disables nftables for woodpecker, just like for forgejo-ci

2025-08-04 14:04:49 +02:00 · 2025-08-04 14:04:49 +02:00 · baff847e6e
commit baff847e6e
parent c2a3eb967c
2 changed files with 6 additions and 2 deletions
--- a/infra/common/nixos/networking.nix
+++ b/infra/common/nixos/networking.nix
@ -28,8 +28,8 @@ in
        ## Procolix-made ruleset.
        firewall.enable = false;
        nftables = {
-          enable = false;
-          # rulesetFile = ./nftables-ruleset.nft;
+          enable = true;
+          rulesetFile = ./nftables-ruleset.nft;
        };
      }

--- a/machines/dev/fedi203/woodpecker.nix
+++ b/machines/dev/fedi203/woodpecker.nix
@ -269,6 +269,10 @@
      };
  };

+  networking = {
+    nftables.enable = lib.mkForce false;
+  };
+
  networking.firewall.allowedTCPPorts = [
    22
    80