motiejus/config

NixOS config
git clone https://git.jakstys.lt/motiejus/config.git
Log | Tree | Refs | README | LICENSE

commit 10da8b72cae57a67c2ed83a0630340a6cb4c7c72 (tree)
parent 60dc09bd8b5a06ffa420d2a6ff248dc14f9429f1
Author: Motiejus Jakštys <motiejus@jakstys.lt>
Date:   Sun,  3 May 2026 20:22:51 +0000

trying to throttle caddy/gitea

Diffstat:
Mdata.nix | 2+-
Mmodules/services/gitea/default.nix | 18++++++++++++++++--
2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/data.nix b/data.nix @@ -113,7 +113,7 @@ rec { ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHlWSZ/H6DR5i5aCrlrEQLVF9MXNvls/pjlLPLaav3f+"; publicIP = "185.104.176.238"; - jakstIP = "100.89.176.6"; + jakstIP = "100.89.176.13"; vno1IP = "192.168.189.10"; }; "mtworx.jakst.vpn" = rec { diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix @@ -25,7 +25,7 @@ }; # bots - systemd.services.gitea.serviceConfig.CPUQuota = "50%"; + #systemd.services.gitea.serviceConfig.CPUQuota = "50%"; services = { gitea = { @@ -81,6 +81,8 @@ caddy = { virtualHosts."git.jakstys.lt".extraConfig = '' + @trusted remote_ip 127.0.0.0/8 192.168.0.0/16 100.100.0.0/16 + route /static/assets/* { uri strip_prefix /static file_server * { @@ -99,7 +101,19 @@ Alt-Svc "h3=\":443\"; ma=86400" } - reverse_proxy 127.0.0.1:${toString myData.ports.gitea} + #reverse_proxy 127.0.0.1:${toString myData.ports.gitea} + + handle @trusted { + reverse_proxy 127.0.0.1:${toString myData.ports.gitea} + } + + handle { + reverse_proxy 127.0.0.1:${toString myData.ports.gitea} { + transport http { + max_conns_per_host 1 + } + } + } ''; }; };