Add virtualisation lib

lib/default.nix

@@ -7,4 +7,5 @@
   nixos = import ./nixos.nix {inherit inputs pkgs lib;};
   modules = import ./modules.nix {inherit inputs pkgs lib;};
   networking = import ./networking.nix {inherit inputs pkgs lib;};
+  virtualisation = import ./virtualisation.nix {inherit inputs pkgs lib;};
 }

lib/virtualisation.nix

@@ -0,0 +1,52 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  ...
+}: rec {
+  mkOciContainer = {
+    image,
+    autoStart ? false,
+    id-ports ? [],
+    ports ? [],
+    vols ? [],
+    env ? {},
+    opts ? [],
+    netns ? "",
+    netdns ? "",
+  }: let
+    expanded-id-ports = map (port: "${toString port}:${toString port}") id-ports;
+    additional-opts =
+      []
+      ++ (lib.optionals (netns != "") [
+        "--network=ns:/var/run/netns/${netns}"
+      ])
+      ++ (lib.optionals (netdns != "") [
+        "--dns=${netdns}"
+      ]);
+  in {
+    image = image;
+    autoStart = autoStart;
+    ports = ports ++ expanded-id-ports;
+    volumes = vols;
+    environment = lib.mergeAttrs env {
+      PUID = "1000";
+      PGID = "1000";
+      TZ = "Europe/Berlin";
+    };
+    extraOptions = opts ++ additional-opts;
+  };
+
+  # Filter all system service attributes that the user units don't have and add some required attributes
+  # Example: podman-stablediffusion = mkOciUserService config.systemd.services.podman-stablediffusion;
+  # NOTE: This doesn't work, since the cidfile is located in /run, which is not writable for regular users...
+  mkOciUserService = attrs:
+    lib.mergeAttrs (lib.attrsets.filterAttrs (n: v:
+      !((n == "confinement")
+        || (n == "runner")
+        || (n == "environment")))
+    attrs) {
+      startLimitIntervalSec = 1;
+      startLimitBurst = 5;
+    };
+}