# /etc/conf.d/local.start

# for some reason, gentoo does not define this properly.
export HOME="/root"

# This is a good place to load any misc programs
# on startup (use &>/dev/null to hide output)

# the deadline scheduler is supposedly good for databases and systems with lots of disk access

#echo deadline > /sys/block/sda/queue/scheduler
#echo deadline > /sys/block/sdb/queue/scheduler
#echo deadline > /sys/block/sdc/queue/scheduler
#echo deadline > /sys/block/sdd/queue/scheduler
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 2 > /proc/sys/net/ipv4/tcp_synack_retries
#echo 10 > /proc/sys/net/ipv4/tcp_max_syn_backlog
# if we don't disable the route cache, spoofed attacks nuke us
echo -1 > /proc/sys/net/ipv4/rt_cache_rebuild_count
# if we *do* end up using the route cache somehow, make sure it's small
echo 100000 > /proc/sys/net/ipv4/route/max_size

#echo 65536 > /proc/sys/vm/min_free_kbytes
modprobe nf_conntrack_ipv4

iptables

# need to update these to use the new state module

#cd /proc/sys/net/ipv4/netfilter
#echo 5 > ip_conntrack_tcp_timeout_close
#echo 10 > ip_conntrack_tcp_timeout_close
#echo 20 > ip_conntrack_tcp_timeout_time_wait
#echo 10 > ip_conntrack_tcp_timeout_last_ack
#echo 20 > ip_conntrack_tcp_timeout_fin_wait
#echo 2 > ip_conntrack_tcp_timeout_syn_recv
#echo 4 > ip_conntrack_tcp_timeout_syn_sent
#echo 4 > ip_conntrack_tcp_timeout_syn_sent2
#echo 30 > ip_conntrack_generic_timeout

# skip fsck
# not needed now that we have it on a machine with IPMI
#touch /fastboot

# wait a little while in case the firewall is a problem

sleep 240 && /root/iptables.bash && /root/limit_bandwidth.bash &

# increase the connection tracking table size significantly
sleep 600 && echo 524288 > /proc/sys/net/netfilter/nf_conntrack_max &

# needed for fastcgi stuff to work
rm -rf /tmp/dynamic/*
chmod 777 /tmp/
chmod 777 /tmp/dynamic
chmod o+t /tmp
chmod o+t /tmp/dynamic

# and make sure that mysql doesn't get nuked in an oom condition
sleep 20 && echo -17 > /proc/`ps auxw | grep mysql |grep -v grep | awk '{ print $2; }'`/oom_adj &

screen -wipe
alias screen='screen -h 10000'
screen -AmdS backdoor /usr/manage/websites/run_forever.pl ./backdoor.pl
screen -AmdS filetransfer /usr/manage/websites/run_forever.pl ./filerecv.pl
screen -AmdS filetransfer2 /usr/manage/websites/run_forever.pl ./filetransfer.pl daemon=1
screen -AmdS monitor-processes /usr/manage/run-monitor-processes.pl
screen -AmdS restart_apache_if_needed /usr/manage/websites/run_restart_apache_if_needed
screen -AmdS monitor_www_server /usr/manage/websites/monitor-www-server
screen -AmdS check-and-enable-synproxy.pl /usr/bin/nice -n -19 perl /usr/manage/websites/check-and-enable-synproxy.pl
screen -AmdS letsencrypt-serializing-daemon.pl perl /usr/manage/websites/letsencrypt-serializing-daemon.pl
#screen -AmdS fixdb /usr/manage/websites/fix_all_db.pl

echo 90 > /proc/sys/vm/dirty_ratio
echo 50 > /proc/sys/vm/dirty_background_ratio
echo 12000 > /proc/sys/vm/dirty_expire_centisecs
echo 3000 > /proc/sys/vm/dirty_writeback_centisecs

sysctl -w net.core.netdev_max_backlog=250000
sysctl -w net.ipv4.tcp_low_latency=1