From d76a9f7f3a5839aa59fb88c0e9d6b886db2b821b Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 25 Feb 2025 12:39:43 -0500 Subject: [PATCH] also traffic control caddy --- home/yt/ytnix.nix | 5 +++-- hosts/chunk/default.nix | 37 ++++++++++++++++++++++--------------- hosts/ytnix/default.nix | 2 +- overlay/zipline/default.nix | 3 +-- 4 files changed, 27 insertions(+), 20 deletions(-) diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 03e3bb9..c3a0414 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -147,6 +147,7 @@ localsend scrcpy syncthing + obsidian ]; programs.waybar.enable = true; @@ -189,12 +190,12 @@ # sccache stuff RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; SCCACHE_BUCKET = "sccache"; - SCCACHE_REGION = "earth"; + SCCACHE_REGION = "us-east-1"; SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh"; SCCACHE_ALLOW_CORE_DUMPS = "true"; SCCACHE_S3_USE_SSL = "true"; SCCACHE_CACHE_MULTIARCH = "true"; - SCCACHE_LOG_LEVEL = "warn"; + SCCACHE_LOG = "warn"; AWS_DEFAULT_REGION = "us-east-1"; AWS_ENDPOINT_URL = "https://s3.cy7.sh"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 2322005..826b128 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -96,25 +96,32 @@ let ethtool = lib.getExe pkgs.ethtool; tc = lib.getExe' pkgs.iproute2 "tc"; - in '' - # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) - ${ethtool} -K ens18 tso off + in + '' + # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) + ${ethtool} -K ens18 tso off - # clear existing rules - ${tc} qdisc del dev ens18 root || true + # clear existing rules + ${tc} qdisc del dev ens18 root || true - # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 20 - ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 40% ceil 100% - ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 60% ceil 100% + # create HTB hierarchy + ${tc} qdisc add dev ens18 root handle 1: htb default 30 + ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% + # tailscale + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% + # caddy + ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% + # rest + ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% - # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 + # mark traffic + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 - # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 - ''; + # route marked packets + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 + ''; }; networking.interfaces.ens18 = { ipv6.addresses = [ diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index a3d4e13..c329115 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -92,7 +92,7 @@ firewall = { enable = true; allowedTCPPorts = [ - 8080 # mitmproxy + 8080 # mitmproxy 22000 # syncthing ]; }; diff --git a/overlay/zipline/default.nix b/overlay/zipline/default.nix index 72ec089..b114119 100644 --- a/overlay/zipline/default.nix +++ b/overlay/zipline/default.nix @@ -1,5 +1,4 @@ -final: prev: -{ +final: prev: { zipline = prev.zipline.overrideAttrs { patches = [ ./no-check-bucket.patch