From f34f38ef1c0d2e9e5d985d266cfff84e17312fd1 Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Mon, 19 Aug 2019 17:42:30 +0200
Subject: [PATCH 1/4] nixos/systemd: honor default enableCgroupAccounting
 settings

systemd defaults DefaultMemoryAccounting and DefaultTasksAccounting to
yes, so no need to enable explicitly
---
 nixos/modules/system/boot/systemd.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
index 23a2dd45d49..877c608188b 100644
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@@ -806,8 +806,6 @@ in
           DefaultCPUAccounting=yes
           DefaultIOAccounting=yes
           DefaultBlockIOAccounting=yes
-          DefaultMemoryAccounting=yes
-          DefaultTasksAccounting=yes
         ''}
         DefaultLimitCORE=infinity
         ${config.systemd.extraConfig}

From f3a18d4562f30737235997e666ed41d6c2e6235a Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Mon, 19 Aug 2019 17:43:57 +0200
Subject: [PATCH 2/4] nixos/systemd: add new Default{BlockIO,IP}Accounting
 settings

---
 nixos/modules/system/boot/systemd.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
index 877c608188b..5d0783b663d 100644
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@@ -804,8 +804,10 @@ in
         [Manager]
         ${optionalString config.systemd.enableCgroupAccounting ''
           DefaultCPUAccounting=yes
+          DefaultBlockIOAccounting=yes
           DefaultIOAccounting=yes
           DefaultBlockIOAccounting=yes
+          DefaultIPAccounting=yes
         ''}
         DefaultLimitCORE=infinity
         ${config.systemd.extraConfig}

From 0fb17141fb2c8a9d64ada11b7e3082b2b8041d7a Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Mon, 19 Aug 2019 17:50:29 +0200
Subject: [PATCH 3/4] nixos/systemd: enable cgroup accounting by default

If this is the default for OpenShift already, we probably can enable it
as well.

see https://github.com/openshift/machine-config-operator/pull/581
---
 nixos/doc/manual/release-notes/rl-1909.xml | 20 ++++++++++++++------
 nixos/modules/system/boot/systemd.nix      |  2 +-
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml
index b02d99438de..85ad34f6a66 100644
--- a/nixos/doc/manual/release-notes/rl-1909.xml
+++ b/nixos/doc/manual/release-notes/rl-1909.xml
@@ -506,12 +506,20 @@
     been removed.
    </para>
   </listitem>
-   <listitem>
-    <para>
-      The <literal>rmilter</literal> package was removed with associated module and options due deprecation by upstream developer.
-      Use <literal>rspamd</literal> in proxy mode instead.
-    </para>
-   </listitem>
+  <listitem>
+   <para>
+    The <literal>rmilter</literal> package was removed with associated module and options due deprecation by upstream developer.
+    Use <literal>rspamd</literal> in proxy mode instead.
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+     systemd cgroup accounting via the
+     <link linkend="opt-systemd.enableCgroupAccounting">systemd.enableCgroupAccounting</link>
+     option is now enabled by default. It now also enables the more recent Block IO and IP accounting
+     features.
+   </para>
+  </listitem>
   </itemizedlist>
  </section>
 </section>
diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
index 5d0783b663d..2a0360b12cb 100644
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@@ -537,7 +537,7 @@ in
     };
 
     systemd.enableCgroupAccounting = mkOption {
-      default = false;
+      default = true;
       type = types.bool;
       description = ''
         Whether to enable cgroup accounting.

From 6b075ddc8fc02358e5bd4b41cb3c36a691a1f424 Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Mon, 19 Aug 2019 17:59:30 +0200
Subject: [PATCH 4/4] nixos/systemd: add cgroup accounting test

---
 nixos/tests/systemd.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/nixos/tests/systemd.nix b/nixos/tests/systemd.nix
index 3168c026d51..1c201e3b5dc 100644
--- a/nixos/tests/systemd.nix
+++ b/nixos/tests/systemd.nix
@@ -89,5 +89,12 @@ import ./make-test.nix ({ pkgs, ... }: {
      $machine->waitForUnit('multi-user.target');
      $machine->succeed('sysctl net.core.default_qdisc | grep -q "fq_codel"');
    };
+
+   # Test cgroup accounting is enabled
+   subtest "systemd cgroup accounting is enabled", sub {
+     $machine->waitForUnit('multi-user.target');
+     $machine->succeed('systemctl show testservice1.service -p IOAccounting | grep -q "yes"');
+     $machine->succeed('systemctl status testservice1.service | grep -q "CPU:"');
+   };
   '';
 })