initial resource limits, just guessed, might cause some issues later

2026-01-11 15:38:46 +07:00 · 2026-01-11 15:38:46 +07:00 · 012b5ca858
commit 012b5ca858
parent b3e4af5aca
33 changed files with 91 additions and 0 deletions
--- a/beeper/etc/containers/systemd/aode/aode-relay.container
+++ b/beeper/etc/containers/systemd/aode/aode-relay.container
@ -11,6 +11,9 @@ Volume=/var/containers/aode/data:/db:Z
 # Security
 NoNewPrivileges=true
 DropCapability=ALL
+# Resources
+Memory=1g
+PodmanArgs=--memory-reservation=512m --cpu-shares=1024

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/ask-js/ask-js.container
+++ b/beeper/etc/containers/systemd/ask-js/ask-js.container
@ -13,6 +13,9 @@ Volume=/var/containers/ask-js/config:/app/config:ro,Z
 # Security
 NoNewPrivileges=true
 DropCapability=ALL
+# Resources
+Memory=1g
+PodmanArgs=--memory-reservation=512m --cpus=0.4 --cpu-shares=512

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/caddy/caddy.container
+++ b/beeper/etc/containers/systemd/caddy/caddy.container
@ -14,6 +14,9 @@ Volume=/var/www:/var/www:z
 NoNewPrivileges=true
 DropCapability=ALL
 AddCapability=NET_ADMIN NET_BIND_SERVICE
+# Resources
+Memory=1g
+PodmanArgs=--memory-reservation=512m --cpu-shares=1024

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/copyparty/copyparty.container
+++ b/beeper/etc/containers/systemd/copyparty/copyparty.container
@ -17,6 +17,9 @@ HealthStartPeriod=1m
 Notify=healthy
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=1g
+PodmanArgs=--memory-reservation=512m --cpus=0.4 --cpu-shares=512

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/ejabberd/ejabberd.container
+++ b/beeper/etc/containers/systemd/ejabberd/ejabberd.container
@ -23,6 +23,9 @@ Volume=/var/containers/ejabberd/database:/opt/ejabberd/database:Z
 Volume=/etc/certs:/etc/letsencrypt/live:ro,z
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=1g
+PodmanArgs=--memory-reservation=512m --cpus=0.4 --cpu-shares=1024

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/forgejo/forgejo.container
+++ b/beeper/etc/containers/systemd/forgejo/forgejo.container
@ -15,6 +15,9 @@ Timezone=local
 Volume=/var/containers/forgejo/data:/data:Z
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=2g
+PodmanArgs=--memory-reservation=512m --cpus=0.4 --cpu-shares=1024

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/freshrss/freshrss.container
+++ b/beeper/etc/containers/systemd/freshrss/freshrss.container
@ -14,6 +14,9 @@ Volume=/var/containers/freshrss/data:/var/www/FreshRSS/data:Z
 Volume=/var/containers/freshrss/extensions:/var/www/FreshRSS/extensions:Z
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=512m
+PodmanArgs=--memory-reservation=256m --cpus=0.2 --cpu-shares=128

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/i2pd/i2pd.container
+++ b/beeper/etc/containers/systemd/i2pd/i2pd.container
@ -10,6 +10,9 @@ Volume=/var/containers/i2pd/data:/home/i2pd/data:Z,U
 # Security
 NoNewPrivileges=true
 DropCapability=ALL
+# Resources
+Memory=256m
+PodmanArgs=--memory-reservation=128m --cpus=0.2 --cpu-shares=128

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/iceshrimp/iceshrimp.container
+++ b/beeper/etc/containers/systemd/iceshrimp/iceshrimp.container
@ -14,6 +14,9 @@ Volume=/var/containers/iceshrimp/data/media:/data/media:Z
 Volume=/var/containers/iceshrimp/config:/app/config:ro,Z
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=2g
+PodmanArgs=--memory-reservation=512m --cpu-shares=1024

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/knot/knot.container
+++ b/beeper/etc/containers/systemd/knot/knot.container
@ -12,6 +12,9 @@ Volume=/var/containers/knot/repositories:/home/git/repositories:Z
 Volume=/var/containers/knot/data:/app:Z
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=512m
+PodmanArgs=--memory-reservation=256m --cpus=0.4 --cpu-shares=256

