diff --git a/nix/nixos-module/container/upstream.nix b/nix/nixos-module/container/upstream.nix
index 941f73e..178549d 100644
--- a/nix/nixos-module/container/upstream.nix
+++ b/nix/nixos-module/container/upstream.nix
@@ -4,12 +4,15 @@ let
   upstreamInterfaces =
     lib.filterAttrs (_: { upstream, ... }: upstream != null)
       config.site.hosts.${hostName}.interfaces;
+
   firstUpstreamInterface =
     if builtins.length (builtins.attrNames upstreamInterfaces) > 0
     then builtins.head (
       builtins.attrNames upstreamInterfaces
     )
     else null;
+
+  enabled = (firstUpstreamInterface != null);
 in
 {
   systemd.network.networks = {
@@ -32,6 +35,7 @@ in
     networkConfig.IPv6AcceptRA = true;
     dhcpV6Config.PrefixDelegationHint = "::/56";
 
+    # Traffic Shaping
     extraConfig = ''
       [CAKE]
       Parent = root
@@ -41,7 +45,7 @@ in
     '';
   }) upstreamInterfaces;
 
-  networking.nat = lib.optionalAttrs (firstUpstreamInterface != null) {
+  networking.nat = lib.optionalAttrs enabled {
     enable = true;
     internalInterfaces = [ "core" ];
     externalInterface = firstUpstreamInterface;