From 9e29d53040fbada7343a2cdbe99d27ca594d14ae Mon Sep 17 00:00:00 2001 From: albert Date: Mon, 5 Aug 2024 12:20:46 +0900 Subject: [PATCH] Update docker --- nixos/common/services/docker.nix | 8 ++++++-- nixos/hosts/framework-server/fail2ban/traefik.nix | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/nixos/common/services/docker.nix b/nixos/common/services/docker.nix index 6cb934f9..7b2c3e04 100644 --- a/nixos/common/services/docker.nix +++ b/nixos/common/services/docker.nix @@ -1,7 +1,11 @@ { inputs, pkgs, system, ... }: { boot.kernel.sysctl = { - "fs.inotify.max_user_watches" = 10485760; - "fs.inotify.max_user_instances" = 1024; + "fs.inotify.max_user_watches" = 52428800; + "fs.inotify.max_user_instances" = 4096; + + # Testing... + "net.core.netdev_max_backlog" = 4000; + "net.ipv4.tcp_max_syn_backlog" = 4096; }; virtualisation.docker = { diff --git a/nixos/hosts/framework-server/fail2ban/traefik.nix b/nixos/hosts/framework-server/fail2ban/traefik.nix index e29bef86..9a134e56 100644 --- a/nixos/hosts/framework-server/fail2ban/traefik.nix +++ b/nixos/hosts/framework-server/fail2ban/traefik.nix @@ -9,7 +9,7 @@ settings = { enabled = true; filter = "traefik-general-forceful-browsing"; - action = ''action-ban-docker-forceful-browsing''; + action = "action-ban-docker-forceful-browsing"; logpath = "/var/log/traefik/access.log"; backend = "auto"; findtime = 600;