ops/nixos/blade: enable NAT on routers

This commit is contained in:
Luke Granger-Brown 2021-03-13 16:41:05 +00:00
parent 07b8fe0546
commit b2a085f84c

View file

@ -80,6 +80,12 @@ in {
firewall.allowedTCPPorts = lib.mkIf config.services.ceph.enable [ 6789 3300 ]; firewall.allowedTCPPorts = lib.mkIf config.services.ceph.enable [ 6789 3300 ];
firewall.allowedTCPPortRanges = lib.mkIf config.services.ceph.enable [{ from = 6800; to = 7300; }]; firewall.allowedTCPPortRanges = lib.mkIf config.services.ceph.enable [{ from = 6800; to = 7300; }];
nat = lib.optionalAttrs (config.my.blade.macAddress.internet != null) {
enable = true;
internalInterfaces = [ "br-mgmt" ];
externalInterface = "en-internet";
};
}; };
services.udev.extraRules = '' services.udev.extraRules = ''
ATTR{address}=="${config.my.blade.macAddress.internal}", NAME="en-int" ATTR{address}=="${config.my.blade.macAddress.internal}", NAME="en-int"