From 432acb31e9a163d1e772821816340cbb0c28727c Mon Sep 17 00:00:00 2001
From: stuebinm <stuebinm@disroot.org>
Date: Sun, 21 Mar 2021 02:45:31 +0100
Subject: [PATCH] wink: add nat and coredns to container

This should let it talk to the outside network (i.e. the internet), and
thereby enable the oauth2-proxy to redeem codes to authenticate clients.
---
 hosts/hainich/services/wink.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/hosts/hainich/services/wink.nix b/hosts/hainich/services/wink.nix
index 689be72..b211f3e 100644
--- a/hosts/hainich/services/wink.nix
+++ b/hosts/hainich/services/wink.nix
@@ -64,7 +64,14 @@
           };
         };
 
-
+      services.coredns = {
+        enable = true;
+        config = ''
+          .:53 {
+          forward . 1.1.1.1
+          }
+        '';
+      };
     };
   };
 
@@ -75,6 +82,9 @@
     enableACME = true;
   };
 
+  networking.nat.enable = true;
+  networking.nat.internalInterfaces = ["ve-wink"];
+  networking.nat.externalInterface = "enp6s0";
 
 
 }