1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
# /usr/lib/sysctl.d/70-jetm-kernel.conf
# jetm-kernel-settings - consolidated kernel tuning.
#
# Merges settings previously split across:
# - /usr/lib/sysctl.d/70-cachyos-settings.conf (upstream cachyos)
# - /etc/sysctl.d/99-personal.conf
# - /etc/sysctl.d/99-vm-zram-parameters.conf
# - /etc/sysctl.d/99-yocto.conf
# ---------------------------------------------------------------
# VM / memory (91 GB RAM + 92 GB zram on this box)
# ---------------------------------------------------------------
# Low swappiness: Yocto bitbake stalls under high swap pressure.
# Upstream cachyos ships 100 (zram-tuned); overridden here for
# build workloads. Note: udev 30-zram.rules in this package does
# NOT force vm.swappiness=150 on zram init, unlike upstream.
vm.swappiness = 10
# Keep VFS dentry/inode cache longer in memory. 50 is a common
# desktop compromise; do not set to 0 (OOM risk).
vm.vfs_cache_pressure = 50
# Absolute writeback thresholds - more predictable than % of RAM
# on large-memory systems. Start throttling writers at 256 MB
# dirty, kick background flusher at 64 MB.
vm.dirty_bytes = 268435456
vm.dirty_background_bytes = 67108864
# Wake flusher threads every 15 s (default 5 s). Fewer wakeups on
# idle, slightly more dirty data in flight between flushes.
vm.dirty_writeback_centisecs = 1500
# No swap readahead. Optimal for zram (in-RAM, random access is
# free). Set to 1 (SSD swap) or 2 (HDD swap) if you add physical
# swap later.
vm.page-cluster = 0
# Disable watermark boost - keeps reclaim pressure steady on
# large-RAM / zram-heavy setups.
vm.watermark_boost_factor = 0
# Higher watermark scale = earlier, more aggressive kswapd;
# reduces direct reclaim stalls under load.
vm.watermark_scale_factor = 125
# Memory map count per process. Chromium, WebKit-GTK, and clang LTO
# builds exceed the pre-6.11 kernel default of 65530. The default
# was bumped to 1048576 in Linux 6.11; pin it here so the tuning is
# owned by this package and survives future default regressions.
# Inherited by Docker containers automatically.
vm.max_map_count = 1048576
# ---------------------------------------------------------------
# Kernel
# ---------------------------------------------------------------
# Disable NMI watchdog - faster boot, lower power, no desktop
# value.
kernel.nmi_watchdog = 0
# Allow unprivileged user namespaces - needed for rootless
# podman, bwrap, distrobox, firefox sandbox.
kernel.unprivileged_userns_clone = 1
# Suppress non-critical kernel log output at all log levels.
kernel.printk = 3 3 3 3
# Hide kernel pointers from /proc (security hardening).
kernel.kptr_restrict = 2
# Discard core dumps entirely - systemd-coredump noise was
# filling /var/lib/systemd/coredump.
kernel.core_pattern = /dev/null
# Harmless on Ryzen (Intel-specific mitigation). Prevents SIGBUS
# delivery on rare misaligned atomics.
kernel.split_lock_mitigate = 0
# Standard ASLR - pinned to avoid regressions from other sysctl
# drop-ins.
kernel.randomize_va_space = 2
# ---------------------------------------------------------------
# Network
# ---------------------------------------------------------------
# TCP Fast Open for both client and server.
net.ipv4.tcp_fastopen = 3
# Probe for optimal MTU when blackhole detection triggers.
net.ipv4.tcp_mtu_probing = 1
# BBR congestion control - better bufferbloat behaviour than
# cubic. Requires tcp_bbr module (built-in on cachyos kernel).
net.ipv4.tcp_congestion_control = bbr
# Larger RX queue to handle bursts without dropping packets.
net.core.netdev_max_backlog = 4096
# Larger socket buffer ceilings for fast parallel fetches from
# downloads.yoctoproject.org and the NXP mirror during Yocto
# builds. Defaults (~200 KB) cap throughput on gigabit-plus links.
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
# ---------------------------------------------------------------
# Filesystem
# ---------------------------------------------------------------
# Max open file descriptors system-wide - Yocto and kernel trees
# easily hit 200k+ during parallel builds.
fs.file-max = 2097152
# Inotify watcher instance cap - bitbake uses inotify heavily; 128
# default is too low for large Yocto layers.
fs.inotify.max_user_instances = 8192
# Inotify watchers per user. Yocto parse of a multi-layer tree
# plus editors and language servers exceeds the pre-5.11 kernel
# default of 8192. Kernel 5.11+ defaults to 524288; pinning here
# makes the policy explicit and guards against future regressions.
fs.inotify.max_user_watches = 524288
# Inotify queue depth per instance. Default 16384 can overflow
# during a full bitbake parse on 50+ layers with heavy concurrent
# I/O (git checkouts, tarball extraction).
fs.inotify.max_queued_events = 32768
|