nixos/docker: load more required kernel modules

This builds on #76487. br_netfilter ------------ When I first added veth it was suggested I add bridge as well. Without veth I get the following error message when starting the daemon with security.lockKernelModules=true: > Running modprobe bridge br_netfilter failed with message: modprobe: ERROR: could not insert 'br_netfilter': Operation not permitted Therefore if we're going to add bridge we may as well add br_netfilter as well. xt_nat ------ Without xt_nat, docker cannot do dnat with iptables, failing with: > iptables v1.8.4 (legacy): unknown option \"--to-destination\"\nTry `iptables -h' or 'iptables --help' for more information.\n (exit status 2))
2020-09-10 15:30:01 +00:00 · 2020-09-10 15:30:01 +00:00 · 12755ecdd5
commit 12755ecdd5
parent 023a4f2253
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/virtualisation/docker.nix
+++ b/nixos/modules/virtualisation/docker.nix
@ -149,7 +149,7 @@ in
  ###### implementation

  config = mkIf cfg.enable (mkMerge [{
-      boot.kernelModules = [ "bridge" "veth" ];
+      boot.kernelModules = [ "bridge" "veth" "br_netfilter" "xt_nat" ];
      boot.kernel.sysctl = {
        "net.ipv4.conf.all.forwarding" = mkOverride 98 true;
        "net.ipv4.conf.default.forwarding" = mkOverride 98 true;