nixos-module/container/anon: setup shaping
This commit is contained in:
parent
0a03be1469
commit
436ceab45e
|
@ -92,6 +92,7 @@ in
|
|||
in {
|
||||
role = "container";
|
||||
location = "server2";
|
||||
|
||||
interfaces =
|
||||
builtins.mapAttrs (net: interface:
|
||||
renameAttr "gw" "gw4"
|
||||
|
@ -115,7 +116,9 @@ in
|
|||
addresses = builtins.filter builtins.isString (
|
||||
builtins.split "[, ]+" wgData.addr
|
||||
);
|
||||
upBandwidth = ctPillar.upstream.up-bandwidth;
|
||||
}) ctPillar.wireguard-instances);
|
||||
|
||||
ospf =
|
||||
let
|
||||
hostPillar = self.lib.saltPillarFor name;
|
||||
|
@ -125,6 +128,7 @@ in
|
|||
} // lib.optionalAttrs (hostPillar ? ospf && ospfConf ? stubnets-inet6) {
|
||||
stubNets6 = ospfConf.stubnets-inet6;
|
||||
};
|
||||
|
||||
forwardedPorts =
|
||||
if ctPillar ? port-forwarding
|
||||
then map ({ proto, port, to }: {
|
||||
|
|
|
@ -196,6 +196,9 @@ let
|
|||
addresses = mkOption {
|
||||
type = listOf str;
|
||||
};
|
||||
upBandwidth = mkOption {
|
||||
type = with types; nullOr int;
|
||||
};
|
||||
};
|
||||
}
|
||||
));
|
||||
|
|
|
@ -58,8 +58,17 @@ in
|
|||
addresses = map (addr: {
|
||||
addressConfig.Address = addr;
|
||||
}) wireguard.addresses;
|
||||
|
||||
networkConfig.DefaultRouteOnDevice = true;
|
||||
|
||||
extraConfig = ''
|
||||
[CAKE]
|
||||
Parent = root
|
||||
# DOCSIS overhead
|
||||
OverheadBytes = 18
|
||||
Bandwidth = ${toString wireguard.upBandwidth}K
|
||||
'';
|
||||
}) tunnels;
|
||||
# TODO: gw4, gw6
|
||||
|
||||
networking.nat = lib.optionalAttrs (firstTunnel != null) {
|
||||
enable = true;
|
||||
|
|
Loading…
Reference in New Issue