Kernel configuration for Bachsau machines

sysctl.conf

# Kernel configuration for `hostname` by Bachsau

# Static domain (for servers)
#kernel.domainname = example.com

# Disable the magic-sysrq key
kernel.sysrq = 0

# IPv6 address pool
net.ipv6.conf.default.max_addresses     = 256
net.ipv6.conf.all.max_addresses         = 256
net.ipv6.conf.default.temp_prefered_lft = 86400
net.ipv6.conf.all.temp_prefered_lft     = 86400
net.ipv6.conf.default.temp_valid_lft    = 172800
net.ipv6.conf.all.temp_valid_lft        = 172800

# IPv6 address generation
net.ipv6.conf.default.accept_ra     = 0
net.ipv6.conf.all.accept_ra         = 0
net.ipv6.conf.default.addr_gen_mode = 0
net.ipv6.conf.all.addr_gen_mode     = 0
net.ipv6.conf.default.use_tempaddr  = 0
net.ipv6.conf.all.use_tempaddr      = 0

# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.accept_redirects     = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.all.accept_redirects     = 0

# Do not send ICMP redirects (we are not a router)
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.send_redirects     = 0

# Do not accept IP source route packets (we are not a router)
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route     = 0
net.ipv6.conf.default.accept_source_route = 0
net.ipv6.conf.all.accept_source_route     = 0

# Increase network buffer limits
net.core.rmem_max = 8388608
net.core.wmem_max = 8388608

# Memory management
vm.swappiness = 40

# Sync-service tweak
fs.inotify.max_queued_events  = 1048576
fs.inotify.max_user_instances = 8192
fs.inotify.max_user_watches   = 524288