systemd: Cap resource usage for all services

Signed-off-by: Harsh Shandilya <msfjarvis@gmail.com>

systemd_units/caddy.service

@@ -24,6 +24,10 @@ ReadWriteDirectories=/etc/ssl/caddy
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 NoNewPrivileges=true
+CPUWeight=10
+CPUQuota=10%
+IOWeight=20
+MemorySwapMax=0
 
 [Install]
 WantedBy=multi-user.target

systemd_units/gitea.service

@@ -17,6 +17,10 @@ Restart=always
 Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
 #CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 #AmbientCapabilities=CAP_NET_BIND_SERVICE
+CPUWeight=20
+CPUQuota=25%
+IOWeight=20
+MemorySwapMax=0
 
 [Install]
 WantedBy=multi-user.target

systemd_units/mirror-bot-2.service

@@ -16,6 +16,10 @@ TimeoutStopSec=5s
 PrivateTmp=true
 PrivateDevices=true
 ProtectSystem=full
+CPUWeight=10
+CPUQuota=10%
+IOWeight=20
+MemorySwapMax=0
 
 [Install]
 WantedBy=multi-user.target

systemd_units/mirror-bot.service

@@ -16,6 +16,10 @@ TimeoutStopSec=5s
 PrivateTmp=true
 PrivateDevices=true
 ProtectSystem=full
+CPUWeight=10
+CPUQuota=10%
+IOWeight=20
+MemorySwapMax=0
 
 [Install]
 WantedBy=multi-user.target

systemd_units/uno-bot.service

@@ -15,6 +15,10 @@ TimeoutStopSec=5s
 PrivateTmp=true
 PrivateDevices=false
 ProtectSystem=full
+CPUWeight=10
+CPUQuota=10%
+IOWeight=20
+MemorySwapMax=0
 
 [Install]
 WantedBy=multi-user.target

systemd_units/walls-bot-2.service

@@ -15,6 +15,10 @@ TimeoutStopSec=5s
 PrivateTmp=true
 PrivateDevices=false
 ProtectSystem=full
+CPUWeight=10
+CPUQuota=10%
+IOWeight=20
+MemorySwapMax=0
 
 [Install]
 WantedBy=multi-user.target

systemd_units/walls-bot.service

@@ -15,6 +15,10 @@ TimeoutStopSec=5s
 PrivateTmp=true
 PrivateDevices=false
 ProtectSystem=full
+CPUWeight=10
+CPUQuota=10%
+IOWeight=20
+MemorySwapMax=0
 
 [Install]
 WantedBy=multi-user.target