summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--system/linde.nix76
1 files changed, 59 insertions, 17 deletions
diff --git a/system/linde.nix b/system/linde.nix
index 7b0634f9..8e8835a8 100644
--- a/system/linde.nix
+++ b/system/linde.nix
@@ -217,26 +217,38 @@ in
       ];
     };
     resolvconf = {
-      enable = true;
+      enable = false;
       useLocalResolver = false;
     };
   };
-  services.resolved.enable = false;
+  services.resolved = {
+    enable = true;
+    llmnr = "false";
+  };
   systemd.network = {
     enable = true;
-    wait-online = {
-      extraArgs = [ "--interface" netif ];
-    };
     networks.${netif} =
       {
         name = netif;
-        gateway = [ net-gw ];
-        routes = [{
-          routeConfig = {
-            Gateway = net-gw6;
-            PreferredSource = net-ip6;
-          };
-        }];
+        routes = [
+          {
+            routeConfig = {
+              Gateway = net-gw6;
+              PreferredSource = net-ip6;
+              QuickAck = true;
+              InitialCongestionWindow = 30;
+              InitialAdvertisedReceiveWindow = 30;
+            };
+          }
+          {
+            routeConfig = {
+              Gateway = net-gw;
+              QuickAck = true;
+              InitialCongestionWindow = 30;
+              InitialAdvertisedReceiveWindow = 30;
+            };
+          }
+        ];
         address = [
           "${net-ip6}/${net-mask6}"
           "${net-rdnsip}/${net-mask6}"
@@ -260,11 +272,41 @@ in
     MaxRetentionSec=1 month
   '';
 
-  boot.kernel.sysctl = {
-    "net.ipv4.tcp_allowed_congestion_control" = "bbr illinois reno";
-    "net.ipv4.tcp_congestion_control" = "bbr";
-    "net.core.default_qdisc" = "fq";
-  };
+  boot.kernel.sysctl =
+    let
+      buffer_size = 16 * 1024 * 1024;
+      server_count = 2;
+      max_clients = 100;
+      page_size = 4096;
+      # This server might have 100 clients simultaneously, so:
+      #   max(tcp_wmem) * 2 * 100 / 4096
+      mem = toString (buffer_size * server_count * max_clients / page_size);
+    in
+    {
+      "net.ipv4.tcp_allowed_congestion_control" = "bbr illinois reno";
+      "net.ipv4.tcp_congestion_control" = "bbr";
+      "net.core.default_qdisc" = "fq";
+
+      # Provide adequate buffer memory.
+      # rmem_max and wmem_max are TCP max buffer size
+      # settable with setsockopt(), in bytes
+      # tcp_rmem and tcp_wmem are per socket in bytes.
+      # tcp_mem is for all TCP streams, in 4096-byte pages.
+      # The following are suggested on IBM's
+      # High Performance Computing page
+      "net.core.rmem_max" = buffer_size;
+      "net.core.wmem_max" = buffer_size;
+      "net.core.rmem_default" = buffer_size;
+      "net.core.wmem_default" = buffer_size;
+      "net.ipv4.tcp_rmem" = "4096 87380 ${toString buffer_size}";
+      "net.ipv4.tcp_wmem" = "4096 87380 ${toString buffer_size}";
+      "net.ipv4.tcp_mem" = "${mem} ${mem} ${mem}";
+
+      "net.ipv4.tcp_sack" = false;
+      "net.ipv4.tcp_dsack" = false;
+
+      "net.ipv4.tcp_slow_start_after_idle" = false;
+    };
 
   security.sudo.execWheelOnly = true;
   security.sudo.extraConfig = ''