From 522351905c421529329b5cfd844a621abba0c347 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sun, 25 Feb 2024 21:52:36 +0100
Subject: [PATCH] quitte: enable memory resource control

Limits the Memory of some important slices via systemd cgroup management.

- nix-daemon may not use more than 32 GB of Memory
- all users together may not use more than 32GB of Memory

See man systemd.resource-control(5) for more detailed information.
---
 hosts/quitte/configuration.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/hosts/quitte/configuration.nix b/hosts/quitte/configuration.nix
index 066938d..c56ca8c 100644
--- a/hosts/quitte/configuration.nix
+++ b/hosts/quitte/configuration.nix
@@ -33,6 +33,17 @@
   services.openssh.enable = true;
   services.openssh.settings.PermitRootLogin = "yes";
 
+  systemd = {
+    services.nix-daemon.serviceConfig = {
+      MemoryMax = "32G";
+    };
+    # all users together may not use more than $MemoryMax of RAM
+    slices."user".sliceConfig = {
+      MemoryMax = "32G";
+    };
+  };
+
+
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [ 443 80 ];
   # networking.firewall.allowedUDPPorts = [ ... ];