From 60ac10991be6e75a001455a94ea99972ef81cd60 Mon Sep 17 00:00:00 2001
From: Paul Menzel <pmenzel@molgen.mpg.de>
Date: Mon, 11 May 2020 14:37:25 +0200
Subject: [PATCH] Limit user resources on *geniux*

By ignorance and inattention, users run calculations on our gateway
server *geniux*, affecting all other users.

Prevent that technically, by limitting the resources to one CPU and ten
percent of the memory. See systemd.resource-control(5) for more details.

The current resource limits for user id 133 can be checked With
`systemd-cgls` and `systemctl status user-133.slice`.
---
 install.sh                                    |  3 +++
 .../20-resource-limits-geniux.conf            | 19 +++++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 misc_systemd_units/20-resource-limits-geniux.conf

diff --git a/install.sh b/install.sh
index ff2cc168..2e758461 100755
--- a/install.sh
+++ b/install.sh
@@ -146,6 +146,9 @@ install_data misc_systemd_units/user@.service.d/depend-on-remote-homes.conf \
 mkdir -p "$DESTDIR$sysconfdir/systemd/logind.conf.d"
 install_data misc_etc_files/systemd/logind.conf.d/disable_RemoveIPC.conf \
                                                           "$DESTDIR$sysconfdir/systemd/logind.conf.d/disable_RemoveIPC.conf"
+mkdir -p "$DESTDIR$systemdunitdir/user-.slice.d"
+install_data misc_systemd_units/20-resource-limits-geniux.conf \
+                                                          "$DESTDIR$systemdunitdir/user-.slice.d/20-resource-limits-geniux.conf"
 install_data logrotate/logrotate.conf                     "$DESTDIR$sysconfdir/logrotate.conf"
 install_data logrotate/logrotate.service                  "$DESTDIR$systemdunitdir/logrotate.service"
 install_data logrotate/logrotate.timer                    "$DESTDIR$systemdunitdir/logrotate.timer"
diff --git a/misc_systemd_units/20-resource-limits-geniux.conf b/misc_systemd_units/20-resource-limits-geniux.conf
new file mode 100644
index 00000000..a84980cc
--- /dev/null
+++ b/misc_systemd_units/20-resource-limits-geniux.conf
@@ -0,0 +1,19 @@
+#  SPDX-License-Identifier: LGPL-2.1+
+#
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=User Slice of UID %j
+Documentation=man:user@.service(5)
+After=systemd-user-sessions.service
+StopWhenUnneeded=yes
+ConditionHost=geniux.molgen.mpg.de
+
+[Slice]
+CPUQuota=100%
+MemoryMax=10%