From 2fd6d96a00ef69a2afe72a2fe9d18d759c1cc8f3 Mon Sep 17 00:00:00 2001
From: Katherina Walshe-Grey <git@qenya.tel>
Date: Tue, 6 Aug 2024 20:05:37 +0100
Subject: [PATCH] just enable IP forwarding on router  instead of full NAT
 module

---
 peering.nix | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/peering.nix b/peering.nix
index bc5ed97..170a986 100644
--- a/peering.nix
+++ b/peering.nix
@@ -61,13 +61,12 @@ in
       }
     ];
 
-    networking = {
-      nat = mkIf host.isRouter {
-        enable = true;
-        enableIPv6 = true;
-        internalInterfaces = [ "birdsong" ];
-      };
+    boot.kernel.sysctl = mkIf host.isRouter {
+      "net.ipv4.conf.${cfg.interface}.forwarding" = true;
+      "net.ipv6.conf.${cfg.interface}.forwarding" = true;
+    };
 
+    networking = {
       firewall.allowedUDPPorts = mkIf cfg.openPorts [ host.port ];
 
       wireguard.interfaces.${cfg.interface} = {