-br0 -j ACCEPT # These three technically aren't needed, since by default the FORWARD and # OUTPUT firewalls accept everything everything, but lets keep them in just # in case. iptables -A FORWARD -o nix-br0 -j ACCEPT iptables -A FORWARD -i nix-br0 -j ACCEPT iptables -A OUTPUT -o nix-br0 -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.2.0/24 ! -d 192.168.2.0/24 -j MASQUERADE ''; }