Christoph Heiss
df9b15996d
Runs blocky + unbound for custom DNS. Also adds all the common nix infrastructure needed. Signed-off-by: Christoph Heiss <christoph@c8h4.io>
21 lines
526 B
Nix
21 lines
526 B
Nix
{ config, lib, ... }:
|
|
|
|
{
|
|
boot.kernel.sysctl = lib.mkIf (!config.boot.isContainer) {
|
|
# Discourage from swapping out idle processes
|
|
"vm.swappiness" = 1;
|
|
|
|
# Less aggressive vfs cache reclaiming
|
|
"vm.vfs_cache_pressure" = 50;
|
|
|
|
# Less aggressive task migrations
|
|
"kernel.sched_autogroup_enabled" = 0;
|
|
"kernel.sched_migration_cost_ns" = 5000000;
|
|
|
|
"net.ipv4.tcp_fastopen" = 3;
|
|
"net.ipv4.tcp_tw_reuse" = 1;
|
|
"net.ipv4.tcp_congestion_control" = "bbr";
|
|
"net.core.default_qdisc" = "fq";
|
|
};
|
|
}
|