From 22700c13c7d399003ed79e6563140eb8edbe92f7 Mon Sep 17 00:00:00 2001
From: Lu Wang <rebmit@rebmit.moe>
Date: Fri, 20 Dec 2024 16:06:23 +0800
Subject: [PATCH] system/boot: increase maximum buffer size

References: https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
---
 flake.lock                                            |  6 +++---
 flake/nixos.nix                                       |  1 +
 nixos/modules/networking/ports.nix                    |  4 +++-
 nixos/profiles/services/caddy/default.nix             |  4 ++++
 nixos/profiles/services/keycloak/default.nix          |  1 +
 nixos/profiles/services/mail/dovecot.nix              | 11 +++++++----
 nixos/profiles/services/mail/postfix.nix              |  2 +-
 nixos/profiles/system/boot/sysctl/udp-buffer-size.nix |  8 ++++++++
 8 files changed, 28 insertions(+), 9 deletions(-)
 create mode 100644 nixos/profiles/system/boot/sysctl/udp-buffer-size.nix

diff --git a/flake.lock b/flake.lock
index cfc6a29..ba48d47 100644
--- a/flake.lock
+++ b/flake.lock
@@ -413,11 +413,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1733660317,
-        "narHash": "sha256-RaMvzfu7rsbYuwvY5DmtV2XHLZrOlzXFkd3n3YuCkkE=",
+        "lastModified": 1734683762,
+        "narHash": "sha256-GnwQCZ9tx9Cb4PjPySnJrCYB4Fc3c288fw+sAeATXJY=",
         "owner": "rebmit",
         "repo": "nix-exprs",
-        "rev": "898ce2046d8066e21713ca2265f56e1ccdd74275",
+        "rev": "13d8ed59016e492edc92407d4691e45b4fc09d4e",
         "type": "github"
       },
       "original": {
diff --git a/flake/nixos.nix b/flake/nixos.nix
index 1993ad1..f528fb6 100644
--- a/flake/nixos.nix
+++ b/flake/nixos.nix
@@ -42,6 +42,7 @@ let
         services.resolved
         services.vnstat
         system.boot.sysctl.tcp-bbr
+        system.boot.sysctl.udp-buffer-size
         # keep-sorted end
       ];
 
diff --git a/nixos/modules/networking/ports.nix b/nixos/modules/networking/ports.nix
index 5c3daaf..23978fc 100644
--- a/nixos/modules/networking/ports.nix
+++ b/nixos/modules/networking/ports.nix
@@ -10,10 +10,11 @@ in
     default = {
       # standard ports
       smtp = 25;
+      dns = 53;
       http = 80;
       https = 443;
       smtp-tls = 465;
-      smtp-starttls = 587;
+      smtp-submission = 587;
       imap-tls = 993;
       socks = 1080;
       ssh = 2222;
@@ -28,6 +29,7 @@ in
       mautrix-telegram = 4032;
       rspamd-controller = 4040;
       rspamd-redis = 4041;
+      caddy-admin = 4050;
 
       # public ports
       enthalpy-ipsec = 13000;
diff --git a/nixos/profiles/services/caddy/default.nix b/nixos/profiles/services/caddy/default.nix
index 4b69f23..d15bb17 100644
--- a/nixos/profiles/services/caddy/default.nix
+++ b/nixos/profiles/services/caddy/default.nix
@@ -25,4 +25,8 @@
   };
 
   services.restic.backups.b2.paths = [ config.services.caddy.dataDir ];
+
+  services.caddy.globalConfig = ''
+    admin 127.0.0.1:${toString config.networking.ports.caddy-admin}
+  '';
 }
diff --git a/nixos/profiles/services/keycloak/default.nix b/nixos/profiles/services/keycloak/default.nix
index 161c6d7..441285b 100644
--- a/nixos/profiles/services/keycloak/default.nix
+++ b/nixos/profiles/services/keycloak/default.nix
@@ -17,6 +17,7 @@
       http-port = config.networking.ports.keycloak;
       proxy-headers = "xforwarded";
       hostname = "keycloak.rebmit.moe";
+      cache = "local";
     };
   };
 
diff --git a/nixos/profiles/services/mail/dovecot.nix b/nixos/profiles/services/mail/dovecot.nix
index 4ec3a29..5061649 100644
--- a/nixos/profiles/services/mail/dovecot.nix
+++ b/nixos/profiles/services/mail/dovecot.nix
@@ -29,11 +29,11 @@ in
         mkOpts = opts: lib.concatLists (lib.mapAttrsToList mkKeyVal opts);
       in
       {
-        "127.0.0.1:${toString config.networking.ports.smtp-starttls}".args = lib.mkBefore (mkOpts {
+        "127.0.0.1:${toString config.networking.ports.smtp-submission}".args = mkOpts {
           smtpd_sasl_auth_enable = "yes";
           smtpd_sasl_type = "dovecot";
           smtpd_sasl_path = "/run/dovecot2/auth-postfix";
-        });
+        };
       };
   };
 
@@ -58,9 +58,12 @@ in
         '';
       };
     };
+    enableDHE = false;
+    enableImap = true;
     enableLmtp = true;
     enablePAM = false;
-    enableDHE = false;
+    enablePop3 = false;
+    enableQuota = false;
     mailPlugins.perProtocol.lmtp.enable = [ "sieve" ];
     mailLocation = "maildir:~";
     mailboxes = {
@@ -160,7 +163,7 @@ in
           }
           proxy {
             proxy_protocol v2
-            upstream 127.0.0.1:${toString config.networking.ports.smtp-starttls}
+            upstream 127.0.0.1:${toString config.networking.ports.smtp-submission}
           }
         }
       }
diff --git a/nixos/profiles/services/mail/postfix.nix b/nixos/profiles/services/mail/postfix.nix
index 397b628..6e31afc 100644
--- a/nixos/profiles/services/mail/postfix.nix
+++ b/nixos/profiles/services/mail/postfix.nix
@@ -66,7 +66,7 @@
         lmtp = {
           args = [ "flags=O" ];
         };
-        "127.0.0.1:${toString config.networking.ports.smtp-starttls}" = {
+        "127.0.0.1:${toString config.networking.ports.smtp-submission}" = {
           type = "inet";
           private = false;
           command = "smtpd";
diff --git a/nixos/profiles/system/boot/sysctl/udp-buffer-size.nix b/nixos/profiles/system/boot/sysctl/udp-buffer-size.nix
new file mode 100644
index 0000000..03be3b3
--- /dev/null
+++ b/nixos/profiles/system/boot/sysctl/udp-buffer-size.nix
@@ -0,0 +1,8 @@
+{ ... }:
+{
+  # https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
+  boot.kernel.sysctl = {
+    "net.core.rmem_max" = 7500000;
+    "net.core.wmem_max" = 7500000;
+  };
+}