From 232323a3daeb7a74896c1d70a4141243995c9618 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Tue, 23 May 2023 21:38:50 +0200
Subject: [PATCH] Make net.netfilter.nf_conntrack_max work on skyflake

---
 modules/microvm-defaults.nix | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/modules/microvm-defaults.nix b/modules/microvm-defaults.nix
index 20d5a794..dac8f3ca 100644
--- a/modules/microvm-defaults.nix
+++ b/modules/microvm-defaults.nix
@@ -9,11 +9,15 @@
 
   boot = {
     loader.grub.enable = false;
-    kernel.sysctl = lib.optionalAttrs (config.microvm.mem <= 1024) {
-      # table overflow causing packets from nginx to the service to drop
-      # nf_conntrack: nf_conntrack: table full, dropping packet
-      "net.netfilter.nf_conntrack_max" = "65536";
-    };
+    kernel.sysctl =
+      let
+        mem = if (config?microvm) then config.microvm.mem else config.deployment.mem;
+      in
+      lib.optionalAttrs (mem <= 1024) {
+        # table overflow causing packets from nginx to the service to drop
+        # nf_conntrack: nf_conntrack: table full, dropping packet
+        "net.netfilter.nf_conntrack_max" = "65536";
+      };
     kernelParams = [
       "preempt=none"
       # No server/router runs any untrusted user code