Add explicit rate limits and total connection limit

- Make RateLimit explicit in relay builder (500 subs, 60 events/min)
- Add NGIT_MAX_CONNECTIONS config option (default: 500)
- Update all 4 config locations (src, nix, docs, .env.example)
- Fix documentation error: filter limit 5000→500
- Document Phase 2 deferral decision (per-IP enforcement)

Addresses primary DoS vector (connection exhaustion) with minimal code.
Per-IP rate limiting deferred until abuse detected in production.

Related: issue ff38 (git endpoint throttling - separate concern)

1 files changed, 6 insertions, 0 deletions

diff --git a/src/config.rs b/src/config.rs
index 0f0d853..0014003 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -469,6 +469,11 @@ pub struct Config {
     /// All events from these authors are blocked from both relay storage and purgatory
     #[arg(long, env = "NGIT_EVENT_BLACKLIST", default_value = "")]
     pub event_blacklist: String,
+
+    /// Maximum total connections to the relay (default: 500)
+    /// Prevents connection exhaustion DoS attacks
+    #[arg(long, env = "NGIT_MAX_CONNECTIONS", default_value_t = 500)]
+    pub max_connections: usize,
 }
 
 impl Config {
@@ -703,6 +708,7 @@ impl Config {
             repository_whitelist: String::new(),
             repository_blacklist: String::new(),
             event_blacklist: String::new(),
+            max_connections: 500,
         }
     }
 }