initialisation du dépôt

2025-08-06 16:29:38 +02:00
parent 8206d3282a
commit 3bf8473104
10 changed files with 300 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -1,2 +1,9 @@
 # sysctl

+Quelques exemples de paramétrages systèmes avec [sysctl](https://fr.wikipedia.org/wiki/Sysctl).
+
+## CHANGELOG
+
+### 2025-08-06
+
+- Initialisation du dépôt
--- a/sysctl/100-kernel.conf
+++ b/sysctl/100-kernel.conf
@@ -0,0 +1,13 @@
+# 2025-07-17
+
+kernel.sched_autogroup_enabled=0
+
+kernel.randomize_va_space=2
+kernel.pid_max=4194304
+kernel.threads-max=127488
+kernel.kptr_restrict=1
+kernel.yama.ptrace_scope=1
+kernel.dmesg_restrict=1
+
+kernel.shmmax=17179869184
+kernel.shmall=4194304
--- a/sysctl/101-memory.conf
+++ b/sysctl/101-memory.conf
@@ -0,0 +1,14 @@
+# 2025-05-19
+
+vm.swappiness=20
+
+vm.overcommit_memory=1
+vm.overcommit_ratio=80
+
+vm.page-cluster=1
+vm.extfrag_threshold=300
+vm.max_map_count=262144
+vm.min_free_kbytes=65536
+vm.mmap_min_addr=65536
+vm.zone_reclaim_mode=0
+vm.nr_hugepages=0
--- a/sysctl/102-filesystem.conf
+++ b/sysctl/102-filesystem.conf
@@ -0,0 +1,17 @@
+# 2025-07-17
+
+fs.aio-max-nr=65536
+fs.file-max=2097152
+fs.nr_open=2097152
+
+fs.inotify.max_user_instances=1024
+fs.inotify.max_queued_events=32768
+fs.inotify.max_user_watches=1048576
+
+vm.vfs_cache_pressure=60
+
+vm.dirty_background_bytes=41943040
+vm.dirty_expire_centisecs=6000
+vm.dirty_writeback_centisecs=6000
+vm.dirty_background_ratio=5
+vm.dirty_ratio=40
--- a/sysctl/103-network.conf
+++ b/sysctl/103-network.conf
@@ -0,0 +1,175 @@
+# 2025-07-17
+
+net.ipv4.tcp_congestion_control=bbr
+net.core.default_qdisc=fq
+
+net.core.somaxconn=32768
+
+net.ipv4.tcp_mtu_probing=1
+net.ipv4.tcp_window_scaling=1
+net.ipv4.tcp_ecn=1
+net.ipv4.tcp_timestamps=0
+net.ipv4.tcp_sack=1
+net.ipv4.tcp_dsack=1
+net.ipv4.tcp_syncookies=1
+net.ipv4.tcp_tw_reuse=0
+net.ipv4.icmp_echo_ignore_broadcasts=1
+net.ipv4.icmp_ignore_bogus_error_responses=1
+net.ipv4.tcp_low_latency=1
+net.ipv4.tcp_no_metrics_save=1
+net.ipv4.tcp_orphan_retries=2
+net.ipv4.tcp_rfc1337=1
+net.ipv4.tcp_slow_start_after_idle=0
+net.ipv4.tcp_syn_retries=6
+net.ipv4.tcp_synack_retries=4
+net.ipv4.tcp_fastopen=3
+
+net.ipv4.tcp_max_orphans=8192
+
+net.ipv4.ip_local_port_range=1024 65535
+
+net.ipv4.tcp_fin_timeout=5
+
+net.ipv4.tcp_keepalive_time=120
+net.ipv4.tcp_keepalive_intvl=60
+net.ipv4.tcp_keepalive_probes=16
+
+net.core.netdev_max_backlog=60000
+net.ipv4.tcp_max_syn_backlog=16384
+
+net.core.rmem_default=4194304
+net.core.wmem_default=1048576
+
+net.core.rmem_max=16777216
+net.core.wmem_max=16777216
+
+net.ipv4.tcp_rmem=4096 87380 16777216
+net.ipv4.tcp_wmem=4096 87380 16777216
+
+net.ipv4.udp_rmem_min=4096
+net.ipv4.udp_wmem_min=4096
+
+net.core.bpf_jit_limit=1000000000
+net.core.optmem_max=8388608
+
+net.ipv4.ipfrag_high_thresh=8388608
+net.ipv4.ipfrag_low_thresh=6291456
+
+net.ipv4.neigh.default.gc_thresh1=1024
