From c960ba48d1b84714b29e8fa1157e4ef77d7e848f Mon Sep 17 00:00:00 2001
From: Parker Hoyes <parkerhoyes@users.noreply.github.com>
Date: Fri, 13 Sep 2024 13:08:29 +0000
Subject: [PATCH] nixos/nix-daemon: Enable cgroups delegation (#339310)

When `use-cgroups` is enabled, the nix daemon creates sub-cgroups for the build processes (and itself if NixOS/nix#11412 is merged, see NixOS/nix#9675). `Delegate` should be set to prevent systemd from messing with the nix service's cgroups (https://github.com/systemd/systemd/blob/main/docs/CGROUP_DELEGATION.md) and ensure the OOM killer only targets the offending derivation and not the entire service (NixOS/nix#10374).
---
 nixos/modules/services/system/nix-daemon.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/services/system/nix-daemon.nix b/nixos/modules/services/system/nix-daemon.nix
index 3d44bdac34bf..adadce4f88d6 100644
--- a/nixos/modules/services/system/nix-daemon.nix
+++ b/nixos/modules/services/system/nix-daemon.nix
@@ -198,6 +198,7 @@ in
             IOSchedulingClass = cfg.daemonIOSchedClass;
             IOSchedulingPriority = cfg.daemonIOSchedPriority;
             LimitNOFILE = 1048576;
+            Delegate = "yes";
           };
 
         restartTriggers = [ config.environment.etc."nix/nix.conf".source ];