56 lines
1.6 KiB
Nix
56 lines
1.6 KiB
Nix
{ config, lib, ... }: with lib; {
|
|
boot.kernel.sysctl = mkIf config.kyouma.machine-type.physical (mkMerge [{
|
|
"kernel.yama.ptrace_scope" = 1;
|
|
"kernel.kptr_restric" = 2;
|
|
"kernel.ftrace_enabled" = 0;
|
|
"kernel.panic" = -1;
|
|
|
|
"net.core.default_qdisc" = "fq";
|
|
"net.ipv4.tcp_congestion_control" = "bbr";
|
|
|
|
"net.ipv4.tcp_ecn" = 1;
|
|
"net.ipv4.tcp_fastopen" = 3;
|
|
"net.ipv4.tcp_slow_start_after_idle" = 0;
|
|
"net.ipv4.tcp_tw_reuse" = 1;
|
|
"net.ipv4.tcp_mtu_probing" = 1;
|
|
"net.ipv4.tcp_mtu_probe_floor" = 1220;
|
|
|
|
"net.ipv4.tcp_keepalive_time" = 60;
|
|
"net.ipv4.tcp_keepalive_probes" = 6;
|
|
"net.ipv4.tcp_keepalive_intvl" = 10;
|
|
|
|
"net.core.rmem_default" = 16777216;
|
|
"net.core.rmem_max" = 56623104;
|
|
"net.core.wmem_default" = 16777216;
|
|
"net.core.wmem_max" = 56623104;
|
|
"net.core.optmem_max" = 65536;
|
|
"net.ipv4.tcp_rmem" = "4096 1048576 56623104";
|
|
"net.ipv4.tcp_wmem" = "4096 65536 56623104";
|
|
"net.ipv4.tcp_notsent_lowat" = 16384;
|
|
"net.ipv4.udp_rmem_min" = 9216;
|
|
"net.ipv4.udp_wmem_min" = 9216;
|
|
|
|
"net.ipv4.ip_local_port_range" = "16384 65535";
|
|
|
|
"net.ipv6.conf.all.mtu" = 1452;
|
|
"net.ipv6.conf.default.mtu" = 1452;
|
|
|
|
"net.core.bpf_jit_enable" = 1;
|
|
"net.core.bpf_jit_harden" = 1;
|
|
|
|
"net.ipv4.conf.all.accept_redirects" = 0;
|
|
"net.ipv6.conf.all.accept_redirects" = 0;
|
|
"net.ipv4.conf.default.accept_redirects" = 0;
|
|
"net.ipv6.conf.default.accept_redirects" = 0;
|
|
|
|
"net.ipv4.conf.all.accept_source_route" = 0;
|
|
|
|
} (mkIf (!config.kyouma.machine-type.router) {
|
|
# Enable strict source route filtering
|
|
# Disable on BGP routers
|
|
"net.ipv4.conf.all.rp_filter" = 1;
|
|
"net.ipv4.conf.default.rp_filter" = 1;
|
|
})
|
|
]);
|
|
}
|