From cf91baa93883bc2f61a53f2f6c78348b9cebd7b7 Mon Sep 17 00:00:00 2001
From: William Carroll <wpcarro@gmail.com>
Date: Mon, 16 May 2022 12:23:16 -0700
Subject: feat(ava): Set firewall.checkReversePath to "loose"

I was being warned while running `sudo rebuild-system`.

Change-Id: Ie8b730760e069086c2ef88f8edf00887cbbb5c93
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5627
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI
---
 users/wpcarro/nixos/ava/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/users/wpcarro/nixos/ava/default.nix b/users/wpcarro/nixos/ava/default.nix
index b3ef095be0..47a93ed2ef 100644
--- a/users/wpcarro/nixos/ava/default.nix
+++ b/users/wpcarro/nixos/ava/default.nix
@@ -26,6 +26,8 @@ in
   # Support IP forwarding to use this device as a Tailscale exit node.
   boot.kernel.sysctl."net.ipv4.ip_forward" = true;
   boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true;
+  # Additionall exit node settings that Tailscale recommends.
+  networking.firewall.checkReversePath = "loose";
 
   time.timeZone = "America/Los_Angeles";
 
-- 
cgit 1.4.1