11 networking/nftables.nix
14 boot.kernel.sysctl = {
15 # Improve MTU detection
16 # This can thaw TCP connections stalled by a host
17 # requiring a lower MTU along the path,
18 # though it would do so after a little delay
19 # so it's better to set a low MTU when possible.
20 "net/ipv4/tcp_mtu_probing" = 1;
22 # Use TCP BBR to significantly increase throughput
23 # and reduce latency for connections.
24 "net/ipv4/tcp_congestion_control" = mkDefault "bbr";
26 # BBR must be used with the fq or fq_codel qdisc with pacing enabled,
27 # since pacing is integral to the BBR design and implementation.
28 # BBR without pacing would not function properly,
29 # and may incur unnecessary high packet loss rates.
31 # See https://github.com/systemd/systemd/issues/9725#issuecomment-412287161
32 # See https://github.com/systemd/systemd/issues/9725#issuecomment-413796842
33 # > The best all-round general purpose default for linux remains fq_codel.
34 "net/core/default_qdisc" = mkDefault "fq_codel";
36 # Request Explicit Congestion Notification (ECN)
37 # only for incoming connections (not outgoing).
38 # See https://github.com/systemd/systemd/issues/9748#issuecomment-1261352478
39 # > My answer to the ECN situation remains - turn it on
40 # > - see if it works - don't inflict your decision on others.
41 # > $ sysctl -w net.ipv4.tcp_ecn=1
42 # > $ flent -H flent-newark.bufferbloat.net -t 'now tv hub ecn' \
43 # > --te=download_streams=1 --socket-stats tcp_ndown # try 1,4,16
44 # > $ sysctl -w net.ipv4.tcp_ecn=2
45 # > $ flent -H flent-newark.bufferbloat.net -t 'now tv hub noecn' \
46 # > --te=download_streams=1 --socket-stats tcp_ndown # try 1,4,16
47 # > you can then use flent-gui *.flent.gz to generate a variety of plots,
48 # > especially comparison plots.
49 "net/ipv4/tcp_ecn" = mkDefault 2;
54 domain = mkDefault "sp";
55 #search = [ "sourcephile.fr" ];
57 enable = mkDefault true;
58 allowPing = mkDefault true;
62 logLevel = mkDefault "INFO";
65 #backend = "wpa_supplicant";
66 powersave = mkDefault false;
69 usePredictableInterfaceNames = true;
72 programs.mtr.enable = true;
73 programs.traceroute.enable = mkDefault true;
74 programs.usbtop.enable = true;
76 services.openssh.enable = mkDefault true;
78 # Fix https://github.com/NixOS/nixpkgs/issues/180175 by removing -s (aka. --wait-for-startup)
79 systemd.services.NetworkManager-wait-online = lib.mkIf config.networking.networkmanager.enable {
80 unitConfig.StartLimitIntervalSec = 0;
84 "${pkgs.networkmanager}/bin/nm-online -q"
86 Restart = "on-failure";
90 environment.etc."NetworkManager/dispatcher.d/congctl" = {
92 source = pkgs.writeShellScript "congctl" ''
93 case $NM_DISPATCHER_ACTION in
95 case $DEVICE_IP_IFACE in
97 # https://en.wikipedia.org/wiki/TCP_congestion_control#TCP_Westwood+
99 ip route show dev $DEVICE_IP_IFACE |
100 while read -r route; do
101 ip route change $route dev $DEVICE_IP_IFACE congctl westwood
110 # The notion of "online" is a broken concept
111 #systemd.services.NetworkManager-wait-online.enable = false;
112 #systemd.network.wait-online.enable = false;
114 # Do not take down the network for too long when upgrading,
115 # This also prevents failures of services that are restarted instead of stopped.
116 # It will use `systemctl restart` rather than stopping it with `systemctl stop`
117 # followed by a delayed `systemctl start`.
118 systemd.services.systemd-networkd.stopIfChanged = false;
120 # Services that are only restarted might be not able
121 # to resolve when resolved is stopped before.
122 systemd.services.systemd-resolved.stopIfChanged = false;
sourcephile / git / julm / julm-nix.git / blob