########################################################################## Tit

1. #########################################################################
2. # Title:         System: sysctl Task                                    #
3. # Author(s):     l3uddz, desimaniac                                     #
4. # URL:           https://github.com/cloudbox/cloudbox                   #
5. # --                                                                    #
6. #         Part of the Cloudbox project: https://cloudbox.works          #
7. #########################################################################
8. #                   GNU General Public License v3.0                     #
9. #########################################################################
10. ---
11. - name: sysctl tweaks
12.   sysctl:
13.     name: "{{ item.name }}"
14.     value: "{{ item.value }}"
15.     state: present
16.   with_items:
17.    # Allow testing with buffers up to 64 MB
18.     - { name: net.core.rmem_max, value: 67108864 }
19.     - { name: net.core.wmem_max, value: 67108864 }
20.     # Increase Linux autotuning TCP buffer limit to 32 MB
21.     - { name: net.ipv4.tcp_rmem, value: 4096 87380 33554432 }
22.     - { name: net.ipv4.tcp_wmem, value: 4096 87380 33554432 }
23.     # - { name: net.ipv4.tcp_mem, value: 4096 87380 33554432 }
24.     # TCP timeout
25.     - { name: net.ipv4.tcp_fin_timeout, value: 10 }
26.     # TCP BBR https://blog.cloudflare.com/http-2-prioritization-with-nginx/
27.     - { name: net.core.default_qdisc, value: fq }
28.     - { name: net.ipv4.tcp_congestion_control, value: bbr }
29.     - { name: net.ipv4.tcp_notsent_lowat, value: 16384 }
30.     # Increase number of incoming connections
31.     - { name: net.core.somaxconn, value: 1024 }
32.     # INPUT backlog
33.     - { name: net.core.netdev_max_backlog, value: 50000 }
34.     - { name: net.ipv4.tcp_max_syn_backlog, value: 30000 }
35.  
36.     - { name: net.core.netdev_budget, value: 1200 }
37.     # Enable tcp_window_scaling
38.     - { name: net.ipv4.tcp_window_scaling, value: 1 }
39.     # Increase system file descriptor limit
40.     - { name: fs.file-max, value: 100000 }
41.     # Reduce swappiness
42.     - { name: vm.swappiness, value: 10 }
43.     # Set dirty_background_ratio
44.     - { name: vm.dirty_background_ratio, value: 10 }
45.     # Set dirty_ratio
46.     - { name: vm.dirty_ratio, value: 15 }
47.     # Increase tcp_max_tw_buckets
48.     - { name: net.ipv4.tcp_max_tw_buckets, value: 2000000 }
49.     # Enable tcp_tw_reuse
50.     - { name: net.ipv4.tcp_tw_reuse, value: 1 }
51.     # Enable tcp_mtu_probing
52.     - { name: net.ipv4.tcp_mtu_probing, value: 1 }
53.     # Enable tcp_sack
54.     - { name: net.ipv4.tcp_sack, value: 1 }
55.     # Increase tcp_adv_win_scale
56.     - { name: net.ipv4.tcp_adv_win_scale, value: 2 }
57.     # Enable tcp_rfc1337
58.     - { name: net.ipv4.tcp_rfc1337, value: 1 }
59.     # Disable tcp_slow_start_after_idle
60.     - { name: net.ipv4.tcp_slow_start_after_idle, value: 0 }
61.     # Increase udp_rmem_min
62.     - { name: net.ipv4.udp_rmem_min, value: 8192 }
63.     # Increase udp_wmem_min
64.     - { name: net.ipv4.udp_wmem_min, value: 8192 }
65.     # Disable accept_source_route
66.     - { name: net.ipv4.conf.all.accept_source_route, value: 0 }
67.     # Disable accept_redirects
68.     - { name: net.ipv4.conf.all.accept_redirects, value: 0 }
69.     # Disable secure_redirects
70.     - { name: net.ipv4.conf.all.secure_redirects, value: 0 }