From 436ceab45e27be0f7eaf4de1cd7e653986f7176c Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Tue, 6 Apr 2021 19:32:25 +0200
Subject: [PATCH] nixos-module/container/anon: setup shaping

---
 nix/lib/config/legacy.nix           |  4 ++++
 nix/lib/config/options.nix          |  3 +++
 nix/nixos-module/container/anon.nix | 11 ++++++++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/nix/lib/config/legacy.nix b/nix/lib/config/legacy.nix
index d2df542..41b6713 100644
--- a/nix/lib/config/legacy.nix
+++ b/nix/lib/config/legacy.nix
@@ -92,6 +92,7 @@ in
         in {
           role = "container";
           location = "server2";
+
           interfaces =
             builtins.mapAttrs (net: interface:
               renameAttr "gw" "gw4"
@@ -115,7 +116,9 @@ in
                 addresses = builtins.filter builtins.isString (
                   builtins.split "[, ]+" wgData.addr
                 );
+                upBandwidth = ctPillar.upstream.up-bandwidth;
               }) ctPillar.wireguard-instances);
+
           ospf =
             let
               hostPillar = self.lib.saltPillarFor name;
@@ -125,6 +128,7 @@ in
             } // lib.optionalAttrs (hostPillar ? ospf && ospfConf ? stubnets-inet6) {
             stubNets6 = ospfConf.stubnets-inet6;
             };
+
           forwardedPorts =
             if ctPillar ? port-forwarding
             then map ({ proto, port, to }: {
diff --git a/nix/lib/config/options.nix b/nix/lib/config/options.nix
index 97e9053..e1ccfe1 100644
--- a/nix/lib/config/options.nix
+++ b/nix/lib/config/options.nix
@@ -196,6 +196,9 @@ let
               addresses = mkOption {
                 type = listOf str;
               };
+              upBandwidth = mkOption {
+                type = with types; nullOr int;
+              };
             };
           }
         ));
diff --git a/nix/nixos-module/container/anon.nix b/nix/nixos-module/container/anon.nix
index d6db007..d9231c6 100644
--- a/nix/nixos-module/container/anon.nix
+++ b/nix/nixos-module/container/anon.nix
@@ -58,8 +58,17 @@ in
     addresses = map (addr: {
       addressConfig.Address = addr;
     }) wireguard.addresses;
+
+    networkConfig.DefaultRouteOnDevice = true;
+
+    extraConfig = ''
+      [CAKE]
+      Parent = root
+      # DOCSIS overhead
+      OverheadBytes = 18
+      Bandwidth = ${toString wireguard.upBandwidth}K
+    '';
   }) tunnels;
-  # TODO: gw4, gw6
 
   networking.nat = lib.optionalAttrs (firstTunnel != null) {
     enable = true;