diff --git a/modules/config/sysctl.nix b/modules/config/sysctl.nix
new file mode 100644
index 000000000000..c3d5b8d223b2
--- /dev/null
+++ b/modules/config/sysctl.nix
@@ -0,0 +1,58 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+ sysctlOption = mkOptionType {
+ name = "sysctl option value";
+ check = x: builtins.isBool x || builtins.isString x || builtins.isInt x;
+ merge = xs: last xs; # FIXME: hacky way to allow overriding in configuration.nix.
+ };
+
+in
+
+{
+
+ options = {
+
+ boot.kernel.sysctl = mkOption {
+ default = {};
+ example = {
+ "net.ipv4.tcp_syncookies" = false;
+ "vm.swappiness" = 60;
+ };
+ type = types.attrsOf sysctlOption;
+ description = ''
+ Runtime parameters of the Linux kernel, as set by
+ sysctl
+ 8. Note that sysctl
+ parameters names must be enclosed in quotes
+ (e.g. "vm.swappiness" instead of
+ vm.swappiness). The value of each parameter
+ may be a string, integer or Boolean.
+ '';
+ };
+
+ };
+
+ config = {
+
+ environment.etc."sysctl.d/nixos.conf".text =
+ concatStrings (mapAttrsToList (n: v: "${n}=${if v == false then "0" else toString v}\n") config.boot.kernel.sysctl);
+
+ systemd.services.systemd-sysctl =
+ { description = "Apply Kernel Variables";
+ before = [ "sysinit.target" "shutdown.target" ];
+ wantedBy = [ "sysinit.target" "multi-user.target" ];
+ restartTriggers = [ config.environment.etc."sysctl.d/nixos.conf".source ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ ExecStart = "${config.systemd.package}/lib/systemd/systemd-sysctl";
+ };
+ };
+
+ };
+
+}
diff --git a/modules/module-list.nix b/modules/module-list.nix
index 50c746081051..40e9765cd3e5 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -10,6 +10,7 @@
./config/pulseaudio.nix
./config/shells.nix
./config/swap.nix
+ ./config/sysctl.nix
./config/system-path.nix
./config/timezone.nix
./config/unix-odbc-drivers.nix