Unnamed repository; edit this file 'description' to name the repository. https://upleb.uk/npub1tkq8unhsd5jqx6ueex5lcpsgknrpquxuk44ftpjlpm3ulaake7xs76txrw/ngit-grasp-mirror/atom?h=master 2026-04-10T20:39:10+00:00 2026-04-10T20:39:10+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-04-10T20:15:58+00:00 urn:sha1:dd9a69e6fe79e866004ed7366093bf82030b02eb 2026-03-25T07:19:26+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-03-25T07:19:26+00:00 urn:sha1:28168a7701c897a5b6af13bc472d6f5902e0a96d When NGIT_MAX_CONNECTIONS is unset the relay imposes no connection cap, deferring to OS fd limits and infrastructure controls. The option remains available for operators who want an explicit ceiling. 2026-02-25T15:07:40+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-02-25T15:07:40+00:00 urn:sha1:5ad9d9093fcbe7037e5474a9d8fa20a0b64fb79a 2026-01-27T20:38:15+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-26T16:17:55+00:00 urn:sha1:1ae97cd85aec95f6270f853b28e48774cefc6bf6 Add proper log level configuration following standard approach: - CLI flag: --log-level <level> - Environment variable: NGIT_LOG_LEVEL - Default: info - Supports simple levels (error, warn, info, debug, trace) - Supports filter expressions (e.g., ngit_grasp=debug,actix_web=info) Configuration is now consistent across all four sources: 1. src/config.rs - Config struct with log_level field 2. docs/reference/configuration.md - Full documentation 3. nix/module.nix - NixOS module with logLevel option 4. .env.example - Example configuration file This replaces the previous RUST_LOG approach with proper integration into the ngit-grasp configuration system, enabling trace logging from CLI, environment variables, or NixOS configuration. 2026-01-21T15:17:10+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-21T15:17:10+00:00 urn:sha1:7da6c0c601d276340fada02d4bd45080d927a16b The main service uses ReadWritePaths for security hardening, but systemd requires these paths to exist BEFORE setting up the mount namespace. ExecStartPre runs AFTER namespace setup, so it cannot create the directories. This fix adds a separate oneshot setup service (ngit-grasp-{name}-setup) that: - Runs before the main service without namespace restrictions - Creates dataDir and subdirectories (git/, relay/) with mkdir -p - Sets proper ownership (user:group) and permissions (750) - Uses RemainAfterExit so it only runs once per boot The main service now depends on the setup service via requires/after. Fixes: 'Failed to set up mount namespacing: /path: No such file or directory' 2026-01-21T15:13:45+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-21T15:13:45+00:00 urn:sha1:81ef29e8589ac4e10b6f67b4ab4049645f05c020 The tmpfiles.rules now explicitly creates the parent directory of dataDir with root:root ownership and 0755 permissions before creating the service-owned directories. This ensures the directory hierarchy exists even if parent directories are missing. While systemd-tmpfiles should create parent directories automatically, this makes the behavior explicit and ensures proper permissions on the immediate parent directory. 2026-01-21T13:38:11+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-21T13:28:37+00:00 urn:sha1:46fbcc0a4c8a8dbf6cd345d6eaa6fe33a82100bb Enables relay operators to backup/archive specific GRASP servers by domain. Includes configuration, validation, documentation, and integration tests. 2026-01-20T07:43:02+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-20T07:43:02+00:00 urn:sha1:f93fc0a691544cc3ddda322a7e99d0534d636dcc Add ExecStartPre directives to ensure data directories exist before service starts. This fixes service failures when using custom dataDir paths that don't exist yet. The tmpfiles.rules weren't automatically executed during nixos-rebuild switch, causing 'status=226/NAMESPACE' errors. ExecStartPre runs as root (+ prefix) to create directories with proper ownership/permissions. 2026-01-19T15:03:59+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-16T20:55:38+00:00 urn:sha1:16833501a1004a5a661a729e4fd2dbcbeaecd1d5 Increases connection limit across all configuration sources: - src/config.rs: default_value_t = 4096 - docs/reference/configuration.md: updated default and examples - nix/module.nix: maxConnections default = 4096 - .env.example: updated default and comment This allows the relay to handle more concurrent connections and reduces the likelihood of connection exhaustion under normal load. The previous limit of 2000 was too conservative for production deployments. 2026-01-14T13:40:03+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-14T11:42:05+00:00 urn:sha1:50000cd9d47681390c3c45feef98fe51c7b79a0f - Make RateLimit explicit in relay builder (500 subs, 60 events/min) - Add NGIT_MAX_CONNECTIONS config option (default: 500) - Update all 4 config locations (src, nix, docs, .env.example) - Fix documentation error: filter limit 5000→500 - Document Phase 2 deferral decision (per-IP enforcement) Addresses primary DoS vector (connection exhaustion) with minimal code. Per-IP rate limiting deferred until abuse detected in production. Related: issue ff38 (git endpoint throttling - separate concern)