From d611cc5a262afb8bfc2de4d523348186079a4f54 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sun, 3 Mar 2024 11:34:39 +0100
Subject: [PATCH] ulimit: limit maximum number of processes per user

- Limits the number of processes a user can start to 2000
  Mostly in place to prevent fork bombs taking down the host.
- If anyone encounters problems with this number we can raise it
---
 hosts/quitte/configuration.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/hosts/quitte/configuration.nix b/hosts/quitte/configuration.nix
index c56ca8c..32c369e 100644
--- a/hosts/quitte/configuration.nix
+++ b/hosts/quitte/configuration.nix
@@ -29,6 +29,15 @@
     git
   ];
 
+  # prevent fork bombs
+  security.pam.loginLimits = [
+    {
+      domain = "@users";
+      item = "nproc";
+      type = "hard";
+      value = "2000";
+    }
+  ];
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
   services.openssh.settings.PermitRootLogin = "yes";