{
  config,
  lib,
  ...
}: let
  inherit (lib) mkIf mkEnableOption mkOption types;
  cfg = config.horseman.containers;
in {
  imports = [
    ./nginx.nix
    ./forgejo.nix
    ./vaultwarden.nix
  ];

  options = {
    horseman.containers = {
      enable = mkEnableOption "Containers";
      interface = mkOption {
        type = types.str;
      };
      backupDir = mkOption {
        type = types.str;
      };
    };
  };

  config = mkIf cfg.enable {
    networking.nat = {
      enable = true;
      # Use "ve-*" when using nftables instead of iptables
      internalInterfaces = ["ve-+"];
      externalInterface = cfg.interface;
      # Lazy IPv6 connectivity for the container
      enableIPv6 = true;
    };
  };
}