docs: add resource limits guide for low-RAM devices

- README: new section explaining WG_MEM_LIMIT / WG_MEMSWAP_LIMIT with per-RAM-tier values and host swap configuration for SBC boards - CLAUDE.md: simplify resource limits table, drop device-specific measurements, reference README for per-board guidance - .env.example: update comments with per-tier values and OOM warning Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-07 08:22:43 +02:00
parent 4d8eb01e4c
commit fc5d6209c1
3 changed files with 41 additions and 9 deletions
@@ -17,11 +17,17 @@ WG_UI_PORT=51821
 # --- OPZIONALI — Limiti risorse container (SBC) ---
 # Decommenta e adatta alla RAM disponibile:
-#   512 MB RAM → WG_MEM_LIMIT=128m
+#   512 MB RAM (RPi 3B)   → WG_MEM_LIMIT=96m   (reale: ~37 MB, 96 m è già doppio)
-#   1 GB RAM   → WG_MEM_LIMIT=256m  (default)
+#   1 GB RAM   (RPi 3B+)  → WG_MEM_LIMIT=128m
-#   2 GB+ RAM  → WG_MEM_LIMIT=384m
+#   2 GB+ RAM  (RPi 4/5)  → WG_MEM_LIMIT=256m  (default)
 # Tenere WG_MEMSWAP_LIMIT = WG_MEM_LIMIT per disabilitare lo swap del container.
 # Su single-core (Pi Zero / Pi 1) impostare WG_CPUS=0.75.
 #
 # ATTENZIONE — RPi 3 con uptime lungo: il processo Node.js può crescere nel
 # tempo. Con 1 GB di RAM totale e OS+Docker che occupano ~350 MB, un limite
 # di 256 m lascia pochissimo margine; il kernel OOM-killa SSH prima del
 # container. Usare 96-128 m e assicurarsi che lo swap host sia >= 512 MB
 # (vedi CLAUDE.md §SBC per il comando).
 # WG_MEM_LIMIT=256m
 # WG_MEMSWAP_LIMIT=256m
 # WG_CPUS=1.0
@@ -60,12 +60,12 @@ Affects mostly SBC boards with custom BSP kernels, but can occur on any host whe
 The `wg-init` service handles this automatically: it runs `modprobe ip6_tables ip6table_nat` (with `SYS_MODULE` cap and `/lib/modules` bind-mounted read-only) before wg-easy starts. Failures are silenced (`|| true`) so the setup works on kernels where these modules are built-in or unavailable.
-**Resource limits** (`docker-compose.yml`):
+**Resource limits** (override via `.env`):
-| Variable | Default | Purpose |
+| Variable | Default | Notes |
 |---|---|---|
-| `WG_MEM_LIMIT` | `256m` | Hard memory cap for wg-easy |
+| `WG_MEM_LIMIT` | `256m` | Hard cap for the wg-easy container |
-| `WG_MEMSWAP_LIMIT` | `256m` | Disables swap (swap = mem limit) |
+| `WG_MEMSWAP_LIMIT` | `256m` | Keep equal to `WG_MEM_LIMIT` to disable container swap |
-| `WG_CPUS` | `1.0` | CPU share (1 core) |
+| `WG_CPUS` | `1.0` | `0.75` on single-core boards (Pi Zero, Pi 1) |
-Lower `WG_MEM_LIMIT` to `128m` on boards with less than 1 GB RAM. Do not set it below `96m` or the Node.js runtime will OOM-kill on startup.
+The limit exists to prevent Node.js from slowly growing over long uptime and triggering the host OOM-killer (symptom: SSH becomes unreachable). Do not go below `96m` or the runtime OOM-kills on startup. See README §Dispositivi a risorse limitate for per-board guidance and swap configuration.
@@ -75,6 +75,32 @@ vpn/
 ---
 ## Dispositivi a risorse limitate (SBC)
 Su board con poca RAM (≤ 1 GB) il processo Node.js di wg-easy può crescere nel tempo e far sì che il kernel OOM-killi altri processi di sistema — SSH compreso. Per evitarlo, decommenta e adatta questi valori nel tuo `.env`:
 ```ini
 # Board con 512 MB RAM
 WG_MEM_LIMIT=96m
 WG_MEMSWAP_LIMIT=96m
 # Board con 1 GB RAM
 WG_MEM_LIMIT=128m
 WG_MEMSWAP_LIMIT=128m
 ```
 Tieni `WG_MEMSWAP_LIMIT` uguale a `WG_MEM_LIMIT` per disabilitare lo swap del container: quando il container raggiunge il limite viene riavviato da Docker invece di consumare swap di sistema.
 Assicurati anche che lo swap dell'host sia almeno 512 MB. Su Raspberry Pi OS il default è 100 MB — per aumentarlo:
 ```bash
 sudo dphys-swapfile swapoff
 sudo sed -i 's/CONF_SWAPSIZE=100/CONF_SWAPSIZE=512/' /etc/dphys-swapfile
 sudo dphys-swapfile setup && sudo dphys-swapfile swapon
 ```
 ---
 ## Aggiornare wg-easy
 Esegui mensilmente per ricevere patch di sicurezza: