privatevoid.net/depot
1
1
Fork 0
Code Issues 25 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

VEGAS/hydra: expose push API with rate limiting

Browse source
This commit is contained in:
Max Headroom 2021-12-03 23:54:06 +01:00
parent 906d2aa99a
commit 89476da4c7
1 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
hosts/VEGAS/services/hydra/default.nix
View file

@ -33,7 +33,21 @@ in
reservePortsFor = [ "hydra" ];
services.nginx.virtualHosts."hydra.${domain}" = tools.nginx.vhosts.proxy "http://127.0.0.1:${config.portsStr.hydra}";
services.nginx.appendHttpConfig = ''
limit_req_zone $binary_remote_addr zone=hydra_api_push_limiter:10m rate=1r/m;
'';
services.nginx.virtualHosts."hydra.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy "http://127.0.0.1:${config.portsStr.hydra}") {
locations."/api/push" = {
proxyPass = "http://127.0.0.1:${config.portsStr.hydra}";
extraConfig = ''
auth_request off;
proxy_method PUT;
limit_req zone=hydra_api_push_limiter burst=3 nodelay;
limit_req_status 429;
'';
};
};
services.oauth2_proxy.nginx.virtualHosts = [ "hydra.${domain}" ];