89f2987f1e
- User slice: MemoryMax 80%, TasksMax 500, CPUWeight 100 - CPU watchdog: detects sustained abuse (>180% for 5 min), kills user - Fixed scripts for NixOS (shebang, PATH) - Closes ops-jrz1-8m7, ops-jrz1-1bk 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
39 lines
839 B
Bash
Executable file
39 lines
839 B
Bash
Executable file
#!/run/current-system/sw/bin/bash
|
|
# killswitch - Immediately terminate all processes for a user
|
|
# Usage: killswitch <username> [reason]
|
|
|
|
set -euo pipefail
|
|
|
|
# NixOS paths
|
|
PATH="/run/current-system/sw/bin:$PATH"
|
|
|
|
if [ $# -lt 1 ]; then
|
|
echo "Usage: killswitch <username> [reason]" >&2
|
|
exit 1
|
|
fi
|
|
|
|
USER="$1"
|
|
REASON="${2:-manual kill}"
|
|
|
|
if ! id "$USER" &>/dev/null; then
|
|
echo "User not found: $USER" >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Don't allow killing root or system users
|
|
UID_NUM=$(id -u "$USER")
|
|
if [ "$UID_NUM" -lt 1000 ]; then
|
|
echo "Refusing to kill system user: $USER (uid $UID_NUM)" >&2
|
|
exit 1
|
|
fi
|
|
|
|
logger -t killswitch "Killing all processes for $USER: $REASON"
|
|
|
|
# Kill all processes
|
|
pkill -u "$USER" 2>/dev/null || true
|
|
|
|
# Terminate login session
|
|
loginctl terminate-user "$USER" 2>/dev/null || true
|
|
|
|
echo "Killed $USER: $REASON"
|