nixbld: set up rpi SSH port redirects for IPv4 users

nixbld-etc-nixos/configuration.nix

@@ -66,6 +66,12 @@ in
       enable = true;
       externalInterface = netifWan;
       internalInterfaces = [ netifLan netifWifi ];
+      forwardPorts = [
+        { sourcePort = 2201; destination = "192.168.1.201:22"; proto = "tcp"; }
+        { sourcePort = 2202; destination = "192.168.1.202:22"; proto = "tcp"; }
+        { sourcePort = 2203; destination = "192.168.1.203:22"; proto = "tcp"; }
+        { sourcePort = 2204; destination = "192.168.1.204:22"; proto = "tcp"; }
+      ];
       extraCommands = ''
         iptables -w -N block-lan-from-wifi
         iptables -w -A block-lan-from-wifi -i ${netifLan} -o ${netifWifi} -j DROP
@@ -111,6 +117,12 @@ in
       dhcp-range=interface:${netifLan},::,constructor:${netifLan},ra-names
       dhcp-range=interface:${netifWifi},::,constructor:${netifWifi},ra-only
 
+      # Static IPv4s to make port redirections work
+      dhcp-host=rpi-1,192.168.1.201
+      dhcp-host=rpi-2,192.168.1.202
+      dhcp-host=rpi-3,192.168.1.203
+      dhcp-host=rpi-4,192.168.1.204
+
       # Default IP addresses for ARTIQ boards
       address=/thermostat/192.168.1.26
       address=/kc705/192.168.1.50