titan-iac/services/maintenance/node-nofile-script.yaml

# services/maintenance/node-nofile-script.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: node-nofile-script
  namespace: maintenance
data:
  node_nofile.sh: |
    #!/usr/bin/env bash
    set -euo pipefail

    limit_line="LimitNOFILE=1048576"
    changed=0

    for unit in k3s k3s-agent; do
      unit_file="/host/etc/systemd/system/${unit}.service"
      if [ -f "${unit_file}" ]; then
        dropin_dir="/host/etc/systemd/system/${unit}.service.d"
        dropin_file="${dropin_dir}/99-nofile.conf"
        if [ ! -f "${dropin_file}" ] || ! grep -q "${limit_line}" "${dropin_file}"; then
          mkdir -p "${dropin_dir}"
          printf "[Service]\n%s\n" "${limit_line}" > "${dropin_file}"
          changed=1
        fi
      fi
    done

    if [ "${changed}" -eq 1 ]; then
      sleep "$(( (RANDOM % 300) + 10 ))"
      chroot /host /bin/systemctl daemon-reload
      for unit in k3s k3s-agent; do
        if [ -f "/host/etc/systemd/system/${unit}.service" ]; then
          chroot /host /bin/systemctl restart "${unit}"
        fi
      done
    fi

    sleep infinity