X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fsystem%2Feldiron.nix;h=22de37eeaf63014b480cd3783c778edb96f82b37;hb=3bc32d9ebd9b0900eeef756122ad28f8857f8bfe;hp=48cba0c42fea533327cd38cfffbcd124d03e7b39;hpb=61ebe69b4b2d88bf627f53141288600f7562c750;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix
index 48cba0c..22de37e 100644
--- a/modules/private/system/eldiron.nix
+++ b/modules/private/system/eldiron.nix
@@ -17,9 +17,14 @@
 
   imports = builtins.attrValues (import ../..);
 
+  boot.kernel.sysctl = {
+    # https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
+    "net.ipv4.tcp_sack" = 0;
+  };
   myServices.buildbot.enable = true;
   myServices.databases.enable = true;
   myServices.gitolite.enable = true;
+  myServices.monitoring.enable = true;
   myServices.irc.enable = true;
   myServices.pub.enable = true;
   myServices.tasks.enable = true;