+net.ipv4.neigh.default.gc_thresh2=2048
+net.ipv4.neigh.default.gc_thresh3=8192
+
+net.ipv4.tcp_challenge_ack_limit=9999
+net.ipv4.tcp_max_tw_buckets=2000000
+
+net.ipv6.conf.all.forwarding=1
+net.ipv6.conf.all.proxy_ndp=1
+net.ipv6.conf.default.forwarding=1
+net.ipv6.conf.default.proxy_ndp=1
+
+net.ipv6.ip6frag_low_thresh=196608
+net.ipv6.ip6frag_high_thresh=8388608
+
+net.ipv6.neigh.default.gc_thresh3=8192
+
+net.unix.max_dgram_qlen=1024
+
+net.ipv4.udp_mem=65536 393216 786432
+
+net.ipv4.neigh.default.gc_thresh1=40960
+net.ipv4.neigh.default.gc_thresh2=81920
+net.ipv4.neigh.default.gc_thresh3=163840
+net.ipv4.neigh.default.gc_stale_time=30
+
+net.core.bpf_jit_enable=1
+net.core.bpf_jit_harden=1
+net.core.txrehash=1
+net.core.dev_weight=64
+net.core.netdev_budget=120000
+net.core.busy_poll=1000
+net.core.busy_read=1000
+net.core.rps_default_mask=0
+net.core.rps_sock_flow_entries=65536
+net.core.tstamp_allow_data=1
+net.core.xfrm_acq_expires=60
+net.ipv4.tcp_notsent_lowat=524288
+net.ipv4.tcp_fack=1
+net.ipv4.tcp_moderate_rcvbuf=1
+net.ipv4.tcp_early_retrans=3
+net.ipv4.tcp_adv_win_scale=-2
+net.ipv4.tcp_frto=3
+net.ipv4.tcp_ecn_fallback=1
+net.ipv4.tcp_plb_cong_thresh=0
+net.ipv4.tcp_plb_enabled=0
+net.ipv4.tcp_plb_suspend_rto_sec=0
+net.ipv4.tcp_reordering=10
+net.ipv4.tcp_recovery=0x1
+net.ipv4.tcp_abort_on_overflow=0
+net.ipv4.tcp_base_mss=1460
+net.ipv4.tcp_fastopen_blackhole_timeout_sec=0
+net.ipv4.tcp_retrans_collapse=3
+net.ipv4.tcp_retries1=4
+net.ipv4.tcp_retries2=5
+net.ipv4.ipfrag_max_dist=128
+net.ipv4.ipfrag_secret_interval=600
+net.ipv4.ipfrag_time=60
+net.ipv4.neigh.default.gc_interval=15
+net.ipv4.neigh.default.anycast_delay=40
+net.ipv4.neigh.default.proxy_delay=40
+net.ipv4.neigh.lo.anycast_delay=0
+net.ipv4.tcp_mem=65536 393216 786432
+net.ipv4.tcp_max_tw_buckets=262144
+net.ipv4.ip_default_ttl=64
+net.ipv4.icmp_msgs_per_sec=4000
+net.ipv4.icmp_msgs_burst=400
+net.ipv4.icmp_ratelimit=1000
+net.ipv4.icmp_ratemask=6168
+net.ipv4.icmp_echo_ignore_all=0
+net.ipv4.conf.all.shared_media=1
+net.ipv4.conf.default.shared_media=1
+net.ipv4.route.redirect_load=0
+net.ipv4.route.gc_interval=60
+net.ipv4.route.gc_thresh=-1
+net.ipv4.route.gc_timeout=300
+net.ipv4.route.error_cost=1000
+net.ipv4.route.error_burst=5000
+net.ipv4.route.gc_elasticity=16
+net.ipv4.fib_multipath_hash_policy=1
+net.ipv4.cipso_cache_bucket_size=10
+net.ipv4.conf.all.ignore_routes_with_linkdown=0
+net.ipv4.conf.lo.disable_xfrm=0
+net.ipv4.conf.lo.accept_local=0
+net.ipv4.conf.lo.route_localnet=1
+net.ipv4.fib_multipath_hash_fields=31
+net.ipv4.fib_multipath_use_neigh=0
+net.ipv4.fib_notify_on_flag_change=0
+net.ipv4.icmp_echo_enable_probe=0
+net.ipv4.neigh.default.delay_first_probe_time=2
+net.ipv4.route.gc_min_interval_ms=300
+net.ipv4.route.gc_min_interval=0
+net.ipv4.route.max_size=1048576
+net.ipv4.route.min_adv_mss=64
+net.ipv4.route.min_pmtu=552
+net.ipv4.route.mtu_expires=600
+net.ipv4.route.redirect_number=9
