astora: nat configuration for containers

2024-04-26 17:04:04 +05:00 · 2024-04-26 17:04:04 +05:00 · 45bde215f8
commit 45bde215f8
parent 5217f6d222
3 changed files with 16 additions and 2 deletions
--- a/.secrets
+++ b/.secrets
@ -1 +1 @@
-Subproject commit c7dc80d23b6bf67ae8e69545b430bb13f000fa03
+Subproject commit 8ea79f48f6fec12860feee749b62cfe2833a09d8
--- a/nixosConfigurations/astora/default.nix
+++ b/nixosConfigurations/astora/default.nix
@ -141,7 +141,7 @@
        Host catarina
            HostName 192.168.156.102
            Port 22
-            User l.nafaryus
+            User l-nafaryus
    '';

    programs.direnv.enable = true;
--- a/nixosConfigurations/astora/hardware.nix
+++ b/nixosConfigurations/astora/hardware.nix
@ -150,6 +150,7 @@

    networking = {
        networkmanager.enable = true;
+        networkmanager.unmanaged = [ "interface-name:ve-*" ];
        useDHCP = lib.mkDefault true;
        hostName = "astora";
        extraHosts = '''';
@ -157,6 +158,19 @@
        firewall = {
            enable = true;
            allowedTCPPorts = [ 80 443 ];
+            trustedInterfaces = [ "ve-+" ];
+            extraCommands = ''
+                iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
+            '';
+            extraStopCommands = ''
+                iptables -t nat -D POSTROUTING -o wlo1 -j MASQUERADE
+            '';
+        };
+
+        nat = {
+            enable = true;
+            externalInterface = "wlo1";
+            internalInterfaces = [ "ve-+" ];
        };

        interfaces.wlo1.ipv4.addresses = [ {