prevent the kernel from OOMKilling embassyd (#1402)

* prevent the kernel from OOMKilling embassyd

* privilege embassyd with respect to cpu usage

* add a docker slice

backend/embassyd.service

@@ -9,6 +9,9 @@ Environment=RUST_LOG=embassyd=debug,embassy=debug
 ExecStart=/usr/local/bin/embassyd
 Restart=always
 RestartSec=3
+ManagedOOMPreference=avoid
+CPUAccounting=true
+CPUWeight=1000
 
 [Install]
 WantedBy=multi-user.target

build/docker-engine.slice

@@ -0,0 +1,8 @@
+[Unit]
+Description=Slice that limits docker resources 
+Before=slices.target
+
+[Slice]
+MemoryAccounting=true
+MemoryHigh=80%
+MemoryMax=85%

build/initialization.sh

@@ -51,11 +51,12 @@ apt-get autoremove -y
 apt-get upgrade -y
 
 sed -i 's/Restart=on-failure/Restart=always/g' /lib/systemd/system/tor@default.service
+sed -i 's/ExecStart=\/usr\/bin\/dockerd/ExecStart=\/usr\/bin\/dockerd --exec-opt native.cgroupdriver=systemd/g' /lib/systemd/system/docker.service
 sed -i '/}/i \ \ \ \ application\/wasm \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ wasm;' /etc/nginx/mime.types
 sed -i 's/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 128;/g' /etc/nginx/nginx.conf
-# sed -i 's/ExecStart=\/sbin\/wpa_supplicant -u -s -O \/run\/wpa_supplicant/ExecStart=\/sbin\/wpa_supplicant -u -s -O \/run\/wpa_supplicant -c \/etc\/wpa_supplicant.conf -i wlan0/g' /lib/systemd/system/wpa_supplicant.service
 sed -i 's/#allow-interfaces=eth0/allow-interfaces=eth0,wlan0/g' /etc/avahi/avahi-daemon.conf
 echo "#" > /etc/network/interfaces
+echo '{ "cgroup-parent": "docker-engine.slice" }' > /etc/docker/daemon.json
 mkdir -p /etc/nginx/ssl
 
 # fix to suppress docker warning, fixed in 21.xx release of docker cli: https://github.com/docker/cli/pull/2934