Harald Hoyer
e68012ff09
- Created a `limits` module to centralize system limit configurations. - Replaced inlined user and systemd limits with the new module on aarch64 and x86_64 platforms. - Simplifies maintenance and ensures consistency across configurations.
46 lines
977 B
Nix
46 lines
977 B
Nix
{
|
|
options,
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
with lib;
|
|
with lib.metacfg;
|
|
let
|
|
cfg = config.metacfg.system.limits;
|
|
in
|
|
{
|
|
options.metacfg.system.limits = with types; {
|
|
enable = mkBoolOpt false "Whether or not to enable system limits configuration.";
|
|
nofileLimit = mkOption {
|
|
type = types.int;
|
|
default = 32768;
|
|
description = "Maximum number of open file descriptors per process.";
|
|
};
|
|
memlockLimit = mkOption {
|
|
type = types.int;
|
|
default = 32768;
|
|
description = "Maximum locked-in-memory address space.";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
systemd.user.extraConfig = "DefaultLimitNOFILE=${toString cfg.nofileLimit}";
|
|
|
|
security.pam.loginLimits = [
|
|
{
|
|
domain = "*";
|
|
item = "nofile";
|
|
type = "-";
|
|
value = toString cfg.nofileLimit;
|
|
}
|
|
{
|
|
domain = "*";
|
|
item = "memlock";
|
|
type = "-";
|
|
value = toString cfg.memlockLimit;
|
|
}
|
|
];
|
|
};
|
|
} |