nixos/colony: Replicate port forwards for internal routing

2023-12-11 15:05:42 +00:00
parent d9d7a714cd
commit 20a3873d25
5 changed files with 59 additions and 39 deletions
--- a/nixos/boxes/colony/default.nix
+++ b/nixos/boxes/colony/default.nix
@@ -1,7 +1,7 @@
 { lib, ... }:
 let
  inherit (lib.my) net;
-  inherit (lib.my.c.colony) domain prefixes;
+  inherit (lib.my.c.colony) domain prefixes firewallForwards;
 in
 {
  imports = [ ./vms ];
@@ -351,6 +351,7 @@ in

          firewall = {
            trustedInterfaces = [ "vms" ];
+            nat.forwardPorts."${allAssignments.estuary.internal.ipv4.address}" = firewallForwards allAssignments;
            extraRules = ''
              define cust = { vm-mail, vm-darts }
              table inet filter {