⚙️ System Optimization & Stability

📂 Projects > ⚙️ System Optimization

This project focuses on the fine-tuning of the Kubuntu 25.10 Host environment. The objective is to maintain a “Middle Ground” between aggressive performance (for gaming and AI workloads) and rock-solid stability (required for SR-IOV iGPU sharing). The system follows a “Fail Closed” security philosophy, prioritizing system integrity over ease-of-use where necessary.

* Platform: MSI z890-s WiFi * CPU: Intel Ultra 7 265k (Arrow Lake-S) * Memory: 64GB DDR5 G.Skill Trident @ 6000 MT/s (iEXPO enabled) * CPU Profile: Intel 200s Boost Profile (Customized for stability)

* Xanmod Kernel (6.19.6): Downgraded and held via APT to match i915-sriov-dkms driver compatibility. * GRUB Boot Flags:

• intel_iommu=on & i915.force_probe=7d67: Required for SR-IOV/iommu mapping.
• mitigations=off: Disables CPU side-channel mitigations for maximum performance.
• pcie_aspm=off: Disables Active State Power Management for PCIe (improves stability).
• nosplash & quiet: Clean boot for easier diagnostic.
• nvme_core.default_ps_max_latency_us=0: Prevents NVMe drives from entering deep sleep (reduces latency).
• i915.enable_guc=3 & i915.max_vfs=1: Configures the iGPU for SR-IOV.

* Mount Options (fstab):

• noatime: Disables access-time updates to reduce write overhead.
• commit=60: Increases the commit interval from 30s to 60s (improves I/O throughput).
• compress=zstd:1: Enables real-time Zstandard compression for space and speed.

* Data Integrity: Periodic btrfs scrub scheduled to monitor for bit-rot/corruption.

* vCPU Pinning:

• Host P-Cores (1-4) pinned to the Windows VM to minimize context switching.
• IOThread pinned to Core 9 for dedicated disk/network processing.

* Memory Performance:

• hugepages: Enabled for lower memory latency.
• memfd shared memory: Required for high-speed iGPU buffer sharing.

* VirtIO Migration:

• Boot disk migrated from SATA to virtio-scsi for high-performance I/O.
• Network NIC migrated to virtio (RedHat drivers).

* Public Access: DuckDNS dynamic IP update script (/usr/local/bin/duckdns-update.sh). * SSL/TLS: Let's Encrypt (Certbot) enabled for killmyself.duckdns.org with HTTP→HTTPS redirect. * Interactive Tables: SortableJS plugin installed for the RAID stats table.

* check_sriov_health.sh: Custom script to ensure iGPU VFs are active post-reboot. * security_audit.sh: Scans for unauthorized logins, open ports, and VF hijacks. * Netdata Integration: Real-time anomaly detection and performance dashboarding.