cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

implement traffic control, remove adguard, misc tailscale stuff

Browse source
This commit is contained in:
cy 2025-02-24 13:23:38 -05:00
parent a82a616f11
commit 131b4b2614
Signed by: cy
SSH key fingerprint: SHA256:o/geVWV4om1QhUSkKvDQeW/eAihwnjyXkqMwrVdbuts
5 changed files with 39 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
home/yt/ytnix.nix
View file

@ -144,6 +144,9 @@
telegram-desktop telegram-desktop
jadx jadx
gradle gradle
localsend
scrcpy
syncthing
]; ];
programs.waybar.enable = true; programs.waybar.enable = true;

25
hosts/chunk/default.nix
View file

@ -1,5 +1,6 @@
{ {
pkgs, pkgs,
lib,
... ...
}: }:
{ {
@ -10,7 +11,6 @@
./backup.nix ./backup.nix
./rclone.nix ./rclone.nix
./postgres.nix ./postgres.nix
./adguard.nix
./hedgedoc.nix ./hedgedoc.nix
./miniflux.nix ./miniflux.nix
./redlib.nix ./redlib.nix
@ -92,9 +92,28 @@
53 53
853 853
]; ];
extraCommands = '' extraCommands =
let
ethtool = lib.getExe pkgs.ethtool;
tc = lib.getExe' pkgs.iproute2 "tc";
in ''
# disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites)
${ethtool} -K ens18 tso off
# clear existing rules
${tc} qdisc del dev ens18 root || true
# create HTB hierarchy
${tc} qdisc add dev ens18 root handle 1: htb default 20
${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 40% ceil 100%
${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 60% ceil 100%
# mark traffic
iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tor.service" -j MARK --set-mark 2
# route marked packets
${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
''; '';
}; };
networking.interfaces.ens18 = { networking.interfaces.ens18 = {

3
hosts/chunk/tailscale.nix
View file

@ -7,6 +7,9 @@
"--advertise-exit-node" "--advertise-exit-node"
"--accept-dns=false" "--accept-dns=false"
]; ];
extraDaemonFlags = [
"--no-logs-no-support"
];
useRoutingFeatures = "server"; useRoutingFeatures = "server";
openFirewall = true; openFirewall = true;
}; };

6
hosts/ytnix/default.nix
View file

@ -91,7 +91,10 @@
resolvconf.enable = true; resolvconf.enable = true;
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 8080 ]; # for mitmproxy allowedTCPPorts = [
8080 # mitmproxy
22000 # syncthing
];
}; };
}; };
programs.nm-applet.enable = true; programs.nm-applet.enable = true;
@ -223,6 +226,7 @@
"/home/yt/.local/share/Steam" "/home/yt/.local/share/Steam"
"**/.wine" "**/.wine"
"/home/yt/Games" "/home/yt/Games"
"/home/yt/Videos"
]; ];
repo = "yt"; repo = "yt";
passFile = config.sops.secrets."borg/rsyncnet".path; passFile = config.sops.secrets."borg/rsyncnet".path;

7
hosts/ytnix/tailscale.nix
View file

@ -6,8 +6,13 @@
openFirewall = true; openFirewall = true;
useRoutingFeatures = "client"; useRoutingFeatures = "client";
extraUpFlags = [ extraUpFlags = [
"--exit-node=100.122.132.30" "--exit-node=chunk"
"--accept-dns=false" "--accept-dns=false"
"--operator=yt"
"--exit-node-allow-lan-access"
];
extraDaemonFlags = [
"--no-logs-no-support"
]; ];
}; };
} }