From 4475df98a45e0716933fad7eaf1184800d102b78 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Tue, 18 Jun 2024 13:58:50 -0400
Subject: [PATCH] deploy nftables rules in deploy-initial

---
 deploy-initial | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/deploy-initial b/deploy-initial
index 59877b5..f688ad8 100755
--- a/deploy-initial
+++ b/deploy-initial
@@ -55,7 +55,9 @@ sed -i "s/{{ssh_users}}/${hosts_ssh_users[$host]:-root}/g" ssh/sshd_config.tmp
 rsync -cv ssh/sshd_config.tmp $remote:/mnt/etc/ssh/sshd_config
 rm ssh/sshd_config.tmp
 
-ssh $remote "arch-chroot /mnt systemctl enable chronyd.service fstrim.timer logrotate.timer plocate-updatedb.timer systemd-networkd.service sshd.service unbound.service"
+rsync -cv nftables/nftables-${hosts_firewall[$host]:-web}.conf $remote:/mnt/etc/nftables.conf
+
+ssh $remote "arch-chroot /mnt systemctl enable chronyd.service fstrim.timer logrotate.timer nftables.service plocate-updatedb.timer systemd-networkd.service sshd.service unbound.service"
 ssh $remote "arch-chroot /mnt systemctl disable remote-fs.target systemd-network-generator.service"
 
 ssh $remote "dd if=/dev/random of=/mnt/swapfile bs=1M count=$swap status=progress"