Make net.netfilter.nf_conntrack_max work on skyflake

2023-05-23 21:38:50 +02:00 · 2023-05-23 21:38:50 +02:00 · 232323a3da
parent 1dd62b623a
commit 232323a3da
1 changed files with 9 additions and 5 deletions
--- a/modules/microvm-defaults.nix
+++ b/modules/microvm-defaults.nix
@ -9,11 +9,15 @@

  boot = {
    loader.grub.enable = false;
-    kernel.sysctl = lib.optionalAttrs (config.microvm.mem <= 1024) {
-      # table overflow causing packets from nginx to the service to drop
-      # nf_conntrack: nf_conntrack: table full, dropping packet
-      "net.netfilter.nf_conntrack_max" = "65536";
-    };
+    kernel.sysctl =
+      let
+        mem = if (config?microvm) then config.microvm.mem else config.deployment.mem;
+      in
+      lib.optionalAttrs (mem <= 1024) {
+        # table overflow causing packets from nginx to the service to drop
+        # nf_conntrack: nf_conntrack: table full, dropping packet
+        "net.netfilter.nf_conntrack_max" = "65536";
+      };
    kernelParams = [
      "preempt=none"
      # No server/router runs any untrusted user code