From a1c645a1e6b7031b163f03e10e8e885cc52de730 Mon Sep 17 00:00:00 2001
From: Pierre Bourdon <delroth@gmail.com>
Date: Sun, 23 Jun 2024 20:24:46 +0200
Subject: [PATCH] bagel-container: provide IPv4 NAT for outbound access

---
 modules/bagel-container.nix | 7 +++++++
 modules/network.nix         | 4 ++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/modules/bagel-container.nix b/modules/bagel-container.nix
index f7562dd..ad2d637 100644
--- a/modules/bagel-container.nix
+++ b/modules/bagel-container.nix
@@ -14,6 +14,7 @@
 
     networkConfig = {
       Bridge = "wan-br";
+      VirtualEthernetExtra = "vb-bagel-v4:host1";
     };
   };
 
@@ -23,4 +24,10 @@
     after = [ "network.target" ];
     overrideStrategy = "asDropin";
   };
+
+  systemd.network.networks."20-vb-bagel-v4" = {
+    matchConfig.Name = "vb-bagel-v4";
+    networkConfig.Address = [ "172.16.100.1/24" ];
+    networkConfig.IPMasquerade = true;
+  };
 }
diff --git a/modules/network.nix b/modules/network.nix
index e3203e8..0e268b8 100644
--- a/modules/network.nix
+++ b/modules/network.nix
@@ -14,8 +14,8 @@
     '')
     config.networking.newtype.hosts);
 
-  # leave container interfaces alone
-  systemd.network.networks."05-veth".extraConfig = ''
+  # leave container interfaces alone unless otherwise specified
+  systemd.network.networks."95-veth".extraConfig = ''
     [Match]
     Driver = veth