From 501f96a225738572d13154e25d7ef3d1a38cabc5 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Mon, 6 Sep 2021 23:17:46 +0200
Subject: [PATCH] nixos-module/container/upstream: specify externalIP to use
 SNAT instead of MASQUERADE

---
 nix/nixos-module/container/upstream.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nix/nixos-module/container/upstream.nix b/nix/nixos-module/container/upstream.nix
index 679f3da..504eb2f 100644
--- a/nix/nixos-module/container/upstream.nix
+++ b/nix/nixos-module/container/upstream.nix
@@ -56,6 +56,7 @@ in
     enable = true;
     internalInterfaces = [ "core" ];
     externalInterface = firstUpstreamInterface;
+    externalIP = upstreamInterfaces.${firstUpstreamInterface}.upstream.staticIpv4Address;
     extraCommands =
       # Provide IPv6 upstream for everyone, using NAT66 when not from
       # our static prefixes