From 28168a7701c897a5b6af13bc472d6f5902e0a96d Mon Sep 17 00:00:00 2001
From: DanConwayDev <DanConwayDev@protonmail.com>
Date: Wed, 25 Mar 2026 07:19:26 +0000
Subject: chore: remove arbitrary default max connections limit

When NGIT_MAX_CONNECTIONS is unset the relay imposes no connection cap,
deferring to OS fd limits and infrastructure controls. The option remains
available for operators who want an explicit ceiling.
---
 src/config.rs        |  9 ++++-----
 src/nostr/builder.rs | 13 ++++++++-----
 2 files changed, 12 insertions(+), 10 deletions(-)

(limited to 'src')

diff --git a/src/config.rs b/src/config.rs
index 5c9303c..30e77ab 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -466,10 +466,9 @@ pub struct Config {
     #[arg(long, env = "NGIT_EVENT_BLACKLIST", default_value = "")]
     pub event_blacklist: String,
 
-    /// Maximum total connections to the relay (default: 4096)
-    /// Prevents connection exhaustion DoS attacks
-    #[arg(long, env = "NGIT_MAX_CONNECTIONS", default_value_t = 4096)]
-    pub max_connections: usize,
+    /// Maximum total connections to the relay (default: unlimited, defers to OS/infrastructure limits)
+    #[arg(long, env = "NGIT_MAX_CONNECTIONS")]
+    pub max_connections: Option<usize>,
 
     /// Log level for application logging
     #[arg(long, env = "NGIT_LOG_LEVEL", default_value = "info")]
@@ -755,7 +754,7 @@ impl Config {
             repository_whitelist: String::new(),
             repository_blacklist: String::new(),
             event_blacklist: String::new(),
-            max_connections: 500,
+            max_connections: None,
             log_level: "debug".to_string(),
         }
     }
diff --git a/src/nostr/builder.rs b/src/nostr/builder.rs
index 03132bf..02ba84b 100644
--- a/src/nostr/builder.rs
+++ b/src/nostr/builder.rs
@@ -736,7 +736,7 @@ pub async fn create_relay(
     let write_policy =
         Nip34WritePolicy::new(database.clone(), &git_data_path, purgatory, config.clone());
 
-    let relay = LocalRelayBuilder::default()
+    let mut builder = LocalRelayBuilder::default()
         .database(database.clone())
         .write_policy(write_policy.clone())
         // Explicitly set rate limits (make defaults visible in code)
@@ -744,10 +744,13 @@ pub async fn create_relay(
         .rate_limit(RateLimit {
             max_reqs: 500,        // Max concurrent subscriptions per connection
             notes_per_minute: 60, // Max events per minute per connection
-        })
-        // Total connection limit to prevent DoS attacks
-        .max_connections(config.max_connections)
-        .build();
+        });
+
+    if let Some(max) = config.max_connections {
+        builder = builder.max_connections(max);
+    }
+
+    let relay = builder.build();
 
     tracing::info!(
         "Relay configured with GRASP-01 validation for domain: {}",
-- 
cgit v1.2.3