titaniumtown/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: titaniumtown:34a3502ee968550b6f4c4261b8a44fc24991627d
Branches Tags
titaniumtown:main
...
compare: titaniumtown:ba5b778c1ad0dc72e2a2f3e0612f967cc7b26ca9
Branches Tags
titaniumtown:main

2 Commits
34a3502ee9 ... ba5b778c1a

Author SHA1 Message Date
Simon Gardling
ba5b778c1a throttle torrenting when needed 2025-04-16 23:12:28 -04:00
Simon Gardling
491807c030 update 2025-04-16 21:34:01 -04:00
3 changed files with 61 additions and 11 deletions
Expand all files Collapse all files

18
flake.lock generated
View File

@@ -153,11 +153,11 @@
]
},
"locked": {
"lastModified": 1744117652,
"narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=",
"lastModified": 1744743431,
"narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f",
"rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387",
"type": "github"
},
"original": {
@@ -200,11 +200,11 @@
]
},
"locked": {
"lastModified": 1744717505,
"narHash": "sha256-8GS3nqO7iCIdjsd63t5EpHDu489tJYe4MjXpFtgc+No=",
"lastModified": 1744791665,
"narHash": "sha256-PeX0XesV1AsM4e+Rv5jIFC67boZl3MQpyC0RvXZZdF8=",
"owner": "ggml-org",
"repo": "llama.cpp",
"rev": "f8f820cc4dc37032d5375972ba904ce53043445d",
"rev": "b43d89e311c5e7fbf62e5ec3c0401eb536677267",
"type": "github"
},
"original": {
@@ -222,11 +222,11 @@
]
},
"locked": {
"lastModified": 1744682339,
"narHash": "sha256-EnfBeDSsqEku5gvudXWYdXoFghmXb4Vp9YY1vMNzebY=",
"lastModified": 1744768706,
"narHash": "sha256-7W63qdst98cXE4j/QDF1L3OHz5N5JjcfTVL17a4a3kw=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "deaa09e85d9288c27e0f76431dcdea21f32f96fa",
"rev": "46be353e058e970480a9c62ee94a0d1ad2f0c569",
"type": "github"
},
"original": {

2
services/qbittorrent.nix
View File

@@ -62,7 +62,7 @@
serverConfig.BitTorrent = {
Session = {
GlobalUPSpeedLimit = 1500; # 1.500 MiB/s
GlobalUPSpeedLimit = 0; # unlimited upload
GlobalDLSpeedLimit = 500; # 500 KiB/s
IgnoreLimitsOnLAN = true;

52
services/wg.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, service_configs, ... }:
{
pkgs,
service_configs,
eth_interface,
...
}:
{
# network namespace that is proxied through mullvad
vpnNamespaces.wg = {
@@ -8,4 +13,49 @@
# "192.168.0.0/24"
];
};
environment.systemPackages = with pkgs; [
# used to monitor bandwidth usage
nload
];
networking.firewall.extraCommands = ''
# Exempt local traffic from marking
iptables -t mangle -A POSTROUTING -s ${service_configs.https.wg_ip}/24 -d 192.168.1.0/24 -j RETURN
# Mark all other traffic from the VPN namespace
iptables -t mangle -A POSTROUTING -s ${service_configs.https.wg_ip}/24 -j MARK --set-mark 1
'';
systemd.services."traffic-shaping" =
let
upload_pipe = 20;
high_prio = 18;
low_prio = 2;
in
{
description = "Apply QoS to prioritize non-VPN traffic";
after = [
"network.target"
"vpn-wg.service"
];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "tc-setup" ''
# Add HTB qdisc to physical interface
${pkgs.iproute2}/bin/tc qdisc add dev ${eth_interface} root handle 1: htb default 10
# Define classes:
# - Class 1:10 (high priority, unmarked)
# - Class 1:20 (low priority, marked VPN traffic)
${pkgs.iproute2}/bin/tc class add dev ${eth_interface} parent 1: classid 1:1 htb rate ${builtins.toString upload_pipe}mbit ceil ${builtins.toString upload_pipe}mbit
${pkgs.iproute2}/bin/tc class add dev ${eth_interface} parent 1:1 classid 1:10 htb rate ${builtins.toString high_prio}mbit ceil ${builtins.toString upload_pipe}mbit prio 1
${pkgs.iproute2}/bin/tc class add dev ${eth_interface} parent 1:1 classid 1:20 htb rate ${builtins.toString low_prio}mbit ceil ${builtins.toString upload_pipe}mbit prio 2
# Direct marked packets to low-priority class
${pkgs.iproute2}/bin/tc filter add dev ${eth_interface} parent 1: protocol ip prio 1 handle 1 fw flowid 1:20
'';
};
};
}