{ lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }:
let 
  libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
in {

  containers = {
    rdesktop = libx.mkContainer { hostname = "rdesktop"; ip = "2"; desktop = "plasma6"; unfree = true; theme = "gruvbox"; };
  };

  # Networking config
  networking.bridges.nix-br0.interfaces = [];

  # Add an IP address to the bridge interface.
  networking.localCommands = ''ip address add 192.168.2.1/24 dev nix-br0'';

  # Firewall commands allowing traffic to go in and out of the bridge interface
  # (and to the guest LXD instance).  Also sets up the actual NAT masquerade rule.
  networking.firewall.extraCommands = ''
    iptables -A INPUT -i nix-br0  -j ACCEPT

    # These three technically aren't needed, since by default the FORWARD and
    # OUTPUT firewalls accept everything everything, but lets keep them in just
    # in case.
    iptables -A FORWARD -o nix-br0  -j ACCEPT
    iptables -A FORWARD -i nix-br0  -j ACCEPT
    iptables -A OUTPUT  -o nix-br0  -j ACCEPT

    iptables -t nat -A POSTROUTING -s 192.168.2.0/24 ! -d 192.168.2.0/24 -j MASQUERADE
  '';
}