about summary refs log tree commit diff
path: root/modules/common/kernel.nix
blob: f7e520a4f74e21ae389c629d474959feb629c84d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
{ lib, ... }:
{
  boot.kernel.sysctl = {
    "fs.file-max" = lib.pow 2 17;
    "fs.inotify.max_user_watches" = lib.pow 2 19;
    "fs.suid_dumpable" = 0;
    "kernel.core_uses_pid" = 1;
    "kernel.exec-shield" = 1;
    "kernel.kptr_restrict" = 1;
    "kernel.maps_protect" = 1;
    "kernel.msgmax" = lib.pow 2 16;
    "kernel.msgmnb" = lib.pow 2 16;
    "kernel.pid_max" = lib.pow 2 16;
    "kernel.randomize_va_space" = 2;
    "kernel.shmall" = lib.pow 2 28;
    "kernel.shmmax" = lib.pow 2 28;
    "kernel.sysrq" = 0;
    "vm.dirty_background_bytes" = lib.pow 2 22;
    "vm.dirty_background_ratio" = 5;
    "vm.dirty_bytes" = lib.pow 2 22;
    "vm.dirty_ratio" = 30;
    "vm.min_free_kbytes" = lib.pow 2 16;
    "vm.mmap_min_addr" = lib.pow 2 12;
    "vm.overcommit_memory" = lib.mkDefault 0;
    "vm.overcommit_ratio" = lib.mkDefault 50;
    "vm.vfs_cache_pressure" = 50;
  };

  # https://docs.kernel.org/admin-guide/mm/ksm.html
  hardware.ksm.enable = true;
}

Consider giving Nix/NixOS a try! <3