nixos-module/container/anon: setup shaping
This commit is contained in:
parent
0a03be1469
commit
436ceab45e
|
@ -92,6 +92,7 @@ in
|
||||||
in {
|
in {
|
||||||
role = "container";
|
role = "container";
|
||||||
location = "server2";
|
location = "server2";
|
||||||
|
|
||||||
interfaces =
|
interfaces =
|
||||||
builtins.mapAttrs (net: interface:
|
builtins.mapAttrs (net: interface:
|
||||||
renameAttr "gw" "gw4"
|
renameAttr "gw" "gw4"
|
||||||
|
@ -115,7 +116,9 @@ in
|
||||||
addresses = builtins.filter builtins.isString (
|
addresses = builtins.filter builtins.isString (
|
||||||
builtins.split "[, ]+" wgData.addr
|
builtins.split "[, ]+" wgData.addr
|
||||||
);
|
);
|
||||||
|
upBandwidth = ctPillar.upstream.up-bandwidth;
|
||||||
}) ctPillar.wireguard-instances);
|
}) ctPillar.wireguard-instances);
|
||||||
|
|
||||||
ospf =
|
ospf =
|
||||||
let
|
let
|
||||||
hostPillar = self.lib.saltPillarFor name;
|
hostPillar = self.lib.saltPillarFor name;
|
||||||
|
@ -125,6 +128,7 @@ in
|
||||||
} // lib.optionalAttrs (hostPillar ? ospf && ospfConf ? stubnets-inet6) {
|
} // lib.optionalAttrs (hostPillar ? ospf && ospfConf ? stubnets-inet6) {
|
||||||
stubNets6 = ospfConf.stubnets-inet6;
|
stubNets6 = ospfConf.stubnets-inet6;
|
||||||
};
|
};
|
||||||
|
|
||||||
forwardedPorts =
|
forwardedPorts =
|
||||||
if ctPillar ? port-forwarding
|
if ctPillar ? port-forwarding
|
||||||
then map ({ proto, port, to }: {
|
then map ({ proto, port, to }: {
|
||||||
|
|
|
@ -196,6 +196,9 @@ let
|
||||||
addresses = mkOption {
|
addresses = mkOption {
|
||||||
type = listOf str;
|
type = listOf str;
|
||||||
};
|
};
|
||||||
|
upBandwidth = mkOption {
|
||||||
|
type = with types; nullOr int;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
));
|
));
|
||||||
|
|
|
@ -58,8 +58,17 @@ in
|
||||||
addresses = map (addr: {
|
addresses = map (addr: {
|
||||||
addressConfig.Address = addr;
|
addressConfig.Address = addr;
|
||||||
}) wireguard.addresses;
|
}) wireguard.addresses;
|
||||||
|
|
||||||
|
networkConfig.DefaultRouteOnDevice = true;
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
[CAKE]
|
||||||
|
Parent = root
|
||||||
|
# DOCSIS overhead
|
||||||
|
OverheadBytes = 18
|
||||||
|
Bandwidth = ${toString wireguard.upBandwidth}K
|
||||||
|
'';
|
||||||
}) tunnels;
|
}) tunnels;
|
||||||
# TODO: gw4, gw6
|
|
||||||
|
|
||||||
networking.nat = lib.optionalAttrs (firstTunnel != null) {
|
networking.nat = lib.optionalAttrs (firstTunnel != null) {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
Loading…
Reference in New Issue