diff options
| author | Florian Klink <flokli@flokli.de> | 2019-08-11 13:32:24 +0200 |
|---|---|---|
| committer | Florian Klink <flokli@flokli.de> | 2019-08-18 17:54:26 +0200 |
| commit | 9be0327a4975e219957d5108b3753a7640c4a9e0 (patch) | |
| tree | f264e6c231f25fcf660af8997e665e78704fc3cb /nixos/modules/system | |
| parent | e5965bd4897310d1f99ad75f51ef99f1f0e2c274 (diff) | |
nixos/systemd: install sysctl snippets
systemd provides two sysctl snippets, 50-coredump.conf and
50-default.conf.
These enable:
- Loose reverse path filtering
- Source route filtering
- `fq_codel` as a packet scheduler (this helps to fight bufferbloat)
This also configures the kernel to pass coredumps to `systemd-coredump`.
These sysctl snippets can be found in `/etc/sysctl.d/50-*.conf`,
and overridden via `boot.kernel.sysctl`
(which will place the parameters in `/etc/sysctl.d/60-nixos.conf`.
Let's start using these, like other distros already do for quite some
time, and remove those duplicate `boot.kernel.sysctl` options we
previously did set.
In the case of rp_filter (which systemd would set to 2 (loose)), make
our overrides to "1" more explicit.
Diffstat (limited to 'nixos/modules/system')
| -rw-r--r-- | nixos/modules/system/boot/systemd.nix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 1914827d0e5..e84b1ffbfc1 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -831,6 +831,10 @@ in [Sleep] ''; + # install provided sysctl snippets + "sysctl.d/50-coredump.conf".source = "${systemd}/example/sysctl.d/50-coredump.conf"; + "sysctl.d/50-default.conf".source = "${systemd}/example/sysctl.d/50-default.conf"; + "tmpfiles.d/systemd.conf".source = "${systemd}/example/tmpfiles.d/systemd.conf"; "tmpfiles.d/x11.conf".source = "${systemd}/example/tmpfiles.d/x11.conf"; |