containers

lib/module/default.nix

@@ -49,31 +49,42 @@ rec {
     {
       name,
       localAddress ? "127.0.0.1",
-      port ? "80",
+      ports ? [ "80" ],
       bindMounts ? { },
       config ? { },
     }:
     { lib, ... }:
     {
       containers.${name} = {
-        inherit localAddress bindMounts config;
+        inherit localAddress bindMounts;
+
+        config = config // {
+          networking = {
+            firewall = {
+              enable = true;
+              allowedTCPPorts = ports;
+            };
+            # Use systemd-resolved inside the container
+            # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
+            useHostResolvConf = lib.mkForce false;
+          };
+
+          services.resolved.enable = true;
+          system.stateVersion = "23.11";
+        };
         autoStart = lib.mkDefault true;
         privateNetwork = lib.mkDefault true;
         hostAddress = lib.mkDefault "10.0.1.3";
       };
 
       networking = {
-        nat = {
-          forwardPorts = [
-            {
-              destination = lib.mkDefault "${localAddress}:${toString port}";
-              sourcePort = lib.mkDefault port;
-            }
-          ];
-        };
+        nat.forwardPorts = map (port: {
+          destination = lib.mkDefault "${localAddress}:${toString port}";
+          sourcePort = lib.mkDefault port;
+        }) ports;
         firewall = {
-          allowedTCPPorts = [ port ];
-          allowedUDPPorts = [ port ];
+          allowedTCPPorts = ports;
+          allowedUDPPorts = ports;
         };
       };
     };