From 25758bae08db512f7e318ae97229b81849d4de76 Mon Sep 17 00:00:00 2001
From: Jack O'Sullivan <jackos1998@gmail.com>
Date: Wed, 1 Oct 2025 11:10:41 +0100
Subject: [PATCH] nixos/middleman: SNAT IPv6 to assigned address

---
 .../colony/vms/shill/containers/middleman/default.nix      | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/default.nix b/nixos/boxes/colony/vms/shill/containers/middleman/default.nix
index 9ca1f23..db6b722 100644
--- a/nixos/boxes/colony/vms/shill/containers/middleman/default.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/default.nix
@@ -72,6 +72,13 @@ in
 
             firewall = {
               tcp.allowed = [ "http" "https" 8448 ];
+              extraRules = ''
+                table inet nat {
+                  chain postrouting {
+                    oifname host0 snat ip6 to ${assignments.internal.ipv6.address}
+                  }
+                }
+              '';
             };
 
             nginx-sso = {