From cc59bd65673f823d40605b31e3b77d3c43f9a415 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Wed, 23 Oct 2024 10:21:20 +0200
Subject: [PATCH] feat: increase NOFILE and MEMLOCK limits in sgx-nixos

Added systemd and PAM configuration to set NOFILE and MEMLOCK limits to 32768. This change enhances the system's capability to handle a larger number of open files and memory-locked segments.
---
 systems/x86_64-linux/sgx-nixos/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/systems/x86_64-linux/sgx-nixos/default.nix b/systems/x86_64-linux/sgx-nixos/default.nix
index 32bd3bf..9654e74 100644
--- a/systems/x86_64-linux/sgx-nixos/default.nix
+++ b/systems/x86_64-linux/sgx-nixos/default.nix
@@ -56,5 +56,12 @@ with lib.metacfg;
 
   powerManagement.cpuFreqGovernor = "ondemand";
 
+  systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
+
+  security.pam.loginLimits = [
+    { domain = "*"; item = "nofile"; type = "-"; value = "32768"; }
+    { domain = "*"; item = "memlock"; type = "-"; value = "32768"; }
+  ];
+
   system.stateVersion = "23.11";
 }