path: root/profiles/cgroups.nix



# Stolen from https://git.lix.systems/the-distro/infra/src/branch/main/common/cgroups.nix
# Relatively inspired by fbtax2:
# https://facebookmicrosites.github.io/cgroup2/docs/fbtax-results.html
{ ... }:
let
  systemCriticalSliceConfig = {
    ManagedOOMMemoryPressure = "kill";

    # guarantee availability of memory
    MemoryMin = "192M";
    # default 100
    IOWeight = 1000;
    # default 100
    CPUWeight = 1000;
  };
in
{
  systemd.oomd = {
    enable = true;
    enableRootSlice = true;
    enableSystemSlice = true;
    enableUserSlices = true;
  };

  systemd.services.nix-daemon = {
    serviceConfig = {
      CPUWeight = 10;
      IOWeight = 10;
    };
  };

  systemd.slices.hostcritical = {
    description = "Ensures that services to keep the system alive remain alive";

    unitConfig = {
      # required to avoid a dependency cycle on systemd-oomd. systemd will
      # actually guess this right but we should fix it anyway.
      DefaultDependencies = false;
    };

    sliceConfig = systemCriticalSliceConfig;
  };

  # make root logins higher priority for resources
  systemd.slices."user-0" = {
    sliceConfig = systemCriticalSliceConfig;
  };

  systemd.slices.system = {
    sliceConfig = {
      ManagedOOMMemoryPressure = "kill";
      ManagedOOMMemoryPressureLimit = "50%";

      IOWeight = 100;
    };
  };

  systemd.services.sshd = {
    serviceConfig = {
      Slice = "hostcritical.slice";
    };
  };

  systemd.services.systemd-oomd = {
    serviceConfig = {
      Slice = "hostcritical.slice";
    };
  };

  systemd.services.systemd-journald = {
    serviceConfig = {
      Slice = "hostcritical.slice";
    };
  };
}
# Stolen from https://git.lix.systems/the-distro/infra/src/branch/main/common/cgroups.nix
# Relatively inspired by fbtax2:
# https://facebookmicrosites.github.io/cgroup2/docs/fbtax-results.html
{ ... }:
let
  systemCriticalSliceConfig = {
    ManagedOOMMemoryPressure = "kill";

    # guarantee availability of memory
    MemoryMin = "192M";
    # default 100
    IOWeight = 1000;
    # default 100
    CPUWeight = 1000;
  };
in
{
  systemd.oomd = {
    enable = true;
    enableRootSlice = true;
    enableSystemSlice = true;
    enableUserSlices = true;
  };

  systemd.services.nix-daemon = {
    serviceConfig = {
      CPUWeight = 10;
      IOWeight = 10;
    };
  };

  systemd.slices.hostcritical = {
    description = "Ensures that services to keep the system alive remain alive";

    unitConfig = {
      # required to avoid a dependency cycle on systemd-oomd. systemd will
      # actually guess this right but we should fix it anyway.
      DefaultDependencies = false;
    };

    sliceConfig = systemCriticalSliceConfig;
  };

  # make root logins higher priority for resources
  systemd.slices."user-0" = {
    sliceConfig = systemCriticalSliceConfig;
  };

  systemd.slices.system = {
    sliceConfig = {
      ManagedOOMMemoryPressure = "kill";
      ManagedOOMMemoryPressureLimit = "50%";

      IOWeight = 100;
    };
  };

  systemd.services.sshd = {
    serviceConfig = {
      Slice = "hostcritical.slice";
    };
  };

  systemd.services.systemd-oomd = {
    serviceConfig = {
      Slice = "hostcritical.slice";
    };
  };

  systemd.services.systemd-journald = {
    serviceConfig = {
      Slice = "hostcritical.slice";
    };
  };
}