also traffic control caddy

2025-02-25 12:39:43 -05:00 · 2025-02-25 12:39:43 -05:00 · d76a9f7f3a
commit d76a9f7f3a
parent 47d703d9d1
4 changed files with 27 additions and 20 deletions
--- a/home/yt/ytnix.nix
+++ b/home/yt/ytnix.nix
@ -147,6 +147,7 @@
    localsend
    scrcpy
    syncthing
    obsidian
  ];
  programs.waybar.enable = true;
@ -189,12 +190,12 @@
    # sccache stuff
    RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}";
    SCCACHE_BUCKET = "sccache";
-    SCCACHE_REGION = "earth";
+    SCCACHE_REGION = "us-east-1";
    SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh";
    SCCACHE_ALLOW_CORE_DUMPS = "true";
    SCCACHE_S3_USE_SSL = "true";
    SCCACHE_CACHE_MULTIARCH = "true";
-    SCCACHE_LOG_LEVEL = "warn";
+    SCCACHE_LOG = "warn";
    AWS_DEFAULT_REGION = "us-east-1";
    AWS_ENDPOINT_URL = "https://s3.cy7.sh";
    AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)";
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -96,25 +96,32 @@
      let
        ethtool = lib.getExe pkgs.ethtool;
        tc = lib.getExe' pkgs.iproute2 "tc";
-      in ''
+      in
-      # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites)
+      ''
-      ${ethtool} -K ens18 tso off
+        # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites)
        ${ethtool} -K ens18 tso off
-      # clear existing rules
+        # clear existing rules
-      ${tc} qdisc del dev ens18 root || true
+        ${tc} qdisc del dev ens18 root || true
-      # create HTB hierarchy
+        # create HTB hierarchy
-      ${tc} qdisc add dev ens18 root handle 1: htb default 20
+        ${tc} qdisc add dev ens18 root handle 1: htb default 30
-      ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
+        ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
-      ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 40% ceil 100%
+        # tailscale
-      ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 60% ceil 100%
+        ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100%
        # caddy
        ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100%
        # rest
        ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100%
-      # mark traffic
+        # mark traffic
-      iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
+        iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
        iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2
-      # route marked packets
+        # route marked packets
-      ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
+        ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10
-    '';
+        ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20
      '';
  };
  networking.interfaces.ens18 = {
    ipv6.addresses = [
--- a/hosts/ytnix/default.nix
+++ b/hosts/ytnix/default.nix
@ -92,7 +92,7 @@
    firewall = {
      enable = true;
      allowedTCPPorts = [
-        8080  # mitmproxy
+        8080 # mitmproxy
        22000 # syncthing
      ];
    };
--- a/overlay/zipline/default.nix
+++ b/overlay/zipline/default.nix
@ -1,5 +1,4 @@
-final: prev:
+final: prev: {
 {
  zipline = prev.zipline.overrideAttrs {
    patches = [
      ./no-check-bucket.patch