nixos-module/container/upstream.nix: init dhcp, forwardedPorts

nix/lib/config/legacy.nix

@@ -102,7 +102,11 @@ in
             };
           forwardedPorts =
             if ctPillar ? port-forwarding
-            then ctPillar.port-forwarding
+            then map ({ proto, port, to }: {
+              proto = proto;
+              sourcePort = port;
+              destination = to;
+            }) ctPillar.port-forwarding
             else [];
         }) pillar.containers)
     ] ++

nix/lib/config/options.nix

@@ -161,10 +161,10 @@ let
           proto = mkOption {
             type = types.enum [ "tcp" "udp" ];
           };
-          port = mkOption {
+          sourcePort = mkOption {
             type = types.int;
           };
-          to = mkOption {
+          destination = mkOption {
             type = types.str;
           };
         }; });

nix/nixos-module/container/upstream.nix

@@ -0,0 +1,24 @@
+{ hostName, config, lib, ... }:
+
+let
+  upstreamInterfaces =
+    lib.filterAttrs (_: { upstream, ... }: upstream != null)
+      config.site.hosts.${hostName}.interfaces;
+  firstUpstreamInterface =
+    if builtins.length (builtins.attrNames upstreamInterfaces) > 0
+    then builtins.head (
+      builtins.attrNames upstreamInterfaces
+    )
+    else null;
+in
+{
+  systemd.network.networks = builtins.mapAttrs (_: _: {
+    DHCP = "yes";
+  }) upstreamInterfaces;
+
+  networking.nat = lib.optionalAttrs (firstUpstreamInterface != null) {
+    enable = true;
+    externalInterface = firstUpstreamInterface;
+    forwardPorts = config.site.hosts.${hostName}.forwardedPorts;
+  };
+}

nix/nixos-module/default.nix

@@ -24,5 +24,9 @@ in {
     lib.config.site.hosts.${hostName}.isRouter
   ) [
     ./container/bird.nix
+  ] ++ optionals (
+    builtins.match "upstream.*" hostName != null
+  ) [
+    ./container/upstream.nix
   ];
 }