Adding rate limit for zora, and other config tweaks

2026-01-22 16:25:35 +01:00 · 2026-01-22 16:25:35 +01:00 · 9a4ff80762
commit 9a4ff80762
parent 9b595c7f13
8 changed files with 90 additions and 40 deletions
--- a/flake.lock
+++ b/flake.lock
@ -47,11 +47,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768696246,
+        "lastModified": 1768786317,
-        "narHash": "sha256-IuoFZtPL/M0lNN4V+MOZT0eyTfh1FvUj9Ubo7yvhYPU=",
+        "narHash": "sha256-B+mFBhKQUEd543lxmBnJWiMvN/mbTzwIDmVbI1GlvKk=",
        "owner": "9001",
        "repo": "copyparty",
-        "rev": "d9255538100f5196a7e4ffdd78661f68d77cdb4f",
+        "rev": "78f6855f08a210ded0eeb34da9eafb9cc2de024b",
        "type": "github"
      },
      "original": {
@ -109,11 +109,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766150702,
+        "lastModified": 1768923567,
-        "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
+        "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
+        "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28",
        "type": "github"
      },
      "original": {
@ -245,11 +245,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1768703115,
+        "lastModified": 1768927746,
-        "narHash": "sha256-JAXjGiDWlQJSwniCYlnEwU/2KjI0bJ/lV0gpyD9UjxE=",
+        "narHash": "sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "05fd3bababe5924f9a6128285e7cf6c67d45f3c0",
+        "rev": "63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df",
        "type": "github"
      },
      "original": {
@ -267,11 +267,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767104570,
+        "lastModified": 1768434960,
-        "narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=",
+        "narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf",
+        "rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b",
        "type": "github"
      },
      "original": {
@ -335,11 +335,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1768584846,
+        "lastModified": 1768736227,
-        "narHash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0=",
+        "narHash": "sha256-qgGq7CfrYKc3IBYQ7qp0Z/ZXndQVC5Bj0N8HW9mS2rM=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "cce68f4a54fa4e3d633358364477f5cc1d782440",
+        "rev": "d447553bcbc6a178618d37e61648b19e744370df",
        "type": "github"
      },
      "original": {
@ -431,11 +431,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1766902085,
+        "lastModified": 1768127708,
-        "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=",
+        "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4",
+        "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
        "type": "github"
      },
      "original": {
@ -533,11 +533,11 @@
        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
-        "lastModified": 1768638486,
+        "lastModified": 1768919538,
-        "narHash": "sha256-+LC0wOiliUXbIj6zT2hCoOQ0zn33BD2NxGoy0QqP3Eo=",
+        "narHash": "sha256-w10iy/aqd5LtD78NDWWG+eKGzkb+cGhAAo7PVciLbWE=",
        "owner": "0xc000022070",
        "repo": "zen-browser-flake",
-        "rev": "76bbc35c59419b8b0616fb779ce5600e85edab11",
+        "rev": "37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc",
        "type": "github"
      },
      "original": {
--- a/hosts/zora/networking.nix
+++ b/hosts/zora/networking.nix
@ -101,20 +101,36 @@
  };
  # Imposing a bandwidth limit to avoid Aurore/Crans disruptions
-  # networking.nftables = {
+  networking.nftables = {
-  #   tables.rate_limit = {
+    tables.rate_limit = {
-  #     name = "rate_limit";
+      name = "rate_limit";
-  #     family = "inet";
+      family = "inet";
-  #     enable = true;
+      enable = true;
-  #     content = ''
+      content = ''
-  #       limit lim  { rate over 20 mbytes/second burst 40 mbytes ; comment "use to limit taffic" ; }
