From ee71250f17a7338d9ca53e35ffe8bea5115c3897 Mon Sep 17 00:00:00 2001
From: Mathieu Strypsteen <mathieu@strypsteen.me>
Date: Thu, 8 Aug 2024 11:34:34 +0200
Subject: [PATCH] Add nftables config to home-gw ignition

---
 ignition/home-gw.bu | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/ignition/home-gw.bu b/ignition/home-gw.bu
index 5f31110..87d15bf 100644
--- a/ignition/home-gw.bu
+++ b/ignition/home-gw.bu
@@ -7,6 +7,26 @@ storage:
         inline: |
           net.ipv4.ip_forward = 1
           net.ipv6.conf.all.forwarding = 1
+    - path: /etc/sysconfig/nftables.conf
+      overwrite: true
+      contents:
+        inline: |
+          flush ruleset
+          table inet nat {
+            chain prerouting {
+              type nat hook prerouting priority 0
+              tcp dport 80 dnat ip to 10.0.0.2
+              tcp dport 80 dnat ip6 to [fd00::2]
+              tcp dport 443 dnat ip to 10.0.0.2
+              tcp dport 443 dnat ip6 to [fd00::2]
+              tcp dport 18089 dnat ip to 10.0.0.2
+              tcp dport 18089 dnat ip6 to [fd00::2]
+            }
+            chain postrouting {
+              type nat hook postrouting priority 0
+              oifname gateway masquerade
+            }
+          }
 passwd:
   users:
     - name: root