diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 011d577f..964209c1 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -5,6 +5,7 @@ in {
   imports = [
     ./deploy
     ./tf-glue
+    (sources.pbb-nixfiles + "/modules/nftables")
     (sources.tf-nix + "/modules/nixos/secrets.nix")
     (sources.tf-nix + "/modules/nixos/secrets-users.nix")
     hexchen.modules.hexnet
diff --git a/profiles/common/nixos/default.nix b/profiles/common/nixos/default.nix
index eeffc10d..3cc37fc5 100644
--- a/profiles/common/nixos/default.nix
+++ b/profiles/common/nixos/default.nix
@@ -3,6 +3,7 @@
 {
   imports = [
     ./system.nix
+    ./net.nix
     ./access.nix
     ./locale.nix
     ./nix.nix
diff --git a/profiles/common/nixos/net.nix b/profiles/common/nixos/net.nix
new file mode 100644
index 00000000..143e27ba
--- /dev/null
+++ b/profiles/common/nixos/net.nix
@@ -0,0 +1,5 @@
+{ config, lib, ... }:
+
+{
+  petabyte.nftables.enable = lib.mkDefault true;
+}