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/mailserver/mailserver.container
+++ b/beeper/etc/containers/systemd/mailserver/mailserver.container
@ -26,6 +26,9 @@ HealthStartPeriod=1m
 Notify=healthy
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=512m
+PodmanArgs=--memory-reservation=256m --cpus=0.4 --cpu-shares=256

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/mastodon/mastodon-dfdb.container
+++ b/beeper/etc/containers/systemd/mastodon/mastodon-dfdb.container
@ -19,6 +19,8 @@ HealthStartPeriod=10s
 Notify=healthy
 # Security
 NoNewPrivileges=true
+# Resources
+Ulimit=memlock=-1

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/mastodon/mastodon-ingress.container
+++ b/beeper/etc/containers/systemd/mastodon/mastodon-ingress.container
@ -12,6 +12,9 @@ Network=mastodon.network
 Network=postgresql.network
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=512m
+PodmanArgs=--memory-reservation=128m --cpus=0.1 --cpu-shares=512

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/mastodon/mastodon-sidekiq.container
+++ b/beeper/etc/containers/systemd/mastodon/mastodon-sidekiq.container
@ -19,6 +19,8 @@ HealthStartPeriod=1m
 Notify=healthy
 # Security
 NoNewPrivileges=true
+# Resources
+PodmanArgs=--cpu-shares=2048

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/mastodon/mastodon-web.container
+++ b/beeper/etc/containers/systemd/mastodon/mastodon-web.container
@ -22,6 +22,8 @@ HealthStartPeriod=1m
 Notify=healthy
 # Security
 NoNewPrivileges=true
+# Resources
+PodmanArgs=--cpu-shares=2048

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/mollysocket/mollysocket.container
+++ b/beeper/etc/containers/systemd/mollysocket/mollysocket.container
@ -13,6 +13,9 @@ Volume=/var/containers/mollysocket/data:/data:Z
 WorkingDir=/data
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=256m
+PodmanArgs=--memory-reservation=128m --cpus=0.2 --cpu-shares=128

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/pds/pds.container
+++ b/beeper/etc/containers/systemd/pds/pds.container
@ -11,6 +11,9 @@ Volume=/var/containers/pds/data:/pds:Z
 # Security
 NoNewPrivileges=true
 DropCapability=ALL
+# Resources
+Memory=1g
+PodmanArgs=--memory-reservation=512m --cpu-shares=1024

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/postgresql/postgresql.container
+++ b/beeper/etc/containers/systemd/postgresql/postgresql.container
@ -16,6 +16,8 @@ HealthStartPeriod=30s
 Notify=healthy
 # Security
 NoNewPrivileges=true
+# Resources
+ShmSize=1G

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/redlib/redlib.container
+++ b/beeper/etc/containers/systemd/redlib/redlib.container
@ -15,6 +15,9 @@ HealthStartPeriod=30s
 Notify=healthy
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=1g
+PodmanArgs=--memory-reservation=512m --cpus=0.4 --cpu-shares=512

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/safetwitch/safetwitch-backend.container
+++ b/beeper/etc/containers/systemd/safetwitch/safetwitch-backend.container
@ -10,6 +10,9 @@ Environment=URL=https://b.twitch.synth.download
 PublishPort=127.0.0.1:43072:7000
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=1g
+PodmanArgs=--memory-reservation=512m --cpus=1 --cpu-shares=512

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/safetwitch/safetwitch-frontend.container
+++ b/beeper/etc/containers/systemd/safetwitch/safetwitch-frontend.container
@ -15,6 +15,9 @@ Environment=SAFETWITCH_FALLBACK_LOCALE=en
 PublishPort=127.0.0.1:24682:8280
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=256mb
+PodmanArgs=--memory-reservation=128mb --cpus=0.2 --cpu-shares=256

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/searxng/searxng-dfdb.container
+++ b/beeper/etc/containers/systemd/searxng/searxng-dfdb.container
@ -17,6 +17,10 @@ Network=searxng.network
 Volume=/var/containers/searxng/dragonfly:/data:Z
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=256mb
+Ulimit=memlock=-1
+PodmanArgs=--memory-reservation=128mb --cpus=0.2 --cpu-shares=512

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/searxng/searxng.container
+++ b/beeper/etc/containers/systemd/searxng/searxng.container
@ -13,6 +13,9 @@ Volume=/var/containers/searxng/config:/etc/searxng:ro,Z
 Volume=/var/containers/searxng/cache:/var/cache/searxng
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=1g
+PodmanArgs=--memory-reservation=512m --cpus=1 --cpu-shares=512

