starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-03-17 23:14:07 +01:00
Code Issues Packages Projects Releases 10 Wiki Activity

fix: dae - kernel parameters

Browse Source
This commit is contained in:
Ryan Yin
2024-03-24 22:01:16 +08:00
parent 5524422e6c
commit 6f8f8894e5
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/idols-aquamarine/dae.nix
View File

@@ -11,7 +11,6 @@ let
in {
imports = [
daeuniverse.nixosModules.dae
daeuniverse.nixosModules.daed
];
# dae - eBPF-based Linux high-performance transparent proxy.

5
hosts/idols-aquamarine/router.nix
View File

@@ -10,12 +10,13 @@ in {
# https://github.com/ghostbuster91/blogposts/blob/main/router2023-part2/main.md
boot = {
kernel = {
# https://github.com/daeuniverse/dae/blob/main/docs/en/user-guide/kernel-parameters.md
sysctl = {
# forward network packets that are not destined for the interface on which they were received
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
"net.ipv4.conf.br-lan.rp_filter" = 1;
"net.ipv4.conf.wan.rp_filter" = 1;
"net.ipv4.conf.br-lan.send_redirects" = 0;
};
};
};
@@ -37,7 +38,7 @@ in {
# https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/networking/nftables.nix
nftables = {
enable = true;
# Check the applyed rules with `nft -a list ruleset`.
# Check the applied rules with `nft -a list ruleset`.
# Since this is a internal bypass router, we don't need to do NAT & can forward all traffic.
ruleset = ''
# Check out https://wiki.nftables.org/ for better documentation.