use nftables

2025-05-20 14:51:57 -04:00 · 2025-05-20 14:51:57 -04:00 · f280227e5d
commit f280227e5d
parent 04bcd9eba1
2 changed files with 2 additions and 27 deletions
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -1,6 +1,5 @@
 {
  pkgs,
-  lib,
  ...
 }:
 {
@ -79,32 +78,6 @@
      allowedUDPPorts = [
        443
      ];
-      extraCommands =
-        let
-          ethtool = lib.getExe pkgs.ethtool;
-          tc = lib.getExe' pkgs.iproute2 "tc";
-        in
-        ''
-          # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites)
-          ${ethtool} -K ens18 tso off
-
-          # clear existing rules
-          ${tc} qdisc del dev ens18 root || true
-
-          # create HTB hierarchy
-          ${tc} qdisc add dev ens18 root handle 1: htb default 10
-          ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
-          # rest
-          ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100%
-          # caddy
-          ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100%
-
-          # mark traffic
-          iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3
-
-          # route marked packets
-          ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30
-        '';
    };
    interfaces.ens18 = {
      ipv6.addresses = [
@ -157,6 +130,7 @@

  environment.systemPackages = with pkgs; [
    vim
+    neovim
    wget
    curl
    tree
--- a/hosts/common.nix
+++ b/hosts/common.nix
@ -56,6 +56,7 @@
      "nts.teambelgium.net"
      "c.st1.ntp.br"
    ];
+    nftables.enable = true;
  };
  services.chrony = {
    enable = true;