From 37a18c0347a9637fb06f67619a4570d1dd675eae Mon Sep 17 00:00:00 2001
From: catvayor <catvayor@katvayor.net>
Date: Sun, 26 May 2024 20:49:02 +0200
Subject: [PATCH] feat(nat): Enable nat (with ip_forward)

---
 machines/vault01/networking.nix | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/machines/vault01/networking.nix b/machines/vault01/networking.nix
index 54c7de9..71fe3da 100644
--- a/machines/vault01/networking.nix
+++ b/machines/vault01/networking.nix
@@ -190,5 +190,21 @@ in
     };
   };
 
-  networking.firewall.allowedUDPPorts = [ 67 ];
+  networking = {
+    nftables = {
+      enable = true;
+      tables.nat = {
+        family = "ip";
+        content = ''
+          chain postrouting {
+            type nat hook postrouting priority 100;
+            snat ip to 129.199.195.130-129.199.195.158
+          }
+        '';
+      };
+    };
+    firewall.allowedUDPPorts = [ 67 ];
+  };
+
+  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
 }