From 50000cd9d47681390c3c45feef98fe51c7b79a0f Mon Sep 17 00:00:00 2001
From: DanConwayDev <DanConwayDev@protonmail.com>
Date: Wed, 14 Jan 2026 11:42:05 +0000
Subject: Add explicit rate limits and total connection limit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Make RateLimit explicit in relay builder (500 subs, 60 events/min)
- Add NGIT_MAX_CONNECTIONS config option (default: 500)
- Update all 4 config locations (src, nix, docs, .env.example)
- Fix documentation error: filter limit 5000→500
- Document Phase 2 deferral decision (per-IP enforcement)

Addresses primary DoS vector (connection exhaustion) with minimal code.
Per-IP rate limiting deferred until abuse detected in production.

Related: issue ff38 (git endpoint throttling - separate concern)
---
 nix/module.nix | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'nix/module.nix')

diff --git a/nix/module.nix b/nix/module.nix
index 09c56c1..4117b6d 100644
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -250,6 +250,12 @@ let
         '';
       };
 
+      maxConnections = mkOption {
+        type = types.int;
+        default = 500;
+        description = "Maximum total connections to the relay";
+      };
+
       user = mkOption {
         type = types.str;
         default = "ngit-grasp-${name}";
@@ -295,6 +301,7 @@ let
       NGIT_REPOSITORY_WHITELIST = concatStringsSep "," cfg.repositoryWhitelist;
       NGIT_REPOSITORY_BLACKLIST = concatStringsSep "," cfg.repositoryBlacklist;
       NGIT_EVENT_BLACKLIST = concatStringsSep "," cfg.eventBlacklist;
+      NGIT_MAX_CONNECTIONS = toString cfg.maxConnections;
       RUST_LOG = cfg.logLevel;
     } // optionalAttrs (cfg.relayName != null) {
       NGIT_RELAY_NAME = cfg.relayName;
-- 
cgit v1.2.3