From 7a9401cd6c798eb3193a431ea92bfdc101078de2 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sun, 15 Oct 2023 16:09:15 +0200
Subject: [PATCH] kunsi-p14s: always have voc ip set up, enable forwarding and
 nat through wireless interface

---
 nodes/kunsi-p14s.py | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/nodes/kunsi-p14s.py b/nodes/kunsi-p14s.py
index 6c08895..311bf65 100644
--- a/nodes/kunsi-p14s.py
+++ b/nodes/kunsi-p14s.py
@@ -39,8 +39,8 @@ nodes['kunsi-p14s'] = {
         },
         'interfaces': {
             'br0': {
-                #'ips': {'10.73.100.103/16'},
-                #'gateway4': '10.73.0.254',
+                'ips': {'10.73.100.103/16'},
+                'gateway4': '10.73.0.254',
                 'dhcp': True,
             },
             # there is also wlp3s0, but that's managed by netctl
@@ -65,6 +65,19 @@ nodes['kunsi-p14s'] = {
                 },
             },
         },
+        'nftables': {
+            'forward': {
+                '50-routing': {
+                    'ct state { related, established } accept',
+                    'oifname wlp2s0 accept',
+                },
+            },
+            'postrouting': {
+                '50-routing': {
+                    'oifname wlp2s0 masquerade',
+                },
+            },
+        },
         'openssh': {
             'restrict-to': {
                 'rfc1918',
@@ -139,6 +152,12 @@ nodes['kunsi-p14s'] = {
                 },
             },
         },
+        'sysctl': {
+            'options': {
+                'net.ipv4.ip_forward': '1',
+                'net.ipv6.conf.all.forwarding': '1',
+            },
+        },
         'systemd-networkd': {
             'bridges': {
                 'br0': {