Limit user resources on *geniux*

By ignorance and inattention, users run calculations on our gateway
server *geniux*, affecting all other users.

Prevent that technically, by limitting the resources to one CPU and ten
percent of the memory. See systemd.resource-control(5) for more details.

The current resource limits for user id 133 can be checked With
`systemd-cgls` and `systemctl status user-133.slice`.

Users can still cripple the system with high IO and network load.

install.sh

@@ -146,6 +146,9 @@ install_data misc_systemd_units/user@.service.d/depend-on-remote-homes.conf \
 mkdir -p "$DESTDIR$sysconfdir/systemd/logind.conf.d"
 install_data misc_etc_files/systemd/logind.conf.d/disable_RemoveIPC.conf \
                                                           "$DESTDIR$sysconfdir/systemd/logind.conf.d/disable_RemoveIPC.conf"
+mkdir -p "$DESTDIR$systemdunitdir/user-.slice.d"
+install_data misc_systemd_units/20-resource-limits-geniux.conf \
+                                                          "$DESTDIR$systemdunitdir/user-.slice.d/20-resource-limits-geniux.conf"
 install_data logrotate/logrotate.conf                     "$DESTDIR$sysconfdir/logrotate.conf"
 install_data logrotate/logrotate.service                  "$DESTDIR$systemdunitdir/logrotate.service"
 install_data logrotate/logrotate.timer                    "$DESTDIR$systemdunitdir/logrotate.timer"

misc_systemd_units/20-resource-limits-geniux.conf

@@ -0,0 +1,19 @@
+#  SPDX-License-Identifier: LGPL-2.1+
+#
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=User Slice of UID %j
+Documentation=man:user@.service(5)
+After=systemd-user-sessions.service
+StopWhenUnneeded=yes
+ConditionHost=geniux.molgen.mpg.de
+
+[Slice]
+CPUQuota=100%
+MemoryMax=10%