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/sharkey/sharkey-activity.container
+++ b/beeper/etc/containers/systemd/sharkey/sharkey-activity.container
@ -20,6 +20,8 @@ Volume=/var/containers/sharkey/activity:/sharkey/.config:z
 Volume=/var/containers/sharkey/default.yml:/sharkey/.config/default.yml:ro,z
 # Security
 NoNewPrivileges=true
+# Resources
+PodmanArgs=--cpu-shares=2048

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/sharkey/sharkey-api.container
+++ b/beeper/etc/containers/systemd/sharkey/sharkey-api.container
@ -19,6 +19,8 @@ Volume=/var/containers/sharkey/api:/sharkey/.config:z
 Volume=/var/containers/sharkey/default.yml:/sharkey/.config/default.yml:ro,z
 # Security
 NoNewPrivileges=true
+# Resources
+PodmanArgs=--cpu-shares=2048

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/sharkey/sharkey-dfdb.container
+++ b/beeper/etc/containers/systemd/sharkey/sharkey-dfdb.container
@ -19,6 +19,8 @@ HealthStartPeriod=10s
 Notify=healthy
 # Security
 NoNewPrivileges=true
+# Resources
+Ulimit=memlock=-1

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/sharkey/sharkey-worker.container
+++ b/beeper/etc/containers/systemd/sharkey/sharkey-worker.container
@ -17,6 +17,8 @@ Volume=/var/containers/sharkey/worker:/sharkey/.config:z
 Volume=/var/containers/sharkey/default.yml:/sharkey/.config/default.yml:ro,z
 # Security
 NoNewPrivileges=true
+# Resources
+PodmanArgs=--cpu-shares=2048

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/spindle/spindle.container
+++ b/beeper/etc/containers/systemd/spindle/spindle.container
@ -11,6 +11,9 @@ Volume=/var/containers/spindle/data:/app:Z
 Volume=/var/run/dind/docker.sock:/var/run/docker.sock:z
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=512m
+PodmanArgs=--memory-reservation=256m --cpus=0.4 --cpu-shares=256

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/tor/tor.container
+++ b/beeper/etc/containers/systemd/tor/tor.container
@ -11,6 +11,9 @@ Volume=/var/containers/tor/data:/var/lib/tor:Z
 # Security
 NoNewPrivileges=true
 DropCapability=ALL
+# Resources
+Memory=256m
+PodmanArgs=--memory-reservation=128m --cpus=0.2 --cpu-shares=128

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/vaultwarden/vaultwarden.container
+++ b/beeper/etc/containers/systemd/vaultwarden/vaultwarden.container
@ -9,6 +9,9 @@ PublishPort=127.0.0.1:60838:80
 Volume=/var/containers/vaultwarden/data:/data:Z
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=256m
+PodmanArgs=--memory-reservation=128m --cpus=0.2 --cpu-shares=128

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/xpost/xpost-zenfyr.container
+++ b/beeper/etc/containers/systemd/xpost/xpost-zenfyr.container
@ -7,6 +7,8 @@ EnvironmentFile=/etc/containers/systemd/xpost/zenfyr.env
 Volume=/var/containers/zenfyr-xpost/data:/app/data:Z,U
 # Security
 NoNewPrivileges=true
+# Resources
+PodmanArgs=--cpus=0.4 --cpu-shares=128

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/yggdrasil/yggdrasil.container
+++ b/beeper/etc/containers/systemd/yggdrasil/yggdrasil.container
@ -11,6 +11,9 @@ Volume=/var/containers/yggdrasil/config:/etc/yggdrasil:ro,Z
 # Security
 NoNewPrivileges=true
 DropCapability=ALL
+# Resources
+Memory=128m
+PodmanArgs=--memory-reservation=128m --cpus=0.2 --cpu-shares=128

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/zitadel/zitadel.container
+++ b/beeper/etc/containers/systemd/zitadel/zitadel.container
@ -13,6 +13,9 @@ PublishPort=127.0.0.1:19241:8080
 Exec=start-from-init --masterkeyFromEnv --tlsMode external
 # Security
 NoNewPrivileges=true
+# Resources
+Memory=512m
+PodmanArgs=--memory-reservation=256m --cpus=0.4 --cpu-shares=256

 [Service]
 Restart=always