---
- name: Tune /etc/security/limit.conf for LXD hosting
  template:
    src: limits.conf.j2
    dest: /etc/security/limits.conf
  tags:
    - tune

- name: Find min tcp_mem
  shell: cat /proc/sys/net/ipv4/tcp_mem | awk '{ print $1 }'
  register: min_tcp_mem
  changed_when: False
  tags:
    - tune

- name: Tune sysctl parameters for LXD hosting
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
  with_items:
    - { name: fs.inotify.max_queued_events, value: 1048576 }
    - { name: fs.inotify.max_user_instances, value: 1048576 }
    - { name: fs.inotify.max_user_watches, value: 1048576 }
    - { name: vm.max_map_count, value: 262144 }
    - { name: kernel.dmesg_restrict, value: 1 }
    - { name: net.core.netdev_max_backlog, value: "{{ min_tcp_mem.stdout_lines[0] }}" }
    - { name: vm.swappiness, value: 0 }
  tags:
    - tune