also traffic control caddy

2025-02-25 12:39:43 -05:00 · 2025-02-25 12:39:43 -05:00 · d76a9f7f3a
commit d76a9f7f3a
parent 47d703d9d1
4 changed files with 27 additions and 20 deletions
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -96,25 +96,32 @@
      let
        ethtool = lib.getExe pkgs.ethtool;
        tc = lib.getExe' pkgs.iproute2 "tc";
-      in ''
-      # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites)
-      ${ethtool} -K ens18 tso off
+      in
+      ''
+        # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites)
+        ${ethtool} -K ens18 tso off

-      # clear existing rules
-      ${tc} qdisc del dev ens18 root || true
+        # clear existing rules
+        ${tc} qdisc del dev ens18 root || true

-      # create HTB hierarchy
-      ${tc} qdisc add dev ens18 root handle 1: htb default 20
-      ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
-      ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 40% ceil 100%
-      ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 60% ceil 100%
+        # create HTB hierarchy
+        ${tc} qdisc add dev ens18 root handle 1: htb default 30
+        ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
+        # tailscale
+        ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100%
+        # caddy
+        ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100%
+        # rest
+        ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100%

-      # mark traffic
-      iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
+        # mark traffic
+        iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
+        iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2

-      # route marked packets
-      ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
-    '';
+        # route marked packets
+        ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
+        ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20
+      '';
  };
  networking.interfaces.ens18 = {
    ipv6.addresses = [