diff --git a/nix/configuration/roles/network/default.nix b/nix/configuration/roles/network/default.nix
index 6c1179b..ee21cd3 100644
--- a/nix/configuration/roles/network/default.nix
+++ b/nix/configuration/roles/network/default.nix
@@ -68,4 +68,25 @@
     # Set wifi to US
     options cfg80211 ieee80211_regdom=US
   '';
+
+  boot.kernel.sysctl = {
+    # Enable TCP packetization-layer PMTUD when an ICMP black hole is detected.
+    "net.ipv4.tcp_mtu_probing" = 1;
+    # Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
+    # We set this in the kernel config, but include this here for unoptimized builds.
+    "net.ipv4.tcp_congestion_control" = "bbr";
+    # Don't do a slow start after a connection has been idle for a single RTO.
+    "net.ipv4.tcp_slow_start_after_idle" = 0;
+    # 3x time to accumulate filesystem changes before flushing to disk.
+    "vm.dirty_writeback_centisecs" = 1500;
+    # Adjust ttl
+    "net.ipv4.ip_default_ttl" = 65;
+    "net.ipv6.conf.all.hop_limit" = 65;
+    "net.ipv6.conf.default.hop_limit" = 65;
+    # Enable IPv6 Privacy Extensions
+    "net.ipv6.conf.all.use_tempaddr" = 2;
+    # Enable IPv6 Privacy Extensions
+    # This is enabled by default in nixos.
+    # "net.ipv6.conf.default.use_tempaddr" = 2;
+  };
 }