36 lines
1.3 KiB
YAML
36 lines
1.3 KiB
YAML
|
|
---
|
||
|
|
# resource_limits role — PAM nproc caps + systemd user slice memory limits
|
||
|
|
#
|
||
|
|
# Variables (set per-host in host_vars):
|
||
|
|
# resource_limit_user: username to limit (default: tegwick)
|
||
|
|
# resource_limit_uid: UID for systemd user slice (default: 1000)
|
||
|
|
# nproc_soft: soft nproc limit (default: 512)
|
||
|
|
# nproc_hard: hard nproc limit (default: 1024)
|
||
|
|
# user_memory_max: systemd MemoryMax (default: 1500M)
|
||
|
|
# user_memory_swap_max: systemd MemorySwapMax (default: 512M)
|
||
|
|
|
||
|
|
- name: Set PAM nproc limits
|
||
|
|
ansible.builtin.template:
|
||
|
|
src: nproc-limits.conf.j2
|
||
|
|
dest: /etc/security/limits.d/60-nproc-{{ resource_limit_user | default('tegwick') }}.conf
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
mode: '0644'
|
||
|
|
|
||
|
|
- name: Ensure systemd user slice override directory
|
||
|
|
ansible.builtin.file:
|
||
|
|
path: "/etc/systemd/system/user-{{ resource_limit_uid | default(1000) }}.slice.d"
|
||
|
|
state: directory
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
mode: '0755'
|
||
|
|
|
||
|
|
- name: Set systemd user slice memory limits
|
||
|
|
ansible.builtin.template:
|
||
|
|
src: user-slice-limits.conf.j2
|
||
|
|
dest: "/etc/systemd/system/user-{{ resource_limit_uid | default(1000) }}.slice.d/limits.conf"
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
mode: '0644'
|
||
|
|
notify: Reload systemd daemon
|