nixos-module/container/yggdrasil: enable NAT66

This commit is contained in:
Astro 2022-01-13 20:34:01 +01:00
parent 0e3921d126
commit 792426f22c
1 changed files with 8 additions and 1 deletions

View File

@ -10,8 +10,15 @@ lib.mkIf config.site.hosts.${hostName}.services.yggdrasil.enable {
fi
'';
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
# Forward traffic under the prefix.
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking.nat = {
enable = true;
# Provide NAT66 for everyone with addresses foreign to Yggdrasil
extraCommands = ''
ip6tables -t nat -A POSTROUTING ! --src 200::/7 -o ygg -j MASQUERADE
'';
};
services.yggdrasil = {
enable = true;