+net.ipv4.route.redirect_silence=20480
+net.ipv4.tcp_early_demux=1
+net.ipv4.tcp_max_reordering=50
+net.ipv4.tcp_min_rtt_wlen=300
+net.ipv4.tcp_min_snd_mss=88
+net.ipv4.tcp_min_tso_segs=2
+net.ipv4.tcp_mtu_probe_floor=256
+net.ipv4.tcp_probe_interval=600
+net.ipv4.tcp_probe_threshold=8
+net.ipv4.tcp_pacing_ca_ratio=200
+net.ipv4.tcp_pacing_ss_ratio=350
+net.ipv4.tcp_shrink_window=0
+net.ipv4.udp_early_demux=1
+net.ipv4.ip_autobind_reuse=1
+net.ipv4.ip_forward=1
+net.core.netdev_budget_usecs=48000
+
+net.ipv6.conf.all.disable_ipv6=0
+net.ipv6.conf.default.disable_ipv6=0
+net.ipv6.conf.eth0.disable_ipv6=0
+net.ipv6.conf.lo.disable_ipv6=0
--- a/sysctl/104-security.conf
+++ b/sysctl/104-security.conf
@@ -0,0 +1,26 @@
+# 2025-05-20
+
+fs.suid_dumpable=0
+
+# !Alpine
+# kernel.sysrq=0
+# kernel.dmesg_restrict=1
+# kernel.kptr_restrict=2
+# kernel.unprivileged_bpf_disabled=2
+# kernel.yama.ptrace_scope=2
+# kernel.unprivileged_userns_clone=0
+# kernel.deny_new_usb=1
+
+# kernel.kexec_load_disabled=1
+# net.core.bpf_jit_harden=2
+
+# net.ipv4.conf.default.rp_filter=2
+# net.ipv4.conf.all.rp_filter=2
+# net.ipv4.conf.all.accept_redirects=0
+# net.ipv4.conf.default.accept_redirects=0
+# net.ipv4.conf.all.secure_redirects=0
+# net.ipv4.conf.default.secure_redirects=0
+# net.ipv6.conf.all.accept_redirects=0
+# net.ipv6.conf.default.accept_redirects=0
+# net.ipv4.conf.all.send_redirects=0
+# net.ipv4.conf.default.send_redirects=0
--- a/sysctl/105-hugepages.conf
+++ b/sysctl/105-hugepages.conf
@@ -0,0 +1,3 @@
+# 2025-07-17
+
+# vm.nr_hugepages=1280
--- a/sysctl/106-proxmox.conf
+++ b/sysctl/106-proxmox.conf
@@ -0,0 +1,22 @@
+# 2025-05-19
+
+# kernel.sched_migration_cost_ns=500000
+
+# kernel.sysrq=1
+
+# net.ipv4.tcp_max_tw_buckets_ub=65000
+# net.ipv4.tcp_tw_recycle=1
+# net.ipv4.tcp_tw_reuse=1 
+
+# net.nf_conntrack_max=1048576
+
+# net.netfilter.nf_conntrack_max=1048576
+# net.netfilter.nf_conntrack_tcp_timeout_fin_wait=30
+# net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
+# net.netfilter.nf_conntrack_tcp_timeout_close_wait=15
+# net.netfilter.nf_conntrack_tcp_timeout_established=300
+
+# vm.pagecache_limit_mb=512
+
+# vm.overcommit_memory=0
+# vm.overcommit_ratio=90
--- a/sysctl/107-baremetal.conf
+++ b/sysctl/107-baremetal.conf
@@ -0,0 +1,22 @@
+# 2025-07-20
+
+vm.swappiness=10
+vm.vfs_cache_pressure=40
+
+vm.dirty_background_ratio=10
+
+vm.overcommit_memory=0
+vm.overcommit_ratio=90
+
+vm.nr_hugepages=1280
+
+net.ipv4.tcp_tw_reuse=1
+
+net.nf_conntrack_max=1048576
+
+net.netfilter.nf_conntrack_max=1048576
+net.netfilter.nf_conntrack_buckets=262144
+net.netfilter.nf_conntrack_tcp_timeout_fin_wait=30
+net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
+net.netfilter.nf_conntrack_tcp_timeout_close_wait=15
+net.netfilter.nf_conntrack_tcp_timeout_established=86400
--- a/sysctl/200-tuning.conf
+++ b/sysctl/200-tuning.conf
@@ -0,0 +1 @@
+# 2025-05-19