router: add nf_tables module, use regular kernel for now.

flake.nix

@@ -14,7 +14,8 @@
     nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; };
 
     emacs-overlay = {
-      url = "github:nix-community/emacs-overlay/08445dd7824253ee8580f06127460a7d14e942cf";
+      url =
+        "github:nix-community/emacs-overlay/08445dd7824253ee8580f06127460a7d14e942cf";
       inputs.nixpkgs.follows = "stable";
     };
 

hosts/router/default.nix

@@ -11,6 +11,8 @@ in {
   _module.args.isUnstable = false;
   imports = [ ./hardware-configuration.nix ];
 
+  boot.kernelPackages = pkgs.linuxPackages;
+
   boot.kernel.sysctl = {
     "net.ipv4.conf.all.forwarding" = true;
     "net.ipv6.conf.all.forwarding" = true;
@@ -29,7 +31,7 @@ in {
     firewall.enable = false;
 
     nftables = {
-      enable = false;
+      enable = true;
       rulesetFile = ./router.nft;
     };
 

hosts/router/hardware-configuration.nix

@@ -13,7 +13,7 @@
   boot.initrd.availableKernelModules =
     [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
+  boot.kernelModules = [ "nf_tables" ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" = {

hosts/router/router.nft

@@ -1,3 +1,5 @@
+add table ip nat
+
 table ip nat {
   chain postrouting {
     type nat hook postrouting priority 100