rm tor and update firewall stuff

hosts/chunk/default.nix

@@ -22,7 +22,6 @@
     ./forgejo.nix
     ./garage.nix
     ./tailscale.nix
-    ./tor.nix
   ];
 
   sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@@ -101,22 +100,18 @@
           ${tc} qdisc del dev ens18 root || true
 
           # create HTB hierarchy
-          ${tc} qdisc add dev ens18 root handle 1: htb default 30
+          ${tc} qdisc add dev ens18 root handle 1: htb default 10
           ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
-          # tailscale
-          ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100%
-          # caddy
-          ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100%
           # rest
+          ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100%
+          # caddy
           ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100%
 
           # mark traffic
-          iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
+          iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3
-          iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2
 
           # route marked packets
-          ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
+          ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30
-          ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20
         '';
     };
     interfaces.ens18 = {

hosts/chunk/tor.nix

@@ -1,16 +0,0 @@
-{ ... }:
-{
-  services.tor = {
-    enable = true;
-    openFirewall = true;
-    relay = {
-      enable = true;
-      role = "relay";
-    };
-    settings = {
-      ORPort = 9001;
-      Nickname = "chunk";
-      # MaxAdvertisedBandwidth = "20MBytes";
-    };
-  };
-}