We are trying to generalize this https://wikitech.wikimedia.org/wiki/Systemd_resource_control
Things to take into account:
- using user-.slice applies the same resource control limitatios to all users, including root, and including admins using sudo. This has side consequences, for example running puppet agent -t -v could be very slow if limits are low.
- we need explicit user slice config if we don't want to get applied the default, for example: user-0.slice (for root) and user-NNNN.slice (NNNN == unix ID of a given opseng)
- @elukey had the idea of adding an unlimited slice config for every opseng in case user-.slice is used. We could auto-generate those files, but we require to know unix IDs in puppet, which I'm not sure we can.