From 5120fea4d73c339b2619f27a24ba96653d50b977 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= <nikodem@rabulinski.com>
Date: Tue, 4 Mar 2025 13:47:56 +0100
Subject: [PATCH 1/2] modules/system/containers: enable nat for container
 interfaces

---
 modules/system/containers.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/modules/system/containers.nix b/modules/system/containers.nix
index a0942f9..24cb0e3 100644
--- a/modules/system/containers.nix
+++ b/modules/system/containers.nix
@@ -85,6 +85,11 @@ let
 
           services.openssh.hostKeys = [ ];
           system.stateVersion = lib.mkDefault config.system.stateVersion;
+
+          networking.nameservers = lib.mkDefault [
+            "1.1.1.1"
+            "1.0.0.1"
+          ];
         };
 
         bindMounts = {
@@ -95,6 +100,11 @@ let
         privateNetwork = lib.mkForce true;
       }
     ) config.settei.containers;
+
+    networking.nat = lib.mkIf (config.settei.containers != { }) {
+      enable = true;
+      internalInterfaces = [ "ve-+" ];
+    };
   };
 
   darwinConfig = lib.optionalAttrs (!isLinux) {

From 713235a92dc742a2631eb47b676be31707feea33 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= <nikodem@rabulinski.com>
Date: Tue, 4 Mar 2025 13:47:56 +0100
Subject: [PATCH 2/2] modules/system/containers: enable nat for container
 interfaces

---
 modules/system/containers.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/modules/system/containers.nix b/modules/system/containers.nix
index a0942f9..ad5acdb 100644
--- a/modules/system/containers.nix
+++ b/modules/system/containers.nix
@@ -85,6 +85,14 @@ let
 
           services.openssh.hostKeys = [ ];
           system.stateVersion = lib.mkDefault config.system.stateVersion;
+
+          networking = lib.mkDefault {
+            useHostResolvConf = false;
+            nameservers = [
+              "1.1.1.1"
+              "1.0.0.1"
+            ];
+          };
         };
 
         bindMounts = {
@@ -95,6 +103,11 @@ let
         privateNetwork = lib.mkForce true;
       }
     ) config.settei.containers;
+
+    networking.nat = lib.mkIf (config.settei.containers != { }) {
+      enable = true;
+      internalInterfaces = [ "ve-+" ];
+    };
   };
 
   darwinConfig = lib.optionalAttrs (!isLinux) {