nixos/colony: Replicate port forwards for internal routing

2023-12-11 15:05:42 +00:00
parent d9d7a714cd
commit 20a3873d25
5 changed files with 59 additions and 39 deletions
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,6 +1,6 @@
 { lib }:
 let
-  inherit (builtins) length match elemAt filter;
+  inherit (builtins) length match elemAt filter replaceStrings;
  inherit (lib)
    genAttrs mapAttrsToList filterAttrsRecursive nameValuePair types
    mkOption mkOverride mkForce mkIf mergeEqualOption optional
@@ -123,6 +123,12 @@ rec {
    home-manager = mkOpt' (enum [ "unstable" "stable" "mine" "mine-stable" ]) "unstable" "Branch of home-manager to use.";
  };

+  nft = rec {
+    ipEscape = replaceStrings ["." ":"] ["-" "-"];
+    natFilterChain = ip: "filter-fwd-${ipEscape ip}";
+    dnatChain = ip: "fwd-${ipEscape ip}";
+  };
+
  mkVLAN = name: vid: {
    "25-${name}" = {
      netdevConfig = {