From 07d610b6f0cda6d0fc5c605a140ec1be16dfe5d3 Mon Sep 17 00:00:00 2001
From: Dustin Frisch <fooker@lab.sh>
Date: Wed, 23 Aug 2023 16:02:48 +0200
Subject: [PATCH] Unlimited locks for cluster users

---
 shared/users.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/shared/users.nix b/shared/users.nix
index 48cb021..8f32a3e 100644
--- a/shared/users.nix
+++ b/shared/users.nix
@@ -1,4 +1,4 @@
-{ lib, config, ... }:
+{ pkgs, lib, config, ... }:
 
 with lib;
 
@@ -43,6 +43,15 @@ in
   security.pam.services."sshd".makeHomeDir = true;
   security.pam.services."systemd-user".makeHomeDir = true;
 
+  security.pam.loginLimits = [
+    {
+      domain = "@cluster";
+      item = "memlock";
+      type = "-";
+      value = "unlimited";
+    }
+  ];
+
   sops.secrets."ldap/login/password" = {
     owner = "nslcd";
     sopsFile = ./secrets.yaml;