94 lines
2.4 KiB
Nix
94 lines
2.4 KiB
Nix
{ lib, pkgs, config, assignments, allAssignments, ... }: {
|
|
config = {
|
|
systemd = {
|
|
services = {
|
|
# systemd-networkd doesn't support tc filtering
|
|
wan-filter-to-ifb =
|
|
let
|
|
waitOnline = [
|
|
"systemd-networkd-wait-online@wan.service"
|
|
"systemd-networkd-wait-online@ifb-wan.service"
|
|
];
|
|
in
|
|
{
|
|
description = "Install tc filter to pass WAN traffic to IFB";
|
|
enable = true;
|
|
bindsTo = waitOnline;
|
|
after = waitOnline;
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
};
|
|
script = ''
|
|
${pkgs.iproute2}/bin/tc filter add dev wan parent ffff: u32 match u32 0 0 action mirred egress redirect dev ifb-wan
|
|
'';
|
|
wantedBy = [ "multi-user.target" ];
|
|
};
|
|
|
|
bandwidth-limiter =
|
|
let
|
|
deps = [ "wan-filter-to-ifb.service" ];
|
|
in
|
|
{
|
|
description = "WAN bandwidth limiter";
|
|
enable = true;
|
|
bindsTo = deps;
|
|
after = deps;
|
|
path = with pkgs; [ python310 iproute2 ];
|
|
environment = {
|
|
PYTHONUNBUFFERED = "1";
|
|
};
|
|
serviceConfig = {
|
|
ExecStart = [ "${./bandwidth.py} wan,ifb-wan 245 10000" ];
|
|
StateDirectory = "bandwidth-limiter";
|
|
};
|
|
wantedBy = [ "multi-user.target" ];
|
|
};
|
|
};
|
|
|
|
network = {
|
|
netdevs = {
|
|
"25-ifb-wan".netdevConfig = {
|
|
Name = "ifb-wan";
|
|
Kind = "ifb";
|
|
};
|
|
};
|
|
|
|
networks = {
|
|
"80-wan" = {
|
|
extraConfig = ''
|
|
[QDisc]
|
|
Parent=ingress
|
|
Handle=ffff
|
|
|
|
# Outbound traffic limiting
|
|
[TokenBucketFilter]
|
|
Parent=root
|
|
LatencySec=0.3
|
|
BurstBytes=512K
|
|
# *bits
|
|
Rate=245M
|
|
'';
|
|
};
|
|
"80-ifb-wan" = {
|
|
matchConfig.Name = "ifb-wan";
|
|
extraConfig = ''
|
|
# Inbound traffic limiting
|
|
[TokenBucketFilter]
|
|
Parent=root
|
|
LatencySec=0.3
|
|
BurstBytes=512K
|
|
# *bits
|
|
Rate=245M
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
my = {
|
|
tmproot.persistence.config.directories = [ "/var/lib/bandwidth-limiter" ];
|
|
};
|
|
};
|
|
}
|