dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: dev:b420f2377cd4a022ea01a5c45d765bde420093e0
Branches Tags
dev:master
dev:fastback-ssh
dev:installer
...
compare: dev:40c491aa14aba68fcb83c542ea0a9f00041eeb6e
Branches Tags
dev:master
dev:fastback-ssh
dev:installer

3 Commits
b420f2377c ... 40c491aa14

Author SHA1 Message Date
Jack O'Sullivan
40c491aa14 nixos/home/routing-common: Add MSS clamping to work around PMTUD
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 1h4m53s
Details
2024-03-21 20:42:06 +00:00
Jack O'Sullivan
1a8740fb9c nixos/home/routing-common: Increase RTT for CAKE 2024-03-21 20:41:28 +00:00
Jack O'Sullivan
f857e751b5 nixos/home/routing-common: Restart kea on failure 2024-03-21 20:40:38 +00:00
2 changed files with 13 additions and 3 deletions
Show Stats Expand all files Collapse all files

10
nixos/boxes/home/routing-common/default.nix
View File

@ -226,7 +226,7 @@ in
extraConfig = '' extraConfig = ''
[CAKE] [CAKE]
Bandwidth=235M Bandwidth=235M
RTTSec=10ms RTTSec=50ms
PriorityQueueingPreset=besteffort PriorityQueueingPreset=besteffort
# DOCSIS preset # DOCSIS preset
OverheadBytes=18 OverheadBytes=18
@ -250,7 +250,7 @@ in
[CAKE] [CAKE]
Parent=root Parent=root
Bandwidth=24M Bandwidth=24M
RTTSec=1ms RTTSec=50ms
''; '';
} }
]; ];
@ -370,6 +370,12 @@ in
return return
} }
chain forward-early {
type filter hook forward priority -1; policy accept;
# MSS clamping to workaround IPv6 PMTUD being broken...
tcp flags syn tcp option maxseg size set rt mtu counter
}
chain forward { chain forward {
${lib.my.c.as211024.nftTrust} ${lib.my.c.as211024.nftTrust}
iifname lan-untrusted jump filter-untrusted iifname lan-untrusted jump filter-untrusted

6
nixos/boxes/home/routing-common/kea.nix
View File

@ -26,7 +26,11 @@ in
}; };
systemd.services = { systemd.services = {
kea-dhcp4-server.serviceConfig.DynamicUser = mkForce false; kea-dhcp4-server.serviceConfig = {
# Sometimes interfaces might not be ready in time and Kea doesn't like that
Restart = "on-failure";
DynamicUser = mkForce false;
};
kea-dhcp-ddns-server.serviceConfig.DynamicUser = mkForce false; kea-dhcp-ddns-server.serviceConfig.DynamicUser = mkForce false;
}; };