{
  lib,
  config,
  pkgs,
  ...
}:
let
  cfg = config.my.virtualisation.lxc;
in
{
  options.my.virtualisation.lxc = {
    enable = lib.mkEnableOption "Enable LXC module";
  };

  config = lib.mkIf cfg.enable {
    virtualisation = {
      # Enable LXC containers
      lxd = {
        enable = true;

        # This turns on a few sysctl settings that the LXD documentation recommends
        # for running in production.
        recommendedSysctlSettings = true;
      };

      # This enables lxcfs, which is a FUSE fs that sets up some things so that
      # things like /proc and cgroups work better in lxd containers.
      # See https://linuxcontainers.org/lxcfs/introduction/ for more info.
      #
      # Also note that the lxcfs NixOS option says that in order to make use of
      # lxcfs in the container, you need to include the following NixOS setting
      # in the NixOS container guest configuration:
      #
      # virtualisation.lxc.defaultConfig = "lxc.include = ''${pkgs.lxcfs}/share/lxc/config/common.conf.d/00-lxcfs.conf";
      lxc.lxcfs.enable = true;
    };

    # ip forwarding is needed for NAT'ing to work.
    boot.kernel.sysctl = {
      "net.ipv4.conf.all.forwarding" = true;
      "net.ipv4.conf.default.forwarding" = true;
    };

    # kernel module for forwarding to work
    boot.kernelModules = [ "nf_nat_ftp" ];

    users.users.${config.desktopUser.userName}.extraGroups = [ "lxd" ];

  };

}