From 6f8f8894e54fda61e4fb97ad1a165affadf0c2db Mon Sep 17 00:00:00 2001
From: Ryan Yin <xiaoyin_c@qq.com>
Date: Sun, 24 Mar 2024 22:01:16 +0800
Subject: [PATCH] fix: dae - kernel parameters

---
 hosts/idols-aquamarine/dae.nix    | 1 -
 hosts/idols-aquamarine/router.nix | 5 +++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hosts/idols-aquamarine/dae.nix b/hosts/idols-aquamarine/dae.nix
index c908bda4..0f468f95 100644
--- a/hosts/idols-aquamarine/dae.nix
+++ b/hosts/idols-aquamarine/dae.nix
@@ -11,7 +11,6 @@ let
 in {
   imports = [
     daeuniverse.nixosModules.dae
-    daeuniverse.nixosModules.daed
   ];
 
   # dae - eBPF-based Linux high-performance transparent proxy.
diff --git a/hosts/idols-aquamarine/router.nix b/hosts/idols-aquamarine/router.nix
index 1325d552..9f6b76e4 100644
--- a/hosts/idols-aquamarine/router.nix
+++ b/hosts/idols-aquamarine/router.nix
@@ -10,12 +10,13 @@ in {
   # https://github.com/ghostbuster91/blogposts/blob/main/router2023-part2/main.md
   boot = {
     kernel = {
+      # https://github.com/daeuniverse/dae/blob/main/docs/en/user-guide/kernel-parameters.md
       sysctl = {
         # forward network packets that are not destined for the interface on which they were received
         "net.ipv4.conf.all.forwarding" = true;
         "net.ipv6.conf.all.forwarding" = true;
         "net.ipv4.conf.br-lan.rp_filter" = 1;
-        "net.ipv4.conf.wan.rp_filter" = 1;
+        "net.ipv4.conf.br-lan.send_redirects" = 0;
       };
     };
   };
@@ -37,7 +38,7 @@ in {
     # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/networking/nftables.nix
     nftables = {
       enable = true;
-      # Check the applyed rules with `nft -a list ruleset`.
+      # Check the applied rules with `nft -a list ruleset`.
       # Since this is a internal bypass router, we don't need to do NAT & can forward all traffic.
       ruleset = ''
         # Check out https://wiki.nftables.org/ for better documentation.