hosts/kanako-hkg0: switch from customer to transit dualstack

nixos/hosts/kanako-hkg0/networking.nix

@@ -6,14 +6,30 @@
 }:
 {
   imports = with profiles; [
-    services.enthalpy.customer
+    services.enthalpy.transit-dualstack
   ];
 
   services.enthalpy.ipsec.interfaces = [ "enp1s0" ];
 
+  networking.nftables.tables.nat = {
+    family = "inet";
+    content = ''
+      chain postrouting {
+        type nat hook postrouting priority srcnat; policy accept;
+        oifname enp1s0 counter masquerade
+      }
+    '';
+  };
+
   systemd.network = {
     enable = true;
     wait-online.anyInterface = true;
+    config = {
+      networkConfig = {
+        IPv4Forwarding = true;
+        IPv6Forwarding = true;
+      };
+    };
     networks = {
       "30-enp1s0" = {
         matchConfig.Name = "enp1s0";

nixos/hosts/marisa-7d76/networking.nix

@@ -11,7 +11,7 @@
 
   services.enthalpy = {
     ipsec.interfaces = [ "enp14s0" ];
-    clat.segment = lib.singleton "fde3:3be3:a244:2676::2";
+    clat.segment = lib.singleton "fde3:3be3:a244:f876::2";
   };
 
   systemd.network = {

nixos/hosts/marisa-a7s/networking.nix

@@ -14,7 +14,7 @@
       interfaces = [ "wlan0" ];
       whitelist = [ "rebmit's edge network" ];
     };
-    clat.segment = lib.singleton "fde3:3be3:a244:2676::2";
+    clat.segment = lib.singleton "fde3:3be3:a244:f876::2";
   };
 
   systemd.network = {