From a6a9b5be12f6ec2ff4a7893b2d473b2db6f3eaf9 Mon Sep 17 00:00:00 2001
From: chayleaf <chayleaf-git@pavluk.org>
Date: Sun, 14 Jul 2024 06:41:26 +0700
Subject: [PATCH] router: enable ipv6 forwarding in wan netns

---
 flake.lock                      | 6 +++---
 system/hosts/router/default.nix | 4 ++++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/flake.lock b/flake.lock
index 8975cb5..ee1c7c0 100644
--- a/flake.lock
+++ b/flake.lock
@@ -510,11 +510,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1720021052,
-        "narHash": "sha256-tu8IQn8Kj7S0xRg0L2ej7S65FzXqSX7LI7M2pbLdQJU=",
+        "lastModified": 1720913908,
+        "narHash": "sha256-AZ0AcL1ze6gS8EmwRpuR04MXCLb/NDLjp9n+Gs4IhFQ=",
         "owner": "chayleaf",
         "repo": "nixos-router",
-        "rev": "4c132c4c5fc09b3c3317b960ec1533c4a5ebe41f",
+        "rev": "38088dc1745350db709e9f2cf777979b5217f671",
         "type": "github"
       },
       "original": {
diff --git a/system/hosts/router/default.nix b/system/hosts/router/default.nix
index 56a828a..2e6111d 100644
--- a/system/hosts/router/default.nix
+++ b/system/hosts/router/default.nix
@@ -718,6 +718,10 @@ in {
     ];
   };
   router.networkNamespaces.wan = {
+    sysctl = {
+      "net.ipv4.conf.all.forwarding" = true;
+      "net.ipv6.conf.all.forwarding" = true;
+    };
     # this is the even more boring nftables config
     nftables.jsonRules = let
       wans = [ "wan" ] ++ lib.optional (cfg.vpn.tunnel.mode == "sit") "sittun0";