====== ⚙️ System Optimization & Stability ======

[[projects:start|📂 Projects]] > **⚙️ System Optimization**

===== 🌟 High-Level Overview =====
This project focuses on the fine-tuning of the Kubuntu 25.10 Host environment. The objective is to maintain a "Middle Ground" between aggressive performance (for gaming and AI workloads) and rock-solid stability (required for SR-IOV iGPU sharing). The system follows a "Fail Closed" security philosophy, prioritizing system integrity over ease-of-use where necessary.

===== 🛠️ Technical Specifications =====
==== 1. Hardware & BIOS Tuning ====
* **Platform:** MSI z890-s WiFi
* **CPU:** Intel Ultra 7 265k (Arrow Lake-S)
* **Memory:** 64GB DDR5 G.Skill Trident @ 6000 MT/s (iEXPO enabled)
* **CPU Profile:** Intel 200s Boost Profile (Customized for stability)

==== 2. Kernel & OS Optimizations ====
* **Xanmod Kernel (6.19.6):** Downgraded and held via APT to match ''i915-sriov-dkms'' driver compatibility.
* **GRUB Boot Flags:**
  * ''intel_iommu=on'' & ''i915.force_probe=7d67'': Required for SR-IOV/iommu mapping.
  * ''mitigations=off'': Disables CPU side-channel mitigations for maximum performance.
  * ''pcie_aspm=off'': Disables Active State Power Management for PCIe (improves stability).
  * ''nosplash'' & ''quiet'': Clean boot for easier diagnostic.
  * ''nvme_core.default_ps_max_latency_us=0'': Prevents NVMe drives from entering deep sleep (reduces latency).
  * ''i915.enable_guc=3'' & ''i915.max_vfs=1'': Configures the iGPU for SR-IOV.

==== 3. Storage & Filesystem (Btrfs) ====
* **Mount Options (fstab):**
  * ''noatime'': Disables access-time updates to reduce write overhead.
  * ''commit=60'': Increases the commit interval from 30s to 60s (improves I/O throughput).
  * ''compress=zstd:1'': Enables real-time Zstandard compression for space and speed.
* **Data Integrity:** Periodic ''btrfs scrub'' scheduled to monitor for bit-rot/corruption.

==== 4. Virtualization (KVM/QEMU) ====
* **vCPU Pinning:**
  * Host P-Cores (1-4) pinned to the Windows VM to minimize context switching.
  * IOThread pinned to Core 9 for dedicated disk/network processing.
* **Memory Performance:**
  * ''hugepages'': Enabled for lower memory latency.
  * ''memfd'' shared memory: Required for high-speed iGPU buffer sharing.
* **VirtIO Migration:**
  * Boot disk migrated from SATA to ''virtio-scsi'' for high-performance I/O.
  * Network NIC migrated to ''virtio'' (RedHat drivers).

==== 5. Web & Wiki Services ====
* **Public Access:** DuckDNS dynamic IP update script (''/usr/local/bin/duckdns-update.sh'').
* **SSL/TLS:** Let's Encrypt (Certbot) enabled for ''killmyself.duckdns.org'' with HTTP->HTTPS redirect.
* **Interactive Tables:** SortableJS plugin installed for the RAID stats table.

===== 📊 Monitoring & Automation =====
* **check_sriov_health.sh:** Custom script to ensure iGPU VFs are active post-reboot.
* **security_audit.sh:** Scans for unauthorized logins, open ports, and VF hijacks.
* **Netdata Integration:** Real-time anomaly detection and performance dashboarding.

===== 🗓️ History of Major Changes =====
^ Date ^ Action ^ Outcome ^
| 2026-03-22 | Public DNS & SSL | Exposed DokuWiki via DuckDNS + Certbot. |
| 2026-03-22 | RAID Stats Sorting | Installed SortableJS for interactive tables. |
| 2026-03-21 | Btrfs Tuning | Applied ''commit=60'' and ''zstd'' compression. |
| 2026-03-21 | VM Optimization | Added IOThreads, Hugepages, and vCPU pinning. |
| 2026-03-20 | Kernel Downgrade | Aligned Xanmod 6.19.6 for SRIOV stability. |
| 2026-03-16 | VirtIO Migration | Migrated VM disk/network for high performance. |