From 0399a3ba21f0508b003cee2a1e57b7918fce93fe Mon Sep 17 00:00:00 2001
From: Aaron Bieber <aaron@bolddaemon.com>
Date: Sun, 16 Oct 2022 10:10:13 -0600
Subject: [PATCH] router: add nf_tables module, use regular kernel for now.

---
 flake.nix                               | 3 ++-
 hosts/router/default.nix                | 4 +++-
 hosts/router/hardware-configuration.nix | 2 +-
 hosts/router/router.nft                 | 2 ++
 4 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/flake.nix b/flake.nix
index 6f93814..5e3f639 100644
--- a/flake.nix
+++ b/flake.nix
@@ -14,7 +14,8 @@
     nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; };
 
     emacs-overlay = {
-      url = "github:nix-community/emacs-overlay/08445dd7824253ee8580f06127460a7d14e942cf";
+      url =
+        "github:nix-community/emacs-overlay/08445dd7824253ee8580f06127460a7d14e942cf";
       inputs.nixpkgs.follows = "stable";
     };
 
diff --git a/hosts/router/default.nix b/hosts/router/default.nix
index ded346a..63761d0 100644
--- a/hosts/router/default.nix
+++ b/hosts/router/default.nix
@@ -11,6 +11,8 @@ in {
   _module.args.isUnstable = false;
   imports = [ ./hardware-configuration.nix ];
 
+  boot.kernelPackages = pkgs.linuxPackages;
+
   boot.kernel.sysctl = {
     "net.ipv4.conf.all.forwarding" = true;
     "net.ipv6.conf.all.forwarding" = true;
@@ -29,7 +31,7 @@ in {
     firewall.enable = false;
 
     nftables = {
-      enable = false;
+      enable = true;
       rulesetFile = ./router.nft;
     };
 
diff --git a/hosts/router/hardware-configuration.nix b/hosts/router/hardware-configuration.nix
index a065c8c..bf63b69 100644
--- a/hosts/router/hardware-configuration.nix
+++ b/hosts/router/hardware-configuration.nix
@@ -13,7 +13,7 @@
   boot.initrd.availableKernelModules =
     [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
+  boot.kernelModules = [ "nf_tables" ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
diff --git a/hosts/router/router.nft b/hosts/router/router.nft
index 8de41b2..d4277fb 100644
--- a/hosts/router/router.nft
+++ b/hosts/router/router.nft
@@ -1,3 +1,5 @@
+add table ip nat
+
 table ip nat {
   chain postrouting {
     type nat hook postrouting priority 100