nixos-config/system/all/networking-qos.nix

125 lines
3.5 KiB
Nix
Raw Normal View History

2019-12-20 05:54:26 +01:00
{ pkgs, config, lib, ... }: {
2019-10-24 02:20:38 +02:00
options.configuration.fireqos = with lib; {
enable = mkEnableOption "enable";
interface = mkOption {
default = "enp8s0";
type = with types; str;
};
# nix-shell -p speedtest_cli --run speedtest
input = mkOption {
default = 4200;
type = with types; int;
description = "in kbit";
};
# nix-shell -p speedtest_cli --run speedtest
output = mkOption {
default = 1200;
type = with types; int;
description = "in kbit";
};
balance = mkOption {
type = with types; bool;
description = ''
balance all, this will not prioritise anything.
'';
};
};
2019-12-20 05:54:26 +01:00
config = let
kbits = number:
import (pkgs.runCommand "round-${toString number}" { }
''awk 'BEGIN{printf "\"%ikbit\"", ${toString number}}' > $out'');
2019-10-24 02:20:38 +02:00
2019-12-20 05:54:26 +01:00
interface = config.configuration.fireqos.interface;
input = "${toString config.configuration.fireqos.input}kbit";
output = "${toString config.configuration.fireqos.output}kbit";
tincInput = kbits (config.configuration.fireqos.input * 0.7);
tincOutput = kbits (config.configuration.fireqos.output * 0.7);
useBalancedForExperimenting = false;
2019-10-24 02:20:38 +02:00
2019-12-20 05:54:26 +01:00
tincPorts =
lib.mapAttrsToList (name: configuration: toString configuration.port)
config.module.cluster.services.tinc;
2019-10-24 02:20:38 +02:00
2019-12-20 05:54:26 +01:00
in {
2019-10-24 02:20:38 +02:00
# https://firehol.org/tutorial/fireqos-new-user/
services.fireqos.enable = config.configuration.fireqos.enable;
2020-04-30 17:54:03 +02:00
systemd.services.fireqos.wantedBy = [ "multi-user.target" ];
2019-10-24 02:20:38 +02:00
services.fireqos.config = ''
# ------------------- world
2019-12-20 05:54:26 +01:00
interface ${interface} world-in input rate ${input} ${
lib.optionalString useBalancedForExperimenting "balanced"
}
2019-10-24 02:20:38 +02:00
class ssh commit 300kbit
match tcp port 22
class http commit 80%
match tcp port 80,443
class tinc commit 80%
match port ${lib.concatStringsSep "," tincPorts}
class surfing commit 30%
match tcp sports 0:1023 # include TCP traffic from port 0-1023
2019-12-20 05:54:26 +01:00
interface ${interface} world-out output rate ${output} ${
lib.optionalString useBalancedForExperimenting "balanced"
}
2019-10-24 02:20:38 +02:00
class ssh commit 500kbit
match tcp port 22
class http commit 80%
match tcp port 80,443
class tinc commit 80%
match port ${lib.concatStringsSep "," tincPorts}
class surfing commit 5%
match tcp dports 0:1023 # include TCP traffic to port 0-1023
# ------------------- tinc
2019-12-20 05:54:26 +01:00
interface tinc.private tinc bidirectional input rate ${tincInput} output rate ${tincOutput} ${
lib.optionalString useBalancedForExperimenting "balanced"
}
2019-10-24 02:20:38 +02:00
class ssh commit 300kbit
match tcp port 22,2222
# public servers
class public commit 80%
match port 80,443
match port 3000 # gogs
match port 8000 # bepasty
class homeassistant commit 100kbit
match tcp port ${toString config.services.home-assistant.port}
class prometheus commit 100kbit
match tcp port 19999 # netdata
match tcp port 9113 # netdata exporter
match port 11201 # graylog sink
class wuis commit 100kbit
match port 8384 # syncthing
match port 8123 # home-assistant
match port 5656 # grafana
match port 8080 # kodi
match port 9090 # prometheus
match port 9000 # graylog
class syncthing
match port 22000
2019-12-20 05:54:26 +01:00
'';
2019-10-24 02:20:38 +02:00
};
}