railiance-infra/ansible/roles/resource_limits/tasks/main.yml

36 lines
1.3 KiB
YAML
Raw Normal View History

---
# resource_limits role — PAM nproc caps + systemd user slice memory limits
#
# Variables (set per-host in host_vars):
# resource_limit_user: username to limit (default: tegwick)
# resource_limit_uid: UID for systemd user slice (default: 1000)
# nproc_soft: soft nproc limit (default: 512)
# nproc_hard: hard nproc limit (default: 1024)
# user_memory_max: systemd MemoryMax (default: 1500M)
# user_memory_swap_max: systemd MemorySwapMax (default: 512M)
- name: Set PAM nproc limits
ansible.builtin.template:
src: nproc-limits.conf.j2
dest: /etc/security/limits.d/60-nproc-{{ resource_limit_user | default('tegwick') }}.conf
owner: root
group: root
mode: '0644'
- name: Ensure systemd user slice override directory
ansible.builtin.file:
path: "/etc/systemd/system/user-{{ resource_limit_uid | default(1000) }}.slice.d"
state: directory
owner: root
group: root
mode: '0755'
- name: Set systemd user slice memory limits
ansible.builtin.template:
src: user-slice-limits.conf.j2
dest: "/etc/systemd/system/user-{{ resource_limit_uid | default(1000) }}.slice.d/limits.conf"
owner: root
group: root
mode: '0644'
notify: Reload systemd daemon