# Copyright (c) 2018-2019, diyIT.org
# All rights reserved.
#
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
# https://diyit.org/license/
#
#

autoboot_delay="4"

# If the machine dies at boot before /etc/rc.d/sysctl is run, let the user do something.
debug.debugger_on_panic=1
debug.ddb.textdump.pending=1

security.bsd.allow_destructive_dtrace=0

# Drive Labels. A diskid or gptid is a long, unique string assigned to drives
# which we find are difficult to relate to. We prefer to disable diskid's and
# gptid's and use GPT Labels, like gpt/disk0, or the raw device names, like
# nvd0p2 for the first NVMe drive, second partition. Use "glabel status" to
# display a map of GPT Labels to raw device names in order to identify the
# physical drive location. When adding new drives, try to use gpt labels
# instead of raw device names in case the drives move to different SATA, SAS or
# SCSI interface ports.
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"

# Increase dmesg buffer to fit longer boot output.
kern.msgbufsize="524288"

kern.racct.enable=1

# ZFS root boot config
zfs_load="YES"
vfs.root.mountfrom="zfs:zroot/ROOT/default"

ipmi_load="YES"
aesni_load="YES"

# thermal sensors for intel
coretemp_load="YES"

#tmpfs_load="YES" # interferes with jails

if_lagg_load="YES"
if_tap_load="YES"

hw.em.rx_process_limit="-1"
hw.em.max_interrupt_rate="16000"

# hostcache cache limit is the number of ip addresses in the hostcache list.
# Setting the value to zero(0) stops any ip address connection information from
# being cached
# net.inet.tcp.hostcache.cachelimit=0
# we are on a stable network

# disable net.inet.tcp.soreceive_stream when using
# rndc to update BIND DNS records otherwise the following error will trigger,
# "rndc: recv failed: host unreachable".
# DNS TCP Transfers do not work with this enabled.
# net.inet.tcp.soreceive_stream=1

# https://lists.freebsd.org/pipermail/freebsd-net/2014-April/038470.html
net.isr.bindthreads=1
net.isr.maxthreads=-1
net.link.ifqmaxlen=2048
net.isr.defaultqlimit=2048
net.isr.maxqlimit=98304

# also disabed in BIOS
machdep.hyperthreading_allowed="0"

# RACK TCP Stack: Netflix's TCP Recent ACKnowledgment (Recent ACK) and Tail
# Loss Probe (TLP) for improved Retransmit TimeOut response.
tcp_rack_load="YES"

# https://labs.ripe.net/Members/gih/bbr-tcp
cc_cubic_load="YES"

# https://savagedlight.me/2015/08/23/eli5-freebsd-accept-filters/
accf_data_load="YES"

# Wait for full DNS request accept filter (unbound)
accf_dns_load="YES"

accf_http_load="YES"

net.inet.tcp.syncache.hashsize="1024"
net.inet.tcp.syncache.bucketlimit="100"

# ZFS: the maximum upper limit of RAM used for dirty, "modified", uncommitted
# data which cannot be exceed.
vfs.zfs.dirty_data_max_max=12884901888

vfs.zfs.vdev.cache.size=134217728
vfs.zfs.vdev.cache.max=134217728

# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=185487
# https://forums.freebsd.org/threads/updating-bsd-from-10-to-11-ahci-ssd-issue.59923/
# https://lists.freebsd.org/pipermail/freebsd-bugs/2013-April/052301.html
# my 8TB's don't support NCQ TRIM
vfs.unmapped_buf_allowed=0