mermet: nginx: sourcephile.fr: git: limits

diff --git a/hosts/mermet/nginx/sourcephile.fr/git.nix b/hosts/mermet/nginx/sourcephile.fr/git.nix
index 2eca8aab823d378b06e9f437f973976bf6b1d6ba..eb7b0078dae0ccccf06e87b9cb94278258815480 100644 (file)
--- a/hosts/mermet/nginx/sourcephile.fr/git.nix
+++ b/hosts/mermet/nginx/sourcephile.fr/git.nix
@@ -14,6 +14,7 @@ in
         levels=1:2
         max_size=32M
         use_temp_path=off;
+      limit_req_zone $binary_remote_addr zone=${domain}_git:10m rate=10r/s;
     '';
     virtualHosts."${srv}.${domain}" = {
       forceSSL = true;
@@ -36,6 +37,7 @@ in
             fastcgi_param PATH_INFO $fastcgi_script_name;
             fastcgi_param GITWEB_CONFIG ${gitweb.gitwebConfigFile};
             fastcgi_pass unix:${gitwebSocket};
+            limit_req zone=${domain}_git burst=12 delay=8;
           '';
         };
         "/static/" = {