I’m trying to strictly limit system resources, running on my NixOS machine. I was able to limit memory and CPU usage, using systemd configuration, but systemd is unable to limit certain services from using all of the network capabilities. Furthermore, I need to limit network speeds for ports, but not for services. Is there’s any way to limit network speed for income and outcome(separatedly), declaratively and using standart NixOS firewall?
there doesn’t seem to be any limiting options in the the nixos networking modules, apart from
If pings are allowed, this allows setting rate limits on them. If non-null, this option should be in the form of flags like "--limit 1/minute --limit-burst 5"
null or strings concatenated with " "
"--limit 1/minute --limit-burst 5"
Which only will limit internet control message protocol packets .
You can hot wire the firewall with your own iptables limit rules… I need to look into this myself.
which seems to be made for this purpose… I’ve not used it but it may be give you some clues.
What exactly is your use case, sometimes limiting things can not give you quite the results you would expect… qos seems to ‘work’ best on your gateway (if you have control of this), as this is usually where wider area network bandwidth is lower than local area network bandwidth.
I also missed
Which is the alternative, but may break some things? Apparently it doesn’t work with NAT currently, but this may have been fixed…
You’ve got some options to play with, report back your ‘limiting’.