Fix conntrack issues in microvm
due to bad scaling with lower RAM
This commit is contained in:
parent
fc105bb0d9
commit
ca6fe29106
|
@ -5,12 +5,6 @@
|
|||
|
||||
microvm.mem = 1024;
|
||||
|
||||
boot.kernel.sysctl = {
|
||||
# table overflow causing packets from nginx to hedgedoc to drop
|
||||
# nf_conntrack: nf_conntrack: table full, dropping packet
|
||||
"net.netfilter.nf_conntrack_max" = "65536";
|
||||
};
|
||||
|
||||
networking.hostName = "hedgedoc";
|
||||
|
||||
services = {
|
||||
|
|
|
@ -72,11 +72,18 @@ in
|
|||
# autoupdates do not make sense inside MicroVMs with read-only /nix/store
|
||||
c3d2.autoUpdate = false;
|
||||
|
||||
boot.kernelParams = [
|
||||
"preempt=none"
|
||||
# No server/router runs any untrusted user code
|
||||
"mitigations=off"
|
||||
];
|
||||
boot = {
|
||||
kernel.sysctl = lib.optionalAttrs (config.microvm.mem <= 1024) {
|
||||
# table overflow causing packets from nginx to the service to drop
|
||||
# nf_conntrack: nf_conntrack: table full, dropping packet
|
||||
"net.netfilter.nf_conntrack_max" = "65536";
|
||||
};
|
||||
kernelParams = [
|
||||
"preempt=none"
|
||||
# No server/router runs any untrusted user code
|
||||
"mitigations=off"
|
||||
];
|
||||
};
|
||||
|
||||
hardware.enableRedistributableFirmware = false;
|
||||
|
||||
|
@ -114,7 +121,10 @@ in
|
|||
}) config.c3d2.deployment.mounts;
|
||||
};
|
||||
|
||||
networking = lib.mkIf config.c3d2.deployment.autoNetSetup {
|
||||
networking = {
|
||||
# required that sysctl contains net.netfilter.nf_conntrack_max on boot
|
||||
firewall.autoLoadConntrackHelpers = true;
|
||||
} // lib.optionalAttrs config.c3d2.deployment.autoNetSetup {
|
||||
useDHCP = false;
|
||||
dhcpcd.enable = false;
|
||||
useNetworkd = true;
|
||||
|
|
Loading…
Reference in New Issue