Unverified Commit 7455baca authored by Doron Behar's avatar Doron Behar Committed by GitHub
Browse files

nohang: init at 0.2.0, nixos/nohang: init (#409254)

parents 6acb057d 12c0a7fc

maintainers/maintainer-list.nix

+5 −0
Original line number Diff line number Diff line
@@ -6484,6 +6484,11 @@ 
      }

    ];

  };

  Dev380 = {

    name = "Dev380";

    github = "Dev380";

    githubId = 49997896;

  };

  developer-guy = {

    name = "Batuhan Apaydın";

    email = "developerguyn@gmail.com";

nixos/doc/manual/release-notes/rl-2605.section.md

+2 −0
Original line number Diff line number Diff line
@@ -22,6 +22,8 @@ 


- [LibreChat](https://www.librechat.ai/), open-source self-hostable ChatGPT clone with Agents and RAG APIs. Available as [services.librechat](#opt-services.librechat.enable).



- [nohang](https://github.com/hakavlad/nohang), a daemon for Linux that prevents out of memory (OOM) situations from affecting system responsiveness. Available as [services.nohang](#opt-services.nohang.enable)



- [DankMaterialShell](https://danklinux.com), a complete desktop shell for Wayland compositors built with Quickshell. Available as [programs.dms-shell](#opt-programs.dms-shell.enable).



- [dms-greeter](https://danklinux.com), a modern display manager greeter for DankMaterialShell that works with greetd and supports multiple Wayland compositors. Available as [services.displayManager.dms-greeter](#opt-services.displayManager.dms-greeter.enable).

nixos/modules/module-list.nix

+1 −0
Original line number Diff line number Diff line
@@ -1532,6 +1532,7 @@ 
  ./services/system/localtimed.nix

  ./services/system/nix-daemon-firewall.nix

  ./services/system/nix-daemon.nix

  ./services/system/nohang.nix

  ./services/system/nscd.nix

  ./services/system/nvme-rs.nix

  ./services/system/saslauthd.nix

nixos/modules/services/system/nohang.nix

0 → 100644
+113 −0
Original line number Diff line number Diff line 
{

  config,

  lib,

  pkgs,

  ...

}:

let

  cfg = config.services.nohang;



  inherit (lib)

    literalExpression

    mkEnableOption

    mkIf

    mkOption

    mkPackageOption

    types

    ;

in

{

  meta = {

    maintainers = with lib.maintainers; [ Dev380 ];

  };



  options.services.nohang = {

    enable = mkEnableOption "nohang, a daemon that keeps system responsiveness when Linux is out of memory";



    package = mkPackageOption pkgs "nohang" { };



    configPath = mkOption {

      type = types.either (types.enum [

        "basic"

        "desktop"

      ]) types.path;

      default = "desktop";

      example = literalExpression "./my-nohang-config.conf";

      description = ''

        Configuration file to use with nohang. The default and desktop example configurations in the nohang repository

        can be used by setting this to "basic" or "desktop" (which is the default). Otherwise, you can set it to the path

        of a custom configuration file.

      '';

    };

  };



  config = mkIf cfg.enable {

    systemd.services.nohang = {

      description = "Sophisticated low memory handler";

      documentation = [

        "man:nohang(8)"

        "https://github.com/hakavlad/nohang"

      ];

      after = [ "sysinit.target" ];

      wantedBy = [ "multi-user.target" ];

      serviceConfig = {

        ExecStart =

          "${lib.getExe cfg.package} --monitor --config "

          + (

            if cfg.configPath == "basic" then

              "${cfg.package}/etc/nohang/nohang.conf"

            else if cfg.configPath == "desktop" then

              "${cfg.package}/etc/nohang/nohang-desktop.conf"

            else

              cfg.configPath

          );

        Slice = "hostcritical.slice";

        SyslogIdentifier =

          if cfg.configPath == "basic" then

            "nohang"

          else if cfg.configPath == "desktop" then

            "nohang-desktop"

          else

            "nohang-custom-config";

        KillMode = "mixed";

        Restart = "always";

        RestartSec = 0;



        CPUSchedulingResetOnFork = true;

        RestrictRealtime = "yes";



        TasksMax = 25;

        MemoryMax = "100M";

        MemorySwapMax = "100M";



        UMask = 27;

        ProtectSystem = "strict";

        ReadWritePaths = "/var/log";

        InaccessiblePaths = "/home /root";

        ProtectKernelTunables = true;

        ProtectKernelModules = true;

        ProtectControlGroups = true;

        ProtectHostname = true;

        MemoryDenyWriteExecute = "yes";

        RestrictNamespaces = "yes";

        LockPersonality = "yes";

        PrivateTmp = true;

        DeviceAllow = "/dev/kmsg rw";

        DevicePolicy = "closed";



        CapabilityBoundingSet = [

          "CAP_KILL"

          "CAP_IPC_LOCK"

          "CAP_SYS_PTRACE"

          "CAP_DAC_READ_SEARCH"

          "CAP_DAC_OVERRIDE"

          "CAP_AUDIT_WRITE"

          "CAP_SETUID"

          "CAP_SETGID"

          "CAP_SYS_RESOURCE"

          "CAP_SYSLOG"

        ];

      };

    };

  };

}

nixos/tests/all-tests.nix

+1 −0
Original line number Diff line number Diff line
@@ -1105,6 +1105,7 @@ in 
  nixpkgs = pkgs.callPackage ../modules/misc/nixpkgs/test.nix { inherit evalMinimalConfig; };

  nixseparatedebuginfod2 = runTest ./nixseparatedebuginfod2.nix;

  node-red = runTest ./node-red.nix;

  nohang = runTest ./nohang.nix;

  nomad = runTest ./nomad.nix;

  nominatim = runTest ./nominatim.nix;

  non-default-filesystems = handleTest ./non-default-filesystems.nix { };