From 071f135ef4eea6fc8b2cc04f6b9e1d8503b544dc Mon Sep 17 00:00:00 2001
From: schweby <schweby@hacc.space>
Date: Sat, 20 Mar 2021 16:56:56 +0100
Subject: [PATCH] hainich: Blacklist ip_tables and ip6_tables

Prevent **something** (docker) from loading the iptables kernel modules
and breaking nftables
---
 hosts/hainich/configuration.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hosts/hainich/configuration.nix b/hosts/hainich/configuration.nix
index 5cc94e0..45c5a8e 100644
--- a/hosts/hainich/configuration.nix
+++ b/hosts/hainich/configuration.nix
@@ -25,6 +25,9 @@
   boot.loader.grub.device = "/dev/sda";
   boot.supportedFilesystems = [ "zfs" ];
 
+  # stop presumably docker form loading ip_tables and breaking nftables
+  boot.blacklistedKernelModules = [ "ip_tables" "ip6_tables" ]; 
+
   # networking
   networking.hostName = "hainich";
   networking.hostId = "8a58cb2f";