---
# resource_limits role — PAM nproc caps + systemd user slice memory limits
#
# Variables (set per-host in host_vars):
#   resource_limit_user:         username to limit (default: tegwick)
#   resource_limit_uid:          UID for systemd user slice (default: 1000)
#   nproc_soft:                  soft nproc limit (default: 512)
#   nproc_hard:                  hard nproc limit (default: 1024)
#   user_memory_max:             systemd MemoryMax (default: 1500M)
#   user_memory_swap_max:        systemd MemorySwapMax (default: 512M)

- name: Set PAM nproc limits
  ansible.builtin.template:
    src: nproc-limits.conf.j2
    dest: /etc/security/limits.d/60-nproc-{{ resource_limit_user | default('tegwick') }}.conf
    owner: root
    group: root
    mode: '0644'

- name: Ensure systemd user slice override directory
  ansible.builtin.file:
    path: "/etc/systemd/system/user-{{ resource_limit_uid | default(1000) }}.slice.d"
    state: directory
    owner: root
    group: root
    mode: '0755'

- name: Set systemd user slice memory limits
  ansible.builtin.template:
    src: user-slice-limits.conf.j2
    dest: "/etc/systemd/system/user-{{ resource_limit_uid | default(1000) }}.slice.d/limits.conf"
    owner: root
    group: root
    mode: '0644'
  notify: Reload systemd daemon