ixos-module/container/upstream: fix noNat6

2022-09-18 14:40:44 +02:00 · 2022-09-18 14:40:44 +02:00 · bd95d81cba
parent c06d5a797c
commit bd95d81cba
2 changed files with 11 additions and 6 deletions
--- a/nix/nixos-module/container/upstream.nix
+++ b/nix/nixos-module/container/upstream.nix
@ -87,11 +87,13 @@ in
      ''}

      # Do not NAT our public IPv4 addresses
-      ${lib.concatMapStringsSep "\n" (subnet: ''
-        ip6tables -t nat -I nixos-nat-post \
-          -s ${subnet} \
-          -j RETURN
-      '') upstreamInterfaces.${net}.upstream.noNat.subnets4}
+      ${lib.concatMapStringsSep "\n" (net:
+        lib.concatMapStrings (subnet: ''
+          ip6tables -t nat -I nixos-nat-post \
+            -s ${subnet} \
+            -j RETURN
+        '') upstreamInterfaces.${net}.upstream.noNat.subnets4 or []
+      ) (builtins.attrNames hostConf.interfaces)}

      # Provide IPv6 upstream for everyone, using NAT66 when not from
      # our static prefixes
--- a/nix/nixos-module/default.nix
+++ b/nix/nixos-module/default.nix
@ -30,7 +30,10 @@ in {
  optionals lib.config.site.hosts.${hostName}.isRouter [
    ./container/bird.nix
  ] ++
-  optionals (builtins.match "upstream.*" hostName != null) [
+  optionals (
+    builtins.match "upstream.*" hostName != null ||
+    hostName == "flpk-gw"
+  ) [
    ./container/upstream.nix
    ./container/upstream/pppoe.nix
  ] ++