From 9a3da4124c705c9b17c9c4b19e506ca54cbacbdb Mon Sep 17 00:00:00 2001
From: ErrorNoInternet <errornointernet@envs.net>
Date: Sat, 18 Apr 2026 18:36:48 -0400
Subject: [PATCH] nixos: define user limits

---
 nixos/users.nix | 75 ++++++++++++++++++++++++++++++++-----------------
 1 file changed, 50 insertions(+), 25 deletions(-)

diff --git a/nixos/users.nix b/nixos/users.nix
index 9cba1a7..2b53363 100644
--- a/nixos/users.nix
+++ b/nixos/users.nix
@@ -1,27 +1,52 @@
-{ pkgs, ... }:
-{
-  users.users =
-    let
-      adminGroups = [
-        "adm"
-        "named"
-        "networkmanager"
-        "nginx"
-        "tuxcord"
-        "wheel"
-      ];
-    in
-    {
-      error = {
-        isNormalUser = true;
-        shell = pkgs.fish;
-        extraGroups = adminGroups;
-      };
+{ lib, ... }:
+let
+  inherit (lib) optionals;
 
-      javalsai = {
-        isNormalUser = true;
-        shell = pkgs.zsh;
-        extraGroups = adminGroups;
-      };
+  adminGroups = [
+    "adm"
+    "named"
+    "networkmanager"
+    "nginx"
+    "tuxcord"
+    "wheel"
+  ];
+
+  mkUser = name: uid: options: {
+    users.users.${name} = {
+      isNormalUser = true;
+      extraGroups = optionals options.admin adminGroups;
+      inherit uid;
     };
-}
+
+    systemd.slices."user-${uid}".sliceConfig = {
+      CPUQuota = "50%";
+      CPUWeight = "10";
+      IOAccounting = true;
+      IOWeight = "10";
+      MemoryMax = "2G";
+      MemorySwapMax = "1G";
+      TasksMax = "100";
+    };
+  };
+in
+map (user: mkUser user.name user.uid user.options) [
+  {
+    name = "error";
+    uid = 1000;
+    options.admin = true;
+  }
+  {
+    name = "javalsai";
+    uid = 1001;
+    options.admin = true;
+  }
+  {
+    name = "deadvey";
+    uid = 1002;
+    options.admin = true;
+  }
+  {
+    name = "vectorum";
+    uid = 1003;
+  }
+]