Add defensive relay features with rate limiting and connection limits

Implement defensive measures to protect against DoS attacks:
- Add explicit rate limits (500 subscriptions, 60 events/min per connection)
- Add total connection limit (default: 500, configurable via NGIT_MAX_CONNECTIONS)
- Update configuration across all 4 locations (src, nix, docs, .env.example)

Per-IP rate limiting deferred until abuse is detected in production or
implemented in rust-nostr relay-builder to benefit the entire Nostr ecosystem.

Documentation added explaining the defensive features and rationale.
Detailed analysis of other relay implementations preserved in commit history.

1 files changed, 7 insertions, 0 deletions

diff --git a/nix/module.nix b/nix/module.nix
index 09c56c1..4117b6d 100644
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -250,6 +250,12 @@ let
         '';
       };
 
+      maxConnections = mkOption {
+        type = types.int;
+        default = 500;
+        description = "Maximum total connections to the relay";
+      };
+
       user = mkOption {
         type = types.str;
         default = "ngit-grasp-${name}";
@@ -295,6 +301,7 @@ let
       NGIT_REPOSITORY_WHITELIST = concatStringsSep "," cfg.repositoryWhitelist;
       NGIT_REPOSITORY_BLACKLIST = concatStringsSep "," cfg.repositoryBlacklist;
       NGIT_EVENT_BLACKLIST = concatStringsSep "," cfg.eventBlacklist;
+      NGIT_MAX_CONNECTIONS = toString cfg.maxConnections;
       RUST_LOG = cfg.logLevel;
     } // optionalAttrs (cfg.relayName != null) {
       NGIT_RELAY_NAME = cfg.relayName;