Fuck that tables malarky this works

modules/system/services/server/fileserver/nfs/default.nix

@@ -11,14 +11,6 @@
         /storage/Music *(rw,sync,no_subtree_check)
       '';
     };
-    networking.nftables.tables.nfs = {
+    networking.firewall.extraInputRules = "ip saddr 10.0.0.0/8 tcp dport 2049 accept";
-      family = "inet";
-      content = ''
-        chain input {
-	  type filter hook input priority filter; policy drop;
-          ip saddr 10.0.0.0/8 tcp dport 2049 accept comment "Accept NFS"
-        }
-      '';
-    };
   };
 }

modules/system/services/server/nginx/rtmp/default.nix

@@ -25,15 +25,7 @@
         }
       '';
     };
-    networking.nftables.tables.rtmp = {
+    networking.firewall.extraInputRules = "ip saddr { 10.0.0.0/8, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept";
-      family = "inet";
-      content = ''
-        chain input {
-	  type filter hook input priority 0; policy drop;
-          ip saddr { 10.0.0.0/8, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept comment "Accept RTMP"
-        }
-      '';
-    };
     systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ];
   };
 }

modules/system/services/server/owncast/default.nix

@@ -7,15 +7,7 @@
       port = 8060;
       rtmp-port = 1945;
     };
-    networking.nftables.tables.owncast = {
+    networking.firewall.extraInputRules = "ip saddr 10.0.0.0/8 tcp dport 1945 accept";
-      family = "inet";
-      content = ''
-        chain input {
-	  type filter hook input priority filter; policy drop;
-          ip saddr 10.0.0.0/8 tcp dport 1945 accept comment "Accept RTMP"
-        }
-      '';
-    };
     environment.persistence."/persist".directories = [ "/var/lib/owncast" ];
   };
 }