From c04af12b8e933818fc13d78151c3edde5d82dc1e Mon Sep 17 00:00:00 2001
From: Eduard Urbach <eduard@urbach.dev>
Date: Thu, 26 Jun 2025 15:20:16 +0200
Subject: [PATCH] Updated config

---
 .config/etc/sysctl.d/10-performance.conf | 51 ++++++++++++++++++++++++
 .config/etc/sysctl.d/20-security.conf    | 24 +++++++++++
 .config/etc/sysctl.d/30-server.conf      |  3 ++
 .config/etc/sysctl.d/99-flush.conf       |  3 ++
 .config/fish/scripts/system-install      | 16 ++++++++
 .gitignore                               |  1 +
 6 files changed, 98 insertions(+)
 create mode 100644 .config/etc/sysctl.d/10-performance.conf
 create mode 100644 .config/etc/sysctl.d/20-security.conf
 create mode 100644 .config/etc/sysctl.d/30-server.conf
 create mode 100644 .config/etc/sysctl.d/99-flush.conf
 create mode 100755 .config/fish/scripts/system-install

diff --git a/.config/etc/sysctl.d/10-performance.conf b/.config/etc/sysctl.d/10-performance.conf
new file mode 100644
index 0000000..593d3d8
--- /dev/null
+++ b/.config/etc/sysctl.d/10-performance.conf
@@ -0,0 +1,51 @@
+# Disable swap
+vm.swappiness = 0
+
+# Maximum percentage of memory with disk write buffers
+vm.dirty_ratio = 30
+
+# Percentage of memory with disk write buffers until writes start
+vm.dirty_background_ratio = 15
+
+# Prefer directory and inode caches
+vm.vfs_cache_pressure = 50
+
+# Prefer low latency over high throughput
+net.ipv4.tcp_low_latency = 1
+
+# Enable TCP Fast Open (lower latency)
+net.ipv4.tcp_fastopen = 3
+
+# Set congestion control to BBR
+net.ipv4.tcp_congestion_control = bbr
+net.core.default_qdisc = fq
+
+# Additional send buffer size (improves HTTP/2 prioritization)
+net.ipv4.tcp_notsent_lowat = 16384
+
+# Maximum number of established connections
+net.core.somaxconn = 32768
+
+# Maximum number of half-open connections
+net.ipv4.tcp_max_syn_backlog = 32768
+
+# Receive queue size per CPU core
+net.core.netdev_max_backlog = 16386
+
+# Read buffer size
+net.ipv4.tcp_rmem = 4096 65536 102400000
+net.ipv4.udp_rmem_min = 16384
+net.core.rmem_default = 65536
+net.core.rmem_max = 102400000
+
+# Write buffer size
+net.ipv4.tcp_wmem = 4096 65536 102400000
+net.ipv4.udp_wmem_min = 16384
+net.core.wmem_default = 65536
+net.core.wmem_max = 102400000
+
+# Maximum per-socket optional memory buffer size
+net.core.optmem_max = 65536
+
+# Disable slow start restart
+net.ipv4.tcp_slow_start_after_idle = 0
\ No newline at end of file
diff --git a/.config/etc/sysctl.d/20-security.conf b/.config/etc/sysctl.d/20-security.conf
new file mode 100644
index 0000000..03d9af1
--- /dev/null
+++ b/.config/etc/sysctl.d/20-security.conf
@@ -0,0 +1,24 @@
+# Reduce timeout for stale connections
+net.ipv4.tcp_fin_timeout = 10
+
+# Reduce keep alive time
+net.ipv4.tcp_keepalive_time = 300
+net.ipv4.tcp_keepalive_probes = 5
+net.ipv4.tcp_keepalive_intvl = 60
+
+# Reduce connection time to fail
+net.ipv4.tcp_syn_retries = 1
+net.ipv4.tcp_synack_retries = 1
+
+# Prevent simple DoS attacks
+net.ipv4.tcp_max_tw_buckets = 1048576
+
+# Disable ICMP redirects
+net.ipv4.conf.all.accept_redirects = 0
+net.ipv4.conf.default.accept_redirects = 0
+net.ipv4.conf.all.secure_redirects = 0
+net.ipv4.conf.default.secure_redirects = 0
+net.ipv6.conf.all.accept_redirects = 0
+net.ipv6.conf.default.accept_redirects = 0
+net.ipv4.conf.all.send_redirects = 0
+net.ipv4.conf.default.send_redirects = 0
\ No newline at end of file
diff --git a/.config/etc/sysctl.d/30-server.conf b/.config/etc/sysctl.d/30-server.conf
new file mode 100644
index 0000000..c858070
--- /dev/null
+++ b/.config/etc/sysctl.d/30-server.conf
@@ -0,0 +1,3 @@
+# Time in us to busy loop waiting for packets
+#net.core.busy_read = 50
+#net.core.busy_poll = 50
\ No newline at end of file
diff --git a/.config/etc/sysctl.d/99-flush.conf b/.config/etc/sysctl.d/99-flush.conf
new file mode 100644
index 0000000..3db9077
--- /dev/null
+++ b/.config/etc/sysctl.d/99-flush.conf
@@ -0,0 +1,3 @@
+# Ensure that new connections use the new values
+net.ipv4.route.flush = 1
+net.ipv6.route.flush = 1
\ No newline at end of file
diff --git a/.config/fish/scripts/system-install b/.config/fish/scripts/system-install
new file mode 100755
index 0000000..3af4c80
--- /dev/null
+++ b/.config/fish/scripts/system-install
@@ -0,0 +1,16 @@
+#!/usr/bin/fish
+
+# Git clone .home directory
+[ ! -d $HOME/.home ] && git clone --bare https://git.urbach.dev/eduard/home $HOME/.home && home checkout
+
+# Detect if we use sudo or doas
+set sudo sudo
+
+if command -q doas
+	set sudo doas
+end
+
+# System configuration
+set file sysctl.d
+[ -d /etc/$file ] && [ ! -L /etc/$file ] && $sudo rm -rf /etc/$file
+$sudo ln -s -f $HOME/.config/etc/$file /etc/
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 39dc25c..7814d8c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,6 +12,7 @@
 !/.config/btop
 !/.config/cava
 !/.config/easyeffects
+!/.config/etc
 !/.config/fastfetch
 !/.config/foot
 !/.config/fish