From 60727812b81ea956b6c323979ef3df0fc8ae6d03 Mon Sep 17 00:00:00 2001
From: cy <cy@cy7.sh>
Date: Fri, 14 Mar 2025 00:55:53 -0400
Subject: [PATCH] rm tor and update firewall stuff

---
 hosts/chunk/default.nix | 15 +++++----------
 hosts/chunk/tor.nix     | 16 ----------------
 2 files changed, 5 insertions(+), 26 deletions(-)
 delete mode 100644 hosts/chunk/tor.nix

diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix
index 2fee98c..9a621c4 100644
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@@ -22,7 +22,6 @@
     ./forgejo.nix
     ./garage.nix
     ./tailscale.nix
-    ./tor.nix
   ];
 
   sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@@ -101,22 +100,18 @@
           ${tc} qdisc del dev ens18 root || true
 
           # create HTB hierarchy
-          ${tc} qdisc add dev ens18 root handle 1: htb default 30
+          ${tc} qdisc add dev ens18 root handle 1: htb default 10
           ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
-          # tailscale
-          ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100%
-          # caddy
-          ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100%
           # rest
+          ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100%
+          # caddy
           ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100%
 
           # mark traffic
-          iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
-          iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2
+          iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3
 
           # route marked packets
-          ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
-          ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20
+          ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30
         '';
     };
     interfaces.ens18 = {
diff --git a/hosts/chunk/tor.nix b/hosts/chunk/tor.nix
deleted file mode 100644
index 2ad4a89..0000000
--- a/hosts/chunk/tor.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ ... }:
-{
-  services.tor = {
-    enable = true;
-    openFirewall = true;
-    relay = {
-      enable = true;
-      role = "relay";
-    };
-    settings = {
-      ORPort = 9001;
-      Nickname = "chunk";
-      # MaxAdvertisedBandwidth = "20MBytes";
-    };
-  };
-}