From c887f0ba9228072b6ab2374abc5a929a1cd4fd1a Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Mon, 4 Aug 2025 16:54:14 +0200
Subject: [PATCH] document nftables

---
 machines/dev/fedi203/woodpecker.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/machines/dev/fedi203/woodpecker.nix b/machines/dev/fedi203/woodpecker.nix
index 1f0e58b5..17d8f50d 100644
--- a/machines/dev/fedi203/woodpecker.nix
+++ b/machines/dev/fedi203/woodpecker.nix
@@ -202,7 +202,6 @@
   };
 
   networking = {
-    nftables.enable = lib.mkForce false;
     firewall = {
       allowedTCPPorts = [
         22
@@ -215,6 +214,8 @@
         allowedTCPPorts = [ 53 ];
       };
     };
+    # helps make sure DNS resolves from the containers
+    nftables.enable = lib.mkForce false;
   };
 
   virtualisation.podman = {