system/boot: increase maximum buffer size

References: https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
2024-12-20 16:06:23 +08:00 · 2024-12-20 16:06:23 +08:00 · 22700c13c7
parent a75d3f9ea8
commit 22700c13c7
8 changed files with 28 additions and 9 deletions
--- a/flake.lock
+++ b/flake.lock
@ -413,11 +413,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1733660317,
+        "lastModified": 1734683762,
-        "narHash": "sha256-RaMvzfu7rsbYuwvY5DmtV2XHLZrOlzXFkd3n3YuCkkE=",
+        "narHash": "sha256-GnwQCZ9tx9Cb4PjPySnJrCYB4Fc3c288fw+sAeATXJY=",
        "owner": "rebmit",
        "repo": "nix-exprs",
-        "rev": "898ce2046d8066e21713ca2265f56e1ccdd74275",
+        "rev": "13d8ed59016e492edc92407d4691e45b4fc09d4e",
        "type": "github"
      },
      "original": {
--- a/flake/nixos.nix
+++ b/flake/nixos.nix
@ -42,6 +42,7 @@ let
        services.resolved
        services.vnstat
        system.boot.sysctl.tcp-bbr
        system.boot.sysctl.udp-buffer-size
        # keep-sorted end
      ];
--- a/nixos/modules/networking/ports.nix
+++ b/nixos/modules/networking/ports.nix
@ -10,10 +10,11 @@ in
    default = {
      # standard ports
      smtp = 25;
      dns = 53;
      http = 80;
      https = 443;
      smtp-tls = 465;
-      smtp-starttls = 587;
+      smtp-submission = 587;
      imap-tls = 993;
      socks = 1080;
      ssh = 2222;
@ -28,6 +29,7 @@ in
      mautrix-telegram = 4032;
      rspamd-controller = 4040;
      rspamd-redis = 4041;
      caddy-admin = 4050;
      # public ports
      enthalpy-ipsec = 13000;
--- a/nixos/profiles/services/caddy/default.nix
+++ b/nixos/profiles/services/caddy/default.nix
@ -25,4 +25,8 @@
  };
  services.restic.backups.b2.paths = [ config.services.caddy.dataDir ];
  services.caddy.globalConfig = ''
    admin 127.0.0.1:${toString config.networking.ports.caddy-admin}
  '';
 }
--- a/nixos/profiles/services/keycloak/default.nix
+++ b/nixos/profiles/services/keycloak/default.nix
@ -17,6 +17,7 @@
      http-port = config.networking.ports.keycloak;
      proxy-headers = "xforwarded";
      hostname = "keycloak.rebmit.moe";
      cache = "local";
    };
  };
--- a/nixos/profiles/services/mail/dovecot.nix
+++ b/nixos/profiles/services/mail/dovecot.nix
@ -29,11 +29,11 @@ in
        mkOpts = opts: lib.concatLists (lib.mapAttrsToList mkKeyVal opts);
      in
      {
-        "127.0.0.1:${toString config.networking.ports.smtp-starttls}".args = lib.mkBefore (mkOpts {
+        "127.0.0.1:${toString config.networking.ports.smtp-submission}".args = mkOpts {
          smtpd_sasl_auth_enable = "yes";
          smtpd_sasl_type = "dovecot";
          smtpd_sasl_path = "/run/dovecot2/auth-postfix";
-        });
+        };
      };
  };
@ -58,9 +58,12 @@ in
        '';
      };
    };
    enableDHE = false;
    enableImap = true;
    enableLmtp = true;
    enablePAM = false;
-    enableDHE = false;
+    enablePop3 = false;
    enableQuota = false;
    mailPlugins.perProtocol.lmtp.enable = [ "sieve" ];
    mailLocation = "maildir:~";
    mailboxes = {
@ -160,7 +163,7 @@ in
          }
          proxy {
            proxy_protocol v2
-            upstream 127.0.0.1:${toString config.networking.ports.smtp-starttls}
+            upstream 127.0.0.1:${toString config.networking.ports.smtp-submission}
          }
        }
      }
--- a/nixos/profiles/services/mail/postfix.nix
+++ b/nixos/profiles/services/mail/postfix.nix
@ -66,7 +66,7 @@
        lmtp = {
          args = [ "flags=O" ];
        };
-        "127.0.0.1:${toString config.networking.ports.smtp-starttls}" = {
+        "127.0.0.1:${toString config.networking.ports.smtp-submission}" = {
          type = "inet";
          private = false;
          command = "smtpd";
--- a/nixos/profiles/system/boot/sysctl/udp-buffer-size.nix
+++ b/nixos/profiles/system/boot/sysctl/udp-buffer-size.nix
@ -0,0 +1,8 @@
 { ... }:
 {
  # https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
  boot.kernel.sysctl = {
    "net.core.rmem_max" = 7500000;
    "net.core.wmem_max" = 7500000;
  };
 }