nixos-module/container/yggdrasil: enable NAT66
This commit is contained in:
parent
0e3921d126
commit
792426f22c
|
@ -10,8 +10,15 @@ lib.mkIf config.site.hosts.${hostName}.services.yggdrasil.enable {
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
|
||||||
# Forward traffic under the prefix.
|
# Forward traffic under the prefix.
|
||||||
|
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
||||||
|
networking.nat = {
|
||||||
|
enable = true;
|
||||||
|
# Provide NAT66 for everyone with addresses foreign to Yggdrasil
|
||||||
|
extraCommands = ''
|
||||||
|
ip6tables -t nat -A POSTROUTING ! --src 200::/7 -o ygg -j MASQUERADE
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
services.yggdrasil = {
|
services.yggdrasil = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
Loading…
Reference in New Issue