nixos/estuary: Implement 95% bandwidth limiter

2022-07-10 23:27:57 +01:00
parent e240b9a54e
commit 408177adb3
3 changed files with 182 additions and 56 deletions
--- a/nixos/boxes/colony/vms/estuary/default.nix
+++ b/nixos/boxes/colony/vms/estuary/default.nix
@@ -39,7 +39,7 @@
        inherit (lib.my) networkdAssignment;
      in
      {
-        imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./dns.nix ];
+        imports = [ "${modulesPath}/profiles/qemu-guest.nix" ./dns.nix ./bandwidth.nix ];

        config = mkMerge [
          {
@@ -92,29 +92,6 @@
                  '';
                  wantedBy = [ "multi-user.target" ];
                };
-
-                # systemd-networkd doesn't support tc filtering
-                wan-filter-to-ifb =
-                let
-                  waitOnline = [
-                    "systemd-networkd-wait-online@wan.service"
-                    "systemd-networkd-wait-online@ifb-wan.service"
-                  ];
-                in
-                {
-                  description = "Install tc filter to pass WAN traffic to IFB";
-                  enable = true;
-                  bindsTo = waitOnline;
-                  after = waitOnline;
-                  serviceConfig = {
-                    Type = "oneshot";
-                    RemainAfterExit = true;
-                  };
-                  script = ''
-                    ${pkgs.iproute2}/bin/tc filter add dev wan parent ffff: u32 match u32 0 0 action mirred egress redirect dev ifb-wan
-                  '';
-                  wantedBy = [ "multi-user.target" ];
-                };
              };
            };

@@ -135,13 +112,6 @@
                };
              };

-              netdevs = {
-                "25-ifb-wan".netdevConfig = {
-                  Name = "ifb-wan";
-                  Kind = "ifb";
-                };
-              };
-
              networks = {
                "80-wan" = {
                  matchConfig.Name = "wan";
@@ -160,31 +130,6 @@
                    LinkLocalAddressing = "no";
                    IPv6AcceptRA = false;
                  };
-                  extraConfig = ''
-                    [QDisc]
-                    Parent=ingress
-                    Handle=ffff
-
-                    # Outbound traffic limiting
-                    [TokenBucketFilter]
-                    Parent=root
-                    LatencySec=0.3
-                    BurstBytes=512K
-                    # *bits
-                    Rate=245M
-                  '';
-                };
-                "80-ifb-wan" = {
-                  matchConfig.Name = "ifb-wan";
-                  extraConfig = ''
-                    # Inbound traffic limiting
-                    [TokenBucketFilter]
-                    Parent=root
-                    LatencySec=0.3
-                    BurstBytes=512K
-                    # *bits
-                    Rate=245M
-                  '';
                };

                "80-base" = mkMerge [