From 792426f22c6ad7af6ebd0f31681ff31e9db59315 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Thu, 13 Jan 2022 20:34:01 +0100
Subject: [PATCH] nixos-module/container/yggdrasil: enable NAT66

---
 nix/nixos-module/container/yggdrasil.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/nix/nixos-module/container/yggdrasil.nix b/nix/nixos-module/container/yggdrasil.nix
index 28e1134..3c4f6c7 100644
--- a/nix/nixos-module/container/yggdrasil.nix
+++ b/nix/nixos-module/container/yggdrasil.nix
@@ -10,8 +10,15 @@ lib.mkIf config.site.hosts.${hostName}.services.yggdrasil.enable {
     fi
   '';
 
-  boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
   # Forward traffic under the prefix.
+  boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
+  networking.nat = {
+    enable = true;
+    # Provide NAT66 for everyone with addresses foreign to Yggdrasil
+    extraCommands = ''
+        ip6tables -t nat -A POSTROUTING ! --src 200::/7 -o ygg -j MASQUERADE
+      '';
+  };
 
   services.yggdrasil = {
     enable = true;