feat(system/limits): add reusable system limits module
- Created a `limits` module to centralize system limit configurations. - Replaced inlined user and systemd limits with the new module on aarch64 and x86_64 platforms. - Simplifies maintenance and ensures consistency across configurations.
This commit is contained in:
parent
6f89baaf94
commit
e68012ff09
46
modules/nixos/system/limits/default.nix
Normal file
46
modules/nixos/system/limits/default.nix
Normal file
|
@ -0,0 +1,46 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
with lib.metacfg;
|
||||
let
|
||||
cfg = config.metacfg.system.limits;
|
||||
in
|
||||
{
|
||||
options.metacfg.system.limits = with types; {
|
||||
enable = mkBoolOpt false "Whether or not to enable system limits configuration.";
|
||||
nofileLimit = mkOption {
|
||||
type = types.int;
|
||||
default = 32768;
|
||||
description = "Maximum number of open file descriptors per process.";
|
||||
};
|
||||
memlockLimit = mkOption {
|
||||
type = types.int;
|
||||
default = 32768;
|
||||
description = "Maximum locked-in-memory address space.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.user.extraConfig = "DefaultLimitNOFILE=${toString cfg.nofileLimit}";
|
||||
|
||||
security.pam.loginLimits = [
|
||||
{
|
||||
domain = "*";
|
||||
item = "nofile";
|
||||
type = "-";
|
||||
value = toString cfg.nofileLimit;
|
||||
}
|
||||
{
|
||||
domain = "*";
|
||||
item = "memlock";
|
||||
type = "-";
|
||||
value = toString cfg.memlockLimit;
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
|
@ -16,6 +16,15 @@ with lib.metacfg;
|
|||
nix.enable = true;
|
||||
podman.enable = true;
|
||||
secureboot.enable = false;
|
||||
|
||||
system = {
|
||||
limits = {
|
||||
enable = true;
|
||||
nofileLimit = 32768;
|
||||
memlockLimit = 32768;
|
||||
};
|
||||
};
|
||||
|
||||
tools = {
|
||||
direnv.enable = true;
|
||||
};
|
||||
|
@ -71,22 +80,5 @@ with lib.metacfg;
|
|||
allowReboot = false;
|
||||
};
|
||||
|
||||
systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
|
||||
|
||||
security.pam.loginLimits = [
|
||||
{
|
||||
domain = "*";
|
||||
item = "nofile";
|
||||
type = "-";
|
||||
value = "32768";
|
||||
}
|
||||
{
|
||||
domain = "*";
|
||||
item = "memlock";
|
||||
type = "-";
|
||||
value = "32768";
|
||||
}
|
||||
];
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
}
|
||||
|
|
|
@ -21,6 +21,16 @@ with lib.metacfg;
|
|||
podman.enable = true;
|
||||
secureboot.enable = true;
|
||||
homeprinter.enable = true;
|
||||
|
||||
system = {
|
||||
limits = {
|
||||
enable = true;
|
||||
nofileLimit = 32768;
|
||||
memlockLimit = 32768;
|
||||
};
|
||||
};
|
||||
|
||||
# User configuration
|
||||
tools = {
|
||||
direnv.enable = true;
|
||||
};
|
||||
|
@ -77,23 +87,6 @@ with lib.metacfg;
|
|||
|
||||
services.trezord.enable = true;
|
||||
|
||||
systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
|
||||
|
||||
security.pam.loginLimits = [
|
||||
{
|
||||
domain = "*";
|
||||
item = "nofile";
|
||||
type = "-";
|
||||
value = "32768";
|
||||
}
|
||||
{
|
||||
domain = "*";
|
||||
item = "memlock";
|
||||
type = "-";
|
||||
value = "32768";
|
||||
}
|
||||
];
|
||||
|
||||
services.ollama = {
|
||||
enable = false;
|
||||
acceleration = "rocm";
|
||||
|
|
Loading…
Reference in a new issue