nixos: define user limits

nixos/users.nix

@@ -1,27 +1,56 @@
-{ pkgs, ... }:
+{ lib, ... }:
-{
+let
-  users.users =
+  adminGroups = [
-    let
+    "adm"
-      adminGroups = [
+    "named"
-        "adm"
+    "networkmanager"
-        "named"
+    "nginx"
-        "networkmanager"
+    "tuxcord"
-        "nginx"
+    "wheel"
-        "tuxcord"
+  ];
-        "wheel"
-      ];
-    in
-    {
-      error = {
-        isNormalUser = true;
-        shell = pkgs.fish;
-        extraGroups = adminGroups;
-      };
 
-      javalsai = {
+  mkUser = name: uid: options: {
-        isNormalUser = true;
+    users.users.${name} = {
-        shell = pkgs.zsh;
+      isNormalUser = true;
-        extraGroups = adminGroups;
+      extraGroups = lib.optionals (options.admin or false) adminGroups;
-      };
+      inherit uid;
     };
-}
+
+    systemd.slices."user-${builtins.toString uid}".sliceConfig = {
+      CPUQuota = "50%";
+      CPUWeight = "10";
+      IOAccounting = true;
+      IOWeight = "10";
+      MemoryMax = "2G";
+      MemorySwapMax = "1G";
+      TasksMax = "100";
+    };
+  };
+in
+(builtins.foldl'
+  (attrs: user: {
+    options = lib.recursiveUpdate attrs.options (mkUser user.name attrs.uid (user.options or { }));
+    uid = attrs.uid + 1;
+  })
+  {
+    options = { };
+    uid = 1000;
+  }
+  [
+    {
+      name = "error";
+      options.admin = true;
+    }
+    {
+      name = "javalsai";
+      options.admin = true;
+    }
+    {
+      name = "max";
+      options.admin = true;
+    }
+    {
+      name = "vectorum";
+    }
+  ]
+).options