From 22bf60ab6aed60d7de20e38a2dc87ece78de3bc1 Mon Sep 17 00:00:00 2001
From: ErrorNoInternet <errornointernet@envs.net>
Date: Sat, 18 Apr 2026 18:36:48 -0400
Subject: [PATCH] nixos: define user limits

---
 nixos/users.nix | 79 +++++++++++++++++++++++++++++++++----------------
 1 file changed, 54 insertions(+), 25 deletions(-)

diff --git a/nixos/users.nix b/nixos/users.nix
index 9cba1a7..76d2853 100644
--- a/nixos/users.nix
+++ b/nixos/users.nix
@@ -1,27 +1,56 @@
-{ pkgs, ... }:
-{
-  users.users =
-    let
-      adminGroups = [
-        "adm"
-        "named"
-        "networkmanager"
-        "nginx"
-        "tuxcord"
-        "wheel"
-      ];
-    in
-    {
-      error = {
-        isNormalUser = true;
-        shell = pkgs.fish;
-        extraGroups = adminGroups;
-      };
+{ lib, ... }:
+let
+  adminGroups = [
+    "adm"
+    "named"
+    "networkmanager"
+    "nginx"
+    "tuxcord"
+    "wheel"
+  ];
 
-      javalsai = {
-        isNormalUser = true;
-        shell = pkgs.zsh;
-        extraGroups = adminGroups;
-      };
+  mkUser = name: uid: options: {
+    users.users.${name} = {
+      isNormalUser = true;
+      extraGroups = lib.optionals (options.admin or false) adminGroups;
+      inherit uid;
     };
-}
+
+    systemd.slices."user-${builtins.toString uid}".sliceConfig = {
+      CPUQuota = "50%";
+      CPUWeight = "10";
+      IOAccounting = true;
+      IOWeight = "10";
+      MemoryMax = "2G";
+      MemorySwapMax = "1G";
+      TasksMax = "100";
+    };
+  };
+in
+(builtins.foldl'
+  (attrs: user: {
+    options = lib.recursiveUpdate attrs.options (mkUser user.name attrs.uid (user.options or { }));
+    uid = attrs.uid + 1;
+  })
+  {
+    options = { };
+    uid = 1000;
+  }
+  [
+    {
+      name = "error";
+      options.admin = true;
+    }
+    {
+      name = "javalsai";
+      options.admin = true;
+    }
+    {
+      name = "max";
+      options.admin = true;
+    }
+    {
+      name = "vectorum";
+    }
+  ]
+).options