From 30648174b9a1a16fce7b70c4b47d489a7d898cb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= Date: Fri, 13 May 2022 08:46:25 +0100 Subject: [PATCH] maybe fix tc_cake --- config/nas.nix | 4 +- flake.lock | 17 ---- flake.nix | 2 - modules/tc-cake.nix | 186 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 188 insertions(+), 21 deletions(-) create mode 100644 modules/tc-cake.nix diff --git a/config/nas.nix b/config/nas.nix index 02553103..ac4da305 100644 --- a/config/nas.nix +++ b/config/nas.nix @@ -1,4 +1,4 @@ -{ config, pkgs, modulesPath, lib, nixos-hardware, mrobbetts-extra, ... } @ args: { +{ config, pkgs, modulesPath, lib, nixos-hardware, ... } @ args: { networking.hostName = "nas"; networking.hostId = "70af00ed"; @@ -21,7 +21,7 @@ ./services/mautrix-signal.nix ./services/router.nix ./services/syncthing.nix - "${mrobbetts-extra}/tc_cake.nix" + ../modules/tc-cake.nix ]; hardware.cpu.amd.updateMicrocode = true; diff --git a/flake.lock b/flake.lock index 0cb0c304..2e5a083f 100644 --- a/flake.lock +++ b/flake.lock @@ -249,22 +249,6 @@ "url": "https://git.chir.rs/CarolineHusky/MiiFox.net" } }, - "mrobbetts-extra": { - "flake": false, - "locked": { - "lastModified": 1651793149, - "narHash": "sha256-b2PGTx8FOypHN5yvyAYYfeBqI0MLAQ4t+9g1NJGSTvM=", - "owner": "mrobbetts", - "repo": "nixos_extra_modules", - "rev": "0fb4e94fceaef7fed497562bab31922a6bfd24b3", - "type": "github" - }, - "original": { - "owner": "mrobbetts", - "repo": "nixos_extra_modules", - "type": "github" - } - }, "newNixpkgs": { "locked": { "lastModified": 1647380550, @@ -488,7 +472,6 @@ "hosts-list": "hosts-list", "hydra": "hydra", "miifox-net": "miifox-net", - "mrobbetts-extra": "mrobbetts-extra", "nix": "nix", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_5", diff --git a/flake.nix b/flake.nix index 6027fe6e..8c6a2ff8 100644 --- a/flake.nix +++ b/flake.nix @@ -24,8 +24,6 @@ rec { miifox-net.url = "git+https://git.chir.rs/CarolineHusky/MiiFox.net"; miifox-net.flake = false; nixpkgs-systemd-249.url = github:NixOS/nixpkgs/47494ea53c11312dcbf8e453a13f8e605814aa0f; - mrobbetts-extra.url = github:mrobbetts/nixos_extra_modules; - mrobbetts-extra.flake = false; }; outputs = { self, nixpkgs, sops-nix, home-manager, chir-rs, nur, polymc, ... } @ args: diff --git a/modules/tc-cake.nix b/modules/tc-cake.nix new file mode 100644 index 00000000..834e0ebe --- /dev/null +++ b/modules/tc-cake.nix @@ -0,0 +1,186 @@ +# Taken from https://github.com/mrobbetts/nixos_extra_modules/blob/main/tc_cake.nix +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.networking.tc_cake; + + generateUnit = name: opts: nameValuePair "tc_cake-${name}" { + description = "AQM (Cake) rules for ${name}."; + bindsTo = [ "sys-subsystem-net-devices-${name}.device" ]; + after = [ "sys-subsystem-net-devices-${name}.device" "network-pre.target" ]; + requires = [ "sys-subsystem-net-devices-${name}.device" ]; + + before = [ "network.target" ]; + wantedBy = [ "sys-subsystem-net-devices-${name}.device" ]; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = pkgs.writeTextFile { + name = "tc-${name}-start"; + executable = true; + text = '' + #! ${pkgs.runtimeShell} -e + + # Offloading. + ${optionalString opts.disableOffload '' + ${pkgs.ethtool}/bin/ethtool -K ${name} gro off gso off tso off + ''} + + # Egress control. + ${optionalString (opts.shapeEgress.bandwidth != null) '' + ${pkgs.iproute}/bin/tc qdisc add dev ${name} root cake bandwidth ${opts.shapeEgress.bandwidth} ${opts.shapeEgress.extraArgs} + ''} + + # Ingress control. + ${optionalString (opts.shapeIngress.bandwidth != null) '' + ${pkgs.iproute}/bin/tc qdisc add dev ${name} handle ffff: ingress + ${pkgs.iproute}/bin/tc qdisc add dev ${opts.shapeIngress.ifb} root cake bandwidth ${opts.shapeIngress.bandwidth} ingress + ${pkgs.iproute}/bin/tc filter add dev ${name} parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev ${opts.shapeIngress.ifb} + ''} + ''; + }; + + ExecStop = pkgs.writeTextFile { + name = "tc-${name}-stop"; + executable = true; + text = '' + #! ${pkgs.runtimeShell} -e + + # Ingress control. + ${optionalString (opts.shapeIngress.bandwidth != null) '' + ${pkgs.iproute}/bin/tc qdisc del dev ${opts.shapeIngress.ifb} root + ${pkgs.iproute}/bin/tc qdisc del dev ${name} parent ffff: + ''} + + # Egress control. + ${optionalString (opts.shapeEgress.bandwidth != null) '' + ${pkgs.iproute}/bin/tc qdisc del dev ${name} root + ''} + + # Offloading. + ${optionalString opts.disableOffload '' + ${pkgs.ethtool}/bin/ethtool -K ${name} gro on gso on tso on + ''} + ''; + }; + }; + + restartIfChanged = true; + + }; + +in + +{ + + ###### interface + + options = { + + networking.tc_cake = mkOption { + + default = { }; + type = types.attrsOf (types.submodule { + + options = { + + disableOffload = mkOption { + default = false; + type = types.bool; + description = '' + Enabling this will ensure all hardware offloading (to the NIC) is disabled. + ''; + }; + + shapeEgress = mkOption { + type = (types.submodule { + options = { + + bandwidth = mkOption { + default = null; + type = types.nullOr types.str; + example = "16mbit"; + description = '' + A string describing the available outgoing bandwidth, compatible with `tc`. + ''; + }; + + extraArgs = mkOption { + default = ""; + type = types.str; + example = "nat overhead 18 mpu 64 noatm ack-filter"; + description = '' + Additional arguments/flags for the cake qdisc creation. + ''; + }; + }; + }); + default = { + bandwidth = null; + extraArgs = ""; + }; + description = '' + Submodule describing how to shape egress traffic. + ''; + }; + + shapeIngress = mkOption { + type = (types.submodule { + options = { + + bandwidth = mkOption { + default = null; + type = types.nullOr types.str; + example = "75mbit"; + description = '' + A string describing the available incoming bandwidth, compatible with `tc`. + ''; + }; + + ifb = mkOption { + default = "ifb0"; + type = types.str; + example = "ifb0"; + description = '' + The IFB device to use during ingress shaping. Must be unique to this interface. + ''; + }; + }; + }); + default = { + bandwidth = null; + ifb = "ifb0"; + }; + description = '' + Submodule describing how to shape ingress traffic. + ''; + }; + }; + }); + description = '' + The list of traffic control commands, one entry per interface. + ''; + }; + }; + + + ###### Implementation + + config = mkIf (cfg != { }) { + + # systemd.services = mapAttrs generateUnit cfg; + systemd.services = listToAttrs (mapAttrsToList generateUnit cfg); + + boot.kernelModules = [ + "ifb" + "sch_cake" + "sch_red" + "mirred" + ]; + }; + +}