From 626d8076bb622d6fee35200ad512743e4ee28d3f Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Mon, 19 Sep 2022 21:43:38 +0200
Subject: [PATCH] nixos-module/container/upstream: move clamp-mss-to-pmtu outa
 pppoe

---
 nix/nixos-module/container/upstream.nix       | 8 ++++++++
 nix/nixos-module/container/upstream/pppoe.nix | 9 ---------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/nix/nixos-module/container/upstream.nix b/nix/nixos-module/container/upstream.nix
index 2edf7b4..c61df81 100644
--- a/nix/nixos-module/container/upstream.nix
+++ b/nix/nixos-module/container/upstream.nix
@@ -65,6 +65,14 @@ in
     externalInterface = firstUpstreamInterface;
     externalIP = staticIpv4Address;
     extraCommands = ''
+      # Add workaround for upstreams with wonky MTU
+      iptables -t mangle -A FORWARD \
+        -p tcp --tcp-flags SYN,RST SYN \
+        -j TCPMSS --clamp-mss-to-pmtu
+      ip6tables -t mangle -A FORWARD \
+        -p tcp --tcp-flags SYN,RST SYN \
+        -j TCPMSS --clamp-mss-to-pmtu
+
       # Prohibit SMTP except for servers
       iptables -N fwd_smtp || \
         iptables -F fwd_smtp
diff --git a/nix/nixos-module/container/upstream/pppoe.nix b/nix/nixos-module/container/upstream/pppoe.nix
index 90ce5bf..95fde22 100644
--- a/nix/nixos-module/container/upstream/pppoe.nix
+++ b/nix/nixos-module/container/upstream/pppoe.nix
@@ -84,13 +84,4 @@ in lib.mkIf (pppoeInterfaces != {}) {
       };
     }) {} (builtins.attrNames pppoeInterfaces);
 
-  networking.nat.extraCommands = ''
-    iptables -A FORWARD \
-      -p tcp --tcp-flags SYN,RST SYN \
-      -j TCPMSS --clamp-mss-to-pmtu
-    ip6tables -A FORWARD \
-      -p tcp --tcp-flags SYN,RST SYN \
-      -j TCPMSS --clamp-mss-to-pmtu
-  '';
-
 }