From 9891fb3f35df9c2af0cc09f379cfa4f0045fd7fd Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Sun, 3 Dec 2023 16:11:07 +0100
Subject: [PATCH] add sysbox services

---
 hosts/fw.cloonar.com/configuration.nix  |  1 +
 hosts/fw.cloonar.com/modules/sysbox.nix | 60 +++++++++++++++++++++++++
 2 files changed, 61 insertions(+)
 create mode 100644 hosts/fw.cloonar.com/modules/sysbox.nix

diff --git a/hosts/fw.cloonar.com/configuration.nix b/hosts/fw.cloonar.com/configuration.nix
index a726a9a..47fcac0 100644
--- a/hosts/fw.cloonar.com/configuration.nix
+++ b/hosts/fw.cloonar.com/configuration.nix
@@ -23,6 +23,7 @@
     ./modules/omada.nix
 
     # git
+    ./modules/sysbox.nix;
     ./modules/gitea.nix
     ./modules/drone/server.nix
     ./modules/drone/runner.nix
diff --git a/hosts/fw.cloonar.com/modules/sysbox.nix b/hosts/fw.cloonar.com/modules/sysbox.nix
new file mode 100644
index 0000000..f835d65
--- /dev/null
+++ b/hosts/fw.cloonar.com/modules/sysbox.nix
@@ -0,0 +1,60 @@
+{ pkgs, ... }:
+{
+  systemd.services.sysbox = {
+    description = "Sysbox container runtime";
+    documentation = "https://github.com/nestybox/sysbox";
+    bindsTo = [ "sysbox-mgr.service" "sysbox-fs.service" ];
+    after = [ "sysbox-mgr.service" "sysbox-fs.service" ];
+    before = [ "docker.service" "containerd.service" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "exec";
+      ExecStart = ''
+        /bin/sh -c "${pkgs.sysbox}/bin/sysbox-runc --version && ${pkgs.sysbox}/bin/sysbox-mgr --version && ${pkgs.sysbox}/bin/sysbox-fs --version && /bin/sleep infinity"
+      '';
+    };
+  };
+
+  systemd.services.sysbox-fs = {
+    description = "sysbox-fs (part of the Sysbox container runtime)";
+    partOf = "sysbox.service";
+    after = "sysbox-mgr.service";
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "simple";
+      Type = "notify";
+      ExecStart = "${pkgs.sysbox}/bin/sysbox-fs";
+      TimeoutStartSec = 10;
+      TimeoutStopSec = 10;
+      StartLimitInterval = 0;
+      NotifyAccess = "main";
+      OOMScoreAdjust = -500;
+      # The number of files opened by sysbox-fs is a function of the number of
+      # containers and the workloads within them. Thus we set the limit to
+      # infinite so to prevent "too many open files" errors.
+      LimitNOFILE = "infinity";
+      LimitNPROC = "infinity";
+    };
+  };
+
+  systemd.services.sysbox-mgr = {
+    description = "sysbox-mgr (part of the Sysbox container runtime)";
+    partOf = "sysbox.service";
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "simple";
+      Type = "notify";
+      ExecStart = "${pkgs.sysbox}/bin/sysbox-mgr";
+      TimeoutStartSec = 45;
+      TimeoutStopSec = 90;
+      StartLimitInterval = 0;
+      NotifyAccess = "main";
+      OOMScoreAdjust = -500;
+      # The number of files opened by sysbox-fs is a function of the number of
+      # containers and the workloads within them. Thus we set the limit to
+      # infinite so to prevent "too many open files" errors.
+      LimitNOFILE = "infinity";
+      LimitNPROC = "infinity";
+    };
+  };
+}