networking: enable congctl westwood on WLAN or WWAN

diff --git a/hosts/aubergine/networking.nix b/hosts/aubergine/networking.nix
index 69c7cf1f08662b22c77bcb8066b043e1da4d7e02..998e6ab5f55745fbd98b6ed7cd6ea99172cdc239 100644 (file)
--- a/hosts/aubergine/networking.nix
+++ b/hosts/aubergine/networking.nix
@@ -76,6 +76,7 @@ networking.interfaces = {
   ${wifiIface} = {
     useDHCP = false;
     ipv4.addresses = [ { address = "${wifiIPv4}.1"; prefixLength = 24; } ];
+    ipv4.routes = [ { address = "${wifiIPv4}.0"; prefixLength = 24; options = { congctl="westwood";}; } ];
   };
   ${eth1Iface} = {
     useDHCP = false;

diff --git a/nixos/profiles/networking.nix b/nixos/profiles/networking.nix
index 2dee8af207c82ebdbbe3fb8b9145f63ea20ac223..9e4769610f93d314addde3d31e6d90cd9da3e93e 100644 (file)
--- a/nixos/profiles/networking.nix
+++ b/nixos/profiles/networking.nix
@@ -58,8 +58,25 @@ services.openssh = {
     { addr = wg-intra-peers.${hostName}.ipv4; port = 22; }
   ];
 };
-networking.firewall.extraCommands = lib.mkIf config.services.openssh.enable ''
-  ip46tables -A nixos-fw -i wg-intra -p tcp -m tcp --dport 22 -j ACCEPT
-'';
-systemd.services.sshd.after = ["wireguard-wg-intra.service"];
+
+environment.etc."NetworkManager/dispatcher.d/congctl" = {
+  mode = "700";
+  source = pkgs.writeShellScript "congctl" ''
+    case $NM_DISPATCHER_ACTION in
+      up)
+        case $DEVICE_IP_IFACE in
+          # WLAN or WWAN
+          # https://en.wikipedia.org/wiki/TCP_congestion_control#TCP_Westwood+
+          wl*|ww*)
+            ip route show dev $DEVICE_IP_IFACE |
+            while read -r route; do
+              ip route change $route dev $DEVICE_IP_IFACE congctl westwood
+            done
+            ip r >>/tmp/log
+          ;;
+        esac
+      ;;
+    esac
+  '';
+};
 }