dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases1 Wiki Activity

Compare commits

...

3 Commits
b420f2377c ... 40c491aa14

Author SHA1 Message Date
Jack O'Sullivan
40c491aa14 nixos/home/routing-common: Add MSS clamping to work around PMTUD 2024-03-21 20:42:06 +00:00
Jack O'Sullivan
1a8740fb9c nixos/home/routing-common: Increase RTT for CAKE 2024-03-21 20:41:28 +00:00
Jack O'Sullivan
f857e751b5 nixos/home/routing-common: Restart kea on failure 2024-03-21 20:40:38 +00:00
2 changed files with 13 additions and 3 deletions
nixos/boxes/home/routing-common
default.nixkea.nix

10
nixos/boxes/home/routing-common/default.nix

@ -226,7 +226,7 @@ in
extraConfig = ''
[CAKE]
Bandwidth=235M
RTTSec=10ms
RTTSec=50ms
PriorityQueueingPreset=besteffort
# DOCSIS preset
OverheadBytes=18
@ -250,7 +250,7 @@ in
[CAKE]
Parent=root
Bandwidth=24M
RTTSec=1ms
RTTSec=50ms
'';
}
];
@ -370,6 +370,12 @@ in
return
}
chain forward-early {
type filter hook forward priority -1; policy accept;
# MSS clamping to workaround IPv6 PMTUD being broken...
tcp flags syn tcp option maxseg size set rt mtu counter
}
chain forward {
${lib.my.c.as211024.nftTrust}
iifname lan-untrusted jump filter-untrusted

6
nixos/boxes/home/routing-common/kea.nix

@ -26,7 +26,11 @@ in
};
systemd.services = {
kea-dhcp4-server.serviceConfig.DynamicUser = mkForce false;
kea-dhcp4-server.serviceConfig = {
# Sometimes interfaces might not be ready in time and Kea doesn't like that
Restart = "on-failure";
DynamicUser = mkForce false;
};
kea-dhcp-ddns-server.serviceConfig.DynamicUser = mkForce false;
};