diff --git a/deploy/files/etc/left4me/cake.env b/deploy/files/etc/left4me/cake.env new file mode 100644 index 0000000..dd5a56f --- /dev/null +++ b/deploy/files/etc/left4me/cake.env @@ -0,0 +1,12 @@ +# left4me — CAKE egress shaper config. Consumed by left4me-cake.service via +# its EnvironmentFile=. Edit then `systemctl restart left4me-cake.service`. +# See docs/superpowers/specs/2026-05-10-l4d2-network-shaping-design.md. + +# Uplink bandwidth in Mbit/s. Set to ~95% of the smaller of measured upload +# and measured download. CAKE only shapes correctly when its declared +# bandwidth sits below the real bottleneck. If unset, the shaper unit logs +# a warning and exits 0 (no shaping). +LEFT4ME_UPLINK_MBIT= + +# Egress interface. If unset, auto-detected from the IPv4 default route. +LEFT4ME_UPLINK_IFACE= diff --git a/deploy/tests/test_deploy_artifacts.py b/deploy/tests/test_deploy_artifacts.py index d88dc1b..6c47f3e 100644 --- a/deploy/tests/test_deploy_artifacts.py +++ b/deploy/tests/test_deploy_artifacts.py @@ -21,6 +21,7 @@ JOURNALCTL_HELPER = DEPLOY / "files/usr/local/libexec/left4me/left4me-journalctl OVERLAY_HELPER = DEPLOY / "files/usr/local/libexec/left4me/left4me-overlay" SCRIPT_SANDBOX_HELPER = DEPLOY / "files/usr/local/libexec/left4me/left4me-script-sandbox" SANDBOX_RESOLV_CONF = DEPLOY / "files/etc/left4me/sandbox-resolv.conf" +CAKE_ENV = DEPLOY / "files/etc/left4me/cake.env" SUDOERS = DEPLOY / "files/etc/sudoers.d/left4me" HOST_ENV = DEPLOY / "templates/etc/left4me/host.env" WEB_ENV_TEMPLATE = DEPLOY / "templates/etc/left4me/web.env.template" @@ -756,3 +757,16 @@ def test_nft_mark_unit_loads_and_clears_left4me_table(): ) assert "ExecStop=/usr/sbin/nft delete table inet left4me_mark" in text assert "WantedBy=multi-user.target" in text + + +def test_cake_env_template_documents_required_knobs(): + assert CAKE_ENV.is_file() + text = CAKE_ENV.read_text() + + # Both knobs are documented and present (commented OK; the deploy preserves + # operator edits, so the template must not bake in a wrong value). + assert "LEFT4ME_UPLINK_MBIT" in text + assert "LEFT4ME_UPLINK_IFACE" in text + # Empty defaults: shaper unit no-ops with a journal warning when unset. + assert "LEFT4ME_UPLINK_MBIT=" in text + assert "LEFT4ME_UPLINK_IFACE=" in text