From 70fd15c5dd8507631c7c0b4b2f1e2365de48877c Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Sun, 3 Dec 2023 22:34:58 +0100
Subject: [PATCH] add nat

---
 hosts/fw.cloonar.com/modules/firewall.nix | 2 +-
 hosts/fw.cloonar.com/modules/gitea.nix    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index 6c46516..0c06e9a 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -137,7 +137,7 @@
           # Setup NAT masquerading on external interfaces
           chain postrouting {
             type nat hook postrouting priority filter; policy accept;
-            oifname { "wan", "wrwks", "wg_epicenter", "wg_ghetto_at" } masquerade
+            oifname { "wan", "server", "wrwks", "wg_epicenter", "wg_ghetto_at" } masquerade
           }
         }
       '';
diff --git a/hosts/fw.cloonar.com/modules/gitea.nix b/hosts/fw.cloonar.com/modules/gitea.nix
index 5f05ddf..9845276 100644
--- a/hosts/fw.cloonar.com/modules/gitea.nix
+++ b/hosts/fw.cloonar.com/modules/gitea.nix
@@ -111,8 +111,8 @@ in
       };
     };
     bindMounts = {
-      "${security.acme.certs.${domain}.directory}" = {
-        hostPath = "/var/lib/acme/gitea/";
+      "/var/lib/acme/gitea/" = {
+        hostPath = "${security.acme.certs.${domain}.directory}";
         isReadOnly = true;
       };
     };