Copy over some networking sysctls from my ansible playbook.

2025-04-11 19:22:05 -04:00 · 2025-04-11 19:22:05 -04:00 · 144f83982d
commit 144f83982d
parent a97a03f642
1 changed files with 21 additions and 0 deletions
--- a/nix/configuration/roles/network/default.nix
+++ b/nix/configuration/roles/network/default.nix
@ -68,4 +68,25 @@
    # Set wifi to US
    options cfg80211 ieee80211_regdom=US
  '';
+
+  boot.kernel.sysctl = {
+    # Enable TCP packetization-layer PMTUD when an ICMP black hole is detected.
+    "net.ipv4.tcp_mtu_probing" = 1;
+    # Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
+    # We set this in the kernel config, but include this here for unoptimized builds.
+    "net.ipv4.tcp_congestion_control" = "bbr";
+    # Don't do a slow start after a connection has been idle for a single RTO.
+    "net.ipv4.tcp_slow_start_after_idle" = 0;
+    # 3x time to accumulate filesystem changes before flushing to disk.
+    "vm.dirty_writeback_centisecs" = 1500;
+    # Adjust ttl
+    "net.ipv4.ip_default_ttl" = 65;
+    "net.ipv6.conf.all.hop_limit" = 65;
+    "net.ipv6.conf.default.hop_limit" = 65;
+    # Enable IPv6 Privacy Extensions
+    "net.ipv6.conf.all.use_tempaddr" = 2;
+    # Enable IPv6 Privacy Extensions
+    # This is enabled by default in nixos.
+    # "net.ipv6.conf.default.use_tempaddr" = 2;
+  };
 }