From b2a085f84c50d7d1be38df64b11aa1aab3136084 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sat, 13 Mar 2021 16:41:05 +0000 Subject: [PATCH] ops/nixos/blade: enable NAT on routers --- ops/nixos/lib/blade.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ops/nixos/lib/blade.nix b/ops/nixos/lib/blade.nix index b3d3e6a19c..a1d71fb0d1 100644 --- a/ops/nixos/lib/blade.nix +++ b/ops/nixos/lib/blade.nix @@ -80,6 +80,12 @@ in { firewall.allowedTCPPorts = lib.mkIf config.services.ceph.enable [ 6789 3300 ]; firewall.allowedTCPPortRanges = lib.mkIf config.services.ceph.enable [{ from = 6800; to = 7300; }]; + + nat = lib.optionalAttrs (config.my.blade.macAddress.internet != null) { + enable = true; + internalInterfaces = [ "br-mgmt" ]; + externalInterface = "en-internet"; + }; }; services.udev.extraRules = '' ATTR{address}=="${config.my.blade.macAddress.internal}", NAME="en-int"