public-access-proxy: bump nfconntrack table size, loda module even earlier
This commit is contained in:
parent
5560deef4c
commit
626f7a1d38
|
@ -6,6 +6,12 @@
|
|||
./stats.nix
|
||||
];
|
||||
|
||||
boot.kernel.sysctl = {
|
||||
# table overflow causing packets from nginx to the service to drop
|
||||
# nf_conntrack: nf_conntrack: table full, dropping packet
|
||||
"net.netfilter.nf_conntrack_max" = toString (4096*32);
|
||||
};
|
||||
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
networking.hostName = "public-access-proxy";
|
||||
|
|
|
@ -9,6 +9,10 @@
|
|||
|
||||
boot = {
|
||||
loader.grub.enable = false;
|
||||
initrd.kernelModules = [
|
||||
# required for net.netfilter.nf_conntrack_max appearing in sysfs early at boot
|
||||
"nf_conntrack"
|
||||
];
|
||||
kernel.sysctl =
|
||||
let
|
||||
mem = if (config?microvm) then config.microvm.mem else config.deployment.mem;
|
||||
|
@ -16,12 +20,8 @@
|
|||
lib.optionalAttrs (mem <= 2*1024) {
|
||||
# table overflow causing packets from nginx to the service to drop
|
||||
# nf_conntrack: nf_conntrack: table full, dropping packet
|
||||
"net.netfilter.nf_conntrack_max" = "65536";
|
||||
"net.netfilter.nf_conntrack_max" = lib.mkDefault "65536";
|
||||
};
|
||||
kernelModules = [
|
||||
# required for net.netfilter.nf_conntrack_max appearing in sysfs early at boot
|
||||
"nf_conntrack"
|
||||
];
|
||||
kernelParams = [
|
||||
"preempt=none"
|
||||
# No server/router runs any untrusted user code
|
||||
|
|
Loading…
Reference in New Issue