+        limit ratelimit { rate 1250 kbytes/second burst 2500 kbytes ; comment "used to limit taffic" ; }
-  #       chain IN {
+        chain input {
-  #         type filter hook input priority filter; policy drop;
+          type filter hook input priority 0; policy drop;
-  #         tcp dport 80 limit name "lim" accept
+
-  #         tcp dport 443 limit name "lim" accept
+          iifname lo accept
          tcp dport 22 accept
          iifname ens2f0 limit name "ratelimit" accept
          iifname veth-mogma limit name "ratelimit" accept
        }
      '';
        # chain output {
        #   type filter hook output priority 0; policy drop;
        #   iifname lo accept
        #   tcp dport 22 accept
        #   iifname ens2f0 limit name "ratelimit" accept
        # }
-  #     '';
+    };
-  #   };
+  };
  # };
 }
--- a/modules/common/packages.nix
+++ b/modules/common/packages.nix
@ -18,6 +18,8 @@
    man-pages-posix
    python3
    cheat
    htop
    killall
    # Nix
    home-manager
--- a/modules/desktop/gaming/default.nix
+++ b/modules/desktop/gaming/default.nix
@ -27,4 +27,18 @@
    mangohud
    protonup-ng
  ];
  # Additional rules for Switch 2 pro controllers
  services.udev.extraRules = ''
    SUBSYSTEM=="usb", ATTR{idVendor}=="057e", ATTR{idProduct}=="2066", MODE="0666"
    SUBSYSTEM=="usb", ATTR{idVendor}=="057e", ATTR{idProduct}=="2067", MODE="0666"
    SUBSYSTEM=="usb", ATTR{idVendor}=="057e", ATTR{idProduct}=="2068", MODE="0666"
    SUBSYSTEM=="usb", ATTR{idVendor}=="057e", ATTR{idProduct}=="2069", MODE="0666"
    SUBSYSTEM=="usb", ATTR{idVendor}=="057e", ATTR{idProduct}=="2073", MODE="0666"
    SUBSYSTEM=="hidraw", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="2066", MODE="0666"
    SUBSYSTEM=="hidraw", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="2067", MODE="0666"
    SUBSYSTEM=="hidraw", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="2068", MODE="0666"
    SUBSYSTEM=="hidraw", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="2069", MODE="0666"
    SUBSYSTEM=="hidraw", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="2073", MODE="0666"  
  '';
 }
--- a/modules/server/agraf/default.nix
+++ b/modules/server/agraf/default.nix
@ -153,6 +153,14 @@
            r = [ "*" ];
          };
        };
        "/u/lyes/data" = {
          path = "/var/data/";
          access = {
            "rwmd." = [ "lyes" ];
          };
        };
      };
    openFilesLimit = 65536;
--- a/modules/server/lanayru/default.nix
+++ b/modules/server/lanayru/default.nix
@ -16,12 +16,20 @@
        ip = "0.0.0.0";
        port = 44312;
        downloadsPath = "${config.services.suwayomi-server.dataDir}";
        downloadAsCbz = true;
        autoDownloadNewChapters = true;
        excludeEntryWithUnreadChapters = false;
        excludeUnreadChapters = false;
        excludeNotStarted = false;
        excludeCompleted = false;
        globalUpdateInterval = 6;
        extensionRepos = [
          "https://raw.githubusercontent.com/keiyoushi/extensions/repo/index.min.json"
        ];
        downloadAsCbz = true;
        basicAuthEnabled = true;
        basicAuthUsername = "lyes";
        basicAuthPasswordFile = config.age.secrets.suwayomi-pass.path;
@ -29,7 +37,7 @@
        # backupPath = "/unv/backups/suwayomi";
        # backupTime = "07:11";
-        localSourcePath = "/var/data/manga/local";
+        localSourcePath = "${config.services.suwayomi-server.dataDir}/local";
      };
    };
  };
--- a/users/lyes/desktop/packages.nix
+++ b/users/lyes/desktop/packages.nix
@ -65,7 +65,7 @@ in {
    # Games
    heroic
-    # cemu
+    cemu
    prismlauncher
    # vvvvvv
    ryubing
@ -137,6 +137,7 @@ in {
    z3
    # CryptoVerif
    cryptoverif
    fstar
    # Containers & VMs
    toolbox
--- a/users/lyes/home/shells/fish.nix
+++ b/users/lyes/home/shells/fish.nix
@ -24,6 +24,7 @@
      ls = "eza";
      cat = "bat";
      grep = "rg";
      ncdu = "dust";
    };
    shellInit = ''