change to server bridge

hosts/fw.cloonar.com/modules/gitea.nix

@@ -4,6 +4,7 @@ let
   ip = "10.42.97.3";
 in
 {
+
   users.users.gitea = {
     isSystemUser = true;
     uid = 990;
@@ -98,7 +99,9 @@ in
 
   containers.gitea = {
     autoStart = true;
-    macvlans = [ "lan" ];
+    privateNetwork = true;
+    hostBridge = "brserver";
+    localAddress = "10.42.97.2/24";
     bindMounts = {
       "/var/lib/gitea" = {
         hostPath = "/var/lib/gitea/";
@@ -156,7 +159,7 @@ in
           allowedTCPPorts = [ 22 80 443 ];
         };
         # Use systemd-resolved inside the container
-        useHostResolvConf = lib.mkForce false;
+        useHostResolvConf = false;
       };
       
       services.resolved.enable = true;

hosts/fw.cloonar.com/modules/networking.nix

@@ -30,6 +30,10 @@
          id = 101;
          interface = "enp5s0";
       };
+      server = {
+         id = 97;
+         interface = "enp5s0";
+      };
       multimedia = {
          id = 99;
          interface = "enp5s0";
@@ -44,6 +48,12 @@
       };
     };
 
+    nat = { 
+      enable = true;
+      internalInterfaces = [ "server" ];
+      externalInterface = "brserver";
+    };
+
     interfaces = {
       # Don't request DHCP on the physical interfaces
       lan.useDHCP = false;
@@ -58,12 +68,12 @@
           prefixLength = 24;
         }];
       };
-      # server = {
-      #   ipv4.addresses = [{
-      #     address = "10.42.97.1";
-      #     prefixLength = 24;
-      #   }];
-      # };
+      server = {
+        ipv4.addresses = [{
+          address = "10.42.97.1";
+          prefixLength = 24;
+        }];
+      };
       infrastructure = {
         ipv4.addresses = [{
           address = "10.42.101.1";