nixos-module/container/anon: setup shaping

nix/lib/config/legacy.nix

@@ -92,6 +92,7 @@ in
         in {
           role = "container";
           location = "server2";
+
           interfaces =
             builtins.mapAttrs (net: interface:
               renameAttr "gw" "gw4"
@@ -115,7 +116,9 @@ in
                 addresses = builtins.filter builtins.isString (
                   builtins.split "[, ]+" wgData.addr
                 );
+                upBandwidth = ctPillar.upstream.up-bandwidth;
               }) ctPillar.wireguard-instances);
+
           ospf =
             let
               hostPillar = self.lib.saltPillarFor name;
@@ -125,6 +128,7 @@ in
             } // lib.optionalAttrs (hostPillar ? ospf && ospfConf ? stubnets-inet6) {
             stubNets6 = ospfConf.stubnets-inet6;
             };
+
           forwardedPorts =
             if ctPillar ? port-forwarding
             then map ({ proto, port, to }: {

nix/lib/config/options.nix

@@ -196,6 +196,9 @@ let
               addresses = mkOption {
                 type = listOf str;
               };
+              upBandwidth = mkOption {
+                type = with types; nullOr int;
+              };
             };
           }
         ));

nix/nixos-module/container/anon.nix

@@ -58,8 +58,17 @@ in
     addresses = map (addr: {
       addressConfig.Address = addr;
     }) wireguard.addresses;
+
+    networkConfig.DefaultRouteOnDevice = true;
+
+    extraConfig = ''
+      [CAKE]
+      Parent = root
+      # DOCSIS overhead
+      OverheadBytes = 18
+      Bandwidth = ${toString wireguard.upBandwidth}K
+    '';
   }) tunnels;
-  # TODO: gw4, gw6
 
   networking.nat = lib.optionalAttrs (firstTunnel != null) {
     enable = true;