From fc961bfb1e5645e7305a7ce45a40818cae26ab12 Mon Sep 17 00:00:00 2001
From: Hugo Herter <git@hugoherter.com>
Date: Thu, 27 Feb 2025 16:32:37 +0100
Subject: [PATCH 1/2] Fix: IPFS Kubo could use unlimited resources

In observations on multiple CRNs and CCNs,
it seems to use around 700-900 MB.

Limiting the resources to 2GB and hard to 4GB
seems therefore sensible.
---
 packaging/aleph-vm/etc/ipfs/kubo.json              | 7 +++++--
 packaging/aleph-vm/etc/systemd/system/ipfs.service | 2 ++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/packaging/aleph-vm/etc/ipfs/kubo.json b/packaging/aleph-vm/etc/ipfs/kubo.json
index 9957b142e..2b28b3ca3 100644
--- a/packaging/aleph-vm/etc/ipfs/kubo.json
+++ b/packaging/aleph-vm/etc/ipfs/kubo.json
@@ -9,9 +9,12 @@
     "Strategy": "roots"
   },
   "Swarm": {
-    "EnableHolePunching":false,
+    "EnableHolePunching": false,
     "RelayService": {
       "Enabled": false
+    },
+    "ResourceMgr": {
+      "MaxMemory": "1GB"
     }
   }
-}
+}
\ No newline at end of file
diff --git a/packaging/aleph-vm/etc/systemd/system/ipfs.service b/packaging/aleph-vm/etc/systemd/system/ipfs.service
index 66a753036..39bbe2ab8 100644
--- a/packaging/aleph-vm/etc/systemd/system/ipfs.service
+++ b/packaging/aleph-vm/etc/systemd/system/ipfs.service
@@ -50,6 +50,8 @@ ProtectHome=true
 RemoveIPC=true
 RestrictSUIDSGID=true
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+MemoryHigh=2G
+MemoryMax=4G
 
 # enable for 1-1024 port listening
 #AmbientCapabilities=CAP_NET_BIND_SERVICE

From b08df08857358c67acfe1fc84510eec9fbd50c4a Mon Sep 17 00:00:00 2001
From: Olivier Le Thanh Duong <olivier@lethanh.be>
Date: Fri, 28 Feb 2025 11:55:15 +0100
Subject: [PATCH 2/2] Set GOMEMLIMIT to avoid hitting the systemd limit and
 getting oom killed

---
 packaging/aleph-vm/etc/systemd/system/ipfs.service | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/packaging/aleph-vm/etc/systemd/system/ipfs.service b/packaging/aleph-vm/etc/systemd/system/ipfs.service
index 39bbe2ab8..477397fc0 100644
--- a/packaging/aleph-vm/etc/systemd/system/ipfs.service
+++ b/packaging/aleph-vm/etc/systemd/system/ipfs.service
@@ -50,6 +50,9 @@ ProtectHome=true
 RemoveIPC=true
 RestrictSUIDSGID=true
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+# set memory limit to avoid taking all the CRN ressource and getting OOM
+# https://github.com/ipfs/kubo/blob/master/docs/config.md#swarmresourcemgrmaxmemory
+Environment=GOMEMLIMIT=1900m
 MemoryHigh=2G
 MemoryMax=4G