wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

quitte: enable memory resource control

Browse source 
Limits the Memory of some important slices via systemd cgroup management.

- nix-daemon may not use more than 32 GB of Memory
- all users together may not use more than 32GB of Memory

See man systemd.resource-control(5) for more detailed information.
This commit is contained in:
Rouven Seifert 2024-02-25 21:52:36 +01:00
parent be6fbd9d67
commit 522351905c
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
hosts/quitte/configuration.nix
View file

@ -33,6 +33,17 @@
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes"; services.openssh.settings.PermitRootLogin = "yes";
systemd = {
services.nix-daemon.serviceConfig = {
MemoryMax = "32G";
};
# all users together may not use more than $MemoryMax of RAM
slices."user".sliceConfig = {
MemoryMax = "32G";
};
};
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 443 80 ]; networking.firewall.allowedTCPPorts = [ 443 80 ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];