From bdf3c0459591824ce2c8c0bac0979d37e500d5ed Mon Sep 17 00:00:00 2001
From: Jack O'Sullivan <jackos1998@gmail.com>
Date: Sat, 6 Sep 2025 19:35:33 +0100
Subject: [PATCH] nixos/git: Add NAT rules

---
 nixos/boxes/colony/vms/git/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nixos/boxes/colony/vms/git/default.nix b/nixos/boxes/colony/vms/git/default.nix
index 2787638..b97eae4 100644
--- a/nixos/boxes/colony/vms/git/default.nix
+++ b/nixos/boxes/colony/vms/git/default.nix
@@ -4,7 +4,7 @@ let
   inherit (lib) mkMerge mkDefault;
   inherit (lib.my) net;
   inherit (lib.my.c) pubDomain;
-  inherit (lib.my.c.colony) domain prefixes;
+  inherit (lib.my.c.colony) domain prefixes firewallForwards;
   inherit (lib.my.c.nginx) baseHttpConfig proxyHeaders;
 in
 {
@@ -197,6 +197,7 @@ in
 
               firewall = {
                 tcp.allowed = [ 19999 "http" "https" ];
+                nat.forwardPorts."${allAssignments.estuary.internal.ipv4.address}" = firewallForwards allAssignments;
                 extraRules = ''
                   table inet filter {
                     chain forward {