From d0d635e480eaef701d478050bca1903b70cdaf1a Mon Sep 17 00:00:00 2001
From: Thomas Duckworth <tduck@filotimoproject.org>
Date: Fri, 19 Sep 2025 20:43:35 +1000
Subject: [PATCH] Improve performance and harden kernel

Tweaks some memory management, kernel, and networking parameters to improve performance and harden. See https://wiki.archlinux.org/title/Sysctl
---
 mkosi.extra/usr/lib/sysctl.d/00-kde-linux-default.conf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/mkosi.extra/usr/lib/sysctl.d/00-kde-linux-default.conf b/mkosi.extra/usr/lib/sysctl.d/00-kde-linux-default.conf
index b112284..0bf662b 100644
--- a/mkosi.extra/usr/lib/sysctl.d/00-kde-linux-default.conf
+++ b/mkosi.extra/usr/lib/sysctl.d/00-kde-linux-default.conf
@@ -11,8 +11,17 @@ vm.page-cluster = 0
 vm.watermark_boost_factor = 0
 # Make kswapd more aggressive because zram is cheap
 vm.watermark_scale_factor = 125
+# Many Windows games need this disabled to run with proper performance; they abuse split locks
+kernel.split_lock_mitigate = 0
 # Not needed for us; disabling it increases speed and reduces power consumption
 kernel.nmi_watchdog = 0
+# Disable kexec as a security measure
+kernel.kexec_load_disabled=1
+# Use 'bbr' to achieve higher throughput when sending to high-latency destinations.
+# Also 'fq' to prevent one greedy app from causing lag (bufferbloat) for everything else.
+# `bbr` relies on pacing, and thus performs better with the `fq` qdisc.
+net.ipv4.tcp_congestion_control = bbr
+net.core.default_qdisc = fq
 # Ensure that applications don't break/complain from hitting the limit
 fs.inotify.max_user_instances = 8192
 fs.inotify.max_user_watches = 524288