From 0793b93a0a7faa29093b2b9d8c6a33d6baea0b00 Mon Sep 17 00:00:00 2001
From: Erwin Boskma <erwin@datarift.nl>
Date: Wed, 17 Jan 2024 09:40:26 +0100
Subject: [PATCH] odin: Tweak kernel settings for caddy, open port

---
 machines/odin/configuration.nix | 5 +++++
 machines/odin/network.nix       | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/machines/odin/configuration.nix b/machines/odin/configuration.nix
index c5b1d1d..e325a50 100644
--- a/machines/odin/configuration.nix
+++ b/machines/odin/configuration.nix
@@ -62,6 +62,11 @@
     # kernelParams = [ "intel_iommu=on" "i915.enable_gvt=1" "cpufreq.default_governor=ondemand" ];
 
     extraModulePackages = with config.boot.kernelPackages; [ gasket ];
+
+    kernel.sysctl = {
+      "net.core.rmem_max" = 2500000;
+      "net.core.wmem_max" = 2500000;
+    };
   };
 
   hardware.enableAllFirmware = true;
diff --git a/machines/odin/network.nix b/machines/odin/network.nix
index 39d454d..b718094 100644
--- a/machines/odin/network.nix
+++ b/machines/odin/network.nix
@@ -5,6 +5,10 @@
     networkmanager.enable = false;
     useNetworkd = true;
     nftables.enable = true;
+
+    firewall = {
+      allowedTCPPorts = [ 8443 ];
+    };
   };
 
   systemd = {