about summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorMaciej Krüger <mkg20001@gmail.com>2024-03-02 17:40:44 +0100
committerGitHub <noreply@github.com>2024-03-02 17:40:44 +0100
commit55ead8c56aa6b255e8c93b1c2c5f87bfa98546be (patch)
treee43554f2c02c2edf4249f1cf1ad781e9992c044b /nixos
parenta217ccfe1f9c5f3ffd641f2ce9b94d5b017647ca (diff)
parent6a0ad369f2cc36c9229f0c260c23e36206a278b9 (diff)
Merge pull request #290976 from adamcstephens/incus/nft
nixos/incus: assert nftables is used when firewall is enabled
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/virtualisation/incus.nix7
1 files changed, 7 insertions, 0 deletions
diff --git a/nixos/modules/virtualisation/incus.nix b/nixos/modules/virtualisation/incus.nix
index 3bbe0ba458516..a561c5682ae58 100644
--- a/nixos/modules/virtualisation/incus.nix
+++ b/nixos/modules/virtualisation/incus.nix
@@ -107,6 +107,13 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = !(config.networking.firewall.enable && !config.networking.nftables.enable && config.virtualisation.incus.enable);
+        message = "Incus on NixOS is unsupported using iptables. Set `networking.nftables.enable = true;`";
+      }
+    ];
+
     # https://github.com/lxc/incus/blob/f145309929f849b9951658ad2ba3b8f10cbe69d1/doc/reference/server_settings.md
     boot.kernel.sysctl = {
       "fs.aio-max-nr" = lib.mkDefault 524288;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-06 01:33:31 +0000