defaults = {
    'apt': {
        'repos': {
            'docker': {
                'items': {
                    'deb https://download.docker.com/linux/debian {os_release} stable',
                },
            },
        },
        'packages': {
            'docker-ce': {},
            'docker-ce-cli': {},
        },
    },
    'nftables': {
        'rules': {
            '00-docker-ce': {
                'inet filter forward ct state { related, established } accept',
                'inet filter forward iifname docker0 accept',
            },
        },
    },
}


@metadata_reactor.provides(
    'nftables/rules/00-docker-ce',
)
def nftables_nat(metadata):
    rules = set()

    for iface in metadata.get('interfaces'):
        rules.add(f'nat postrouting oifname {iface} masquerade')

    return {
        'nftables': {
            'rules': {
                '00-docker-ce': rules,
            },
        },
    }