From 1988b763a0047a60c87e687a9952a4af4d2163d2 Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Mon, 4 Aug 2025 14:04:49 +0200
Subject: [PATCH] disables nftables for woodpecker, just like for forgejo-ci

---
 infra/common/nixos/networking.nix   | 4 ++--
 machines/dev/fedi203/woodpecker.nix | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/infra/common/nixos/networking.nix b/infra/common/nixos/networking.nix
index 28e34208..0872dad0 100644
--- a/infra/common/nixos/networking.nix
+++ b/infra/common/nixos/networking.nix
@@ -28,8 +28,8 @@ in
         ## Procolix-made ruleset.
         firewall.enable = false;
         nftables = {
-          enable = false;
-          # rulesetFile = ./nftables-ruleset.nft;
+          enable = true;
+          rulesetFile = ./nftables-ruleset.nft;
         };
       }
 
diff --git a/machines/dev/fedi203/woodpecker.nix b/machines/dev/fedi203/woodpecker.nix
index 4b3415df..2fbc6f32 100644
--- a/machines/dev/fedi203/woodpecker.nix
+++ b/machines/dev/fedi203/woodpecker.nix
@@ -269,6 +269,10 @@
       };
   };
 
+  networking = {
+    nftables.enable = lib.mkForce false;
+  };
+
   networking.firewall.allowedTCPPorts = [
     22
     80