Add explicit rate limits and total connection limit

- Make RateLimit explicit in relay builder (500 subs, 60 events/min)
- Add NGIT_MAX_CONNECTIONS config option (default: 500)
- Update all 4 config locations (src, nix, docs, .env.example)
- Fix documentation error: filter limit 5000→500
- Document Phase 2 deferral decision (per-IP enforcement)

Addresses primary DoS vector (connection exhaustion) with minimal code.
Per-IP rate limiting deferred until abuse detected in production.

Related: issue ff38 (git endpoint throttling - separate concern)

1 files changed, 8 insertions, 0 deletions

diff --git a/src/nostr/builder.rs b/src/nostr/builder.rs
index c2de1df..ef1b700 100644
--- a/src/nostr/builder.rs
+++ b/src/nostr/builder.rs
@@ -624,6 +624,14 @@ pub async fn create_relay(
     let relay = LocalRelayBuilder::default()
         .database(database.clone())
         .write_policy(write_policy.clone())
+        // Explicitly set rate limits (make defaults visible in code)
+        // Per-connection limits: 500 max subscriptions, 60 events/min
+        .rate_limit(RateLimit {
+            max_reqs: 500,        // Max concurrent subscriptions per connection
+            notes_per_minute: 60, // Max events per minute per connection
+        })
+        // Total connection limit to prevent DoS attacks
+        .max_connections(config.max_connections)
         .build();
 
     tracing::info!(