From 161a35b0b8e4a5cb8d5fac3d5083ee9fb82cfbe2 Mon Sep 17 00:00:00 2001
From: ryneeverett <ryneeverett@gmail.com>
Date: Sun, 14 Feb 2021 01:12:43 -0500
Subject: [PATCH] nixos/lxd: explicitly load xt_CHECKSUM module

This module is needed to create bridge networks such as the default
lxdbr0 created by `lxd init`. Without this module, running `lxc network
create lxdbr0` errors with:

> Error: Failed to create network 'lxdbr0': Failed to run: iptables -w -t mangle -I POSTROUTING -o lxdbr0 -p udp --dport 68 -j CHECKSUM --checksum-fill -m comment --comment generated for LXD network lxdbr0: iptables v1.8.5 (legacy): unknown option "--checksum-fill"
---
 nixos/modules/virtualisation/lxd.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/virtualisation/lxd.nix b/nixos/modules/virtualisation/lxd.nix
index 375fc1d256c..42a1f2f1a30 100644
--- a/nixos/modules/virtualisation/lxd.nix
+++ b/nixos/modules/virtualisation/lxd.nix
@@ -170,7 +170,7 @@ in {
       "kernel.keys.maxkeys" = 2000;
     };
 
-    boot.kernelModules = [ "veth" "xt_comment" "xt_MASQUERADE" ]
+    boot.kernelModules = [ "veth" "xt_comment" "xt_CHECKSUM" "xt_MASQUERADE" ]
       ++ optionals (!config.networking.nftables.enable) [ "iptable_mangle" ];
   };
 }