Make net.netfilter.nf_conntrack_max work on skyflake
This commit is contained in:
parent
1dd62b623a
commit
232323a3da
|
@ -9,11 +9,15 @@
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
loader.grub.enable = false;
|
loader.grub.enable = false;
|
||||||
kernel.sysctl = lib.optionalAttrs (config.microvm.mem <= 1024) {
|
kernel.sysctl =
|
||||||
# table overflow causing packets from nginx to the service to drop
|
let
|
||||||
# nf_conntrack: nf_conntrack: table full, dropping packet
|
mem = if (config?microvm) then config.microvm.mem else config.deployment.mem;
|
||||||
"net.netfilter.nf_conntrack_max" = "65536";
|
in
|
||||||
};
|
lib.optionalAttrs (mem <= 1024) {
|
||||||
|
# table overflow causing packets from nginx to the service to drop
|
||||||
|
# nf_conntrack: nf_conntrack: table full, dropping packet
|
||||||
|
"net.netfilter.nf_conntrack_max" = "65536";
|
||||||
|
};
|
||||||
kernelParams = [
|
kernelParams = [
|
||||||
"preempt=none"
|
"preempt=none"
|
||||||
# No server/router runs any untrusted user code
|
# No server/router runs any untrusted user code
|
||||||
|
|
Loading…
Reference in New Issue
Block a user