diff --git a/nix/lib/config/legacy.nix b/nix/lib/config/legacy.nix index 15e3308..f9dd243 100644 --- a/nix/lib/config/legacy.nix +++ b/nix/lib/config/legacy.nix @@ -102,7 +102,11 @@ in }; forwardedPorts = if ctPillar ? port-forwarding - then ctPillar.port-forwarding + then map ({ proto, port, to }: { + proto = proto; + sourcePort = port; + destination = to; + }) ctPillar.port-forwarding else []; }) pillar.containers) ] ++ diff --git a/nix/lib/config/options.nix b/nix/lib/config/options.nix index a6a655a..3e5beb8 100644 --- a/nix/lib/config/options.nix +++ b/nix/lib/config/options.nix @@ -161,10 +161,10 @@ let proto = mkOption { type = types.enum [ "tcp" "udp" ]; }; - port = mkOption { + sourcePort = mkOption { type = types.int; }; - to = mkOption { + destination = mkOption { type = types.str; }; }; }); diff --git a/nix/nixos-module/container/upstream.nix b/nix/nixos-module/container/upstream.nix new file mode 100644 index 000000000..2e04f00 --- /dev/null +++ b/nix/nixos-module/container/upstream.nix @@ -0,0 +1,24 @@ +{ hostName, config, lib, ... }: + +let + upstreamInterfaces = + lib.filterAttrs (_: { upstream, ... }: upstream != null) + config.site.hosts.${hostName}.interfaces; + firstUpstreamInterface = + if builtins.length (builtins.attrNames upstreamInterfaces) > 0 + then builtins.head ( + builtins.attrNames upstreamInterfaces + ) + else null; +in +{ + systemd.network.networks = builtins.mapAttrs (_: _: { + DHCP = "yes"; + }) upstreamInterfaces; + + networking.nat = lib.optionalAttrs (firstUpstreamInterface != null) { + enable = true; + externalInterface = firstUpstreamInterface; + forwardPorts = config.site.hosts.${hostName}.forwardedPorts; + }; +} diff --git a/nix/nixos-module/default.nix b/nix/nixos-module/default.nix index f8f3a24..2e17dca 100644 --- a/nix/nixos-module/default.nix +++ b/nix/nixos-module/default.nix @@ -24,5 +24,9 @@ in { lib.config.site.hosts.${hostName}.isRouter ) [ ./container/bird.nix + ] ++ optionals ( + builtins.match "upstream.*" hostName != null + ) [ + ./container/upstream.nix ]; }