From 7689468a4ba2bfbaeaaf30c29bd19c9607a1dd99 Mon Sep 17 00:00:00 2001
From: Zhaofeng Li <hello@zhaofeng.li>
Date: Tue, 12 Jul 2022 17:59:44 -0700
Subject: nixos/nat: Use the package specified in networking.firewall.package

Otherwise the system path is inconsistent if you do something like

    networking.firewall.package = pkgs.iptables-legacy;
---
 nixos/modules/services/networking/nat.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'nixos/modules/services/networking/nat.nix')

diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix
index 2e58cd699b2..c33c3db186e 100644
--- a/nixos/modules/services/networking/nat.nix
+++ b/nixos/modules/services/networking/nat.nix
@@ -319,7 +319,10 @@ in
         }
       ];
 
-      environment.systemPackages = [ pkgs.iptables ];
+      # Use the same iptables package as in config.networking.firewall.
+      # When the firewall is enabled, this should be deduplicated without any
+      # error.
+      environment.systemPackages = [ config.networking.firewall.package ];
 
       boot = {
         kernelModules = [ "nf_nat_ftp" ];
@@ -347,7 +350,7 @@ in
         description = "Network Address Translation";
         wantedBy = [ "network.target" ];
         after = [ "network-pre.target" "systemd-modules-load.service" ];
-        path = [ pkgs.iptables ];
+        path = [ config.networking.firewall.package ];
         unitConfig.ConditionCapability = "CAP_NET_ADMIN";
 
         serviceConfig = {
-- 
cgit 1.4.1