summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-12-08 16:32:27 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2021-12-08 16:32:27 +0100
commite70cadf597b5867095238fb5070f0beda6091db5 (patch)
treed14ba1734ed82f7b5787fe08d7dde2c8f7556a54
parent59206a53a272bc8257bc740c9dbc84b545357f5c (diff)
downloadnixos-e70cadf597b5867095238fb5070f0beda6091db5.tar
nixos-e70cadf597b5867095238fb5070f0beda6091db5.tar.gz
nixos-e70cadf597b5867095238fb5070f0beda6091db5.tar.bz2
nixos-e70cadf597b5867095238fb5070f0beda6091db5.tar.xz
nixos-e70cadf597b5867095238fb5070f0beda6091db5.zip
gkleen@sif: ssh proxy: ratelimit
Diffstat
-rw-r--r--accounts/gkleen@sif/systemd.nix10
1 files changed, 10 insertions, 0 deletions
diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index e6133896..c8eda9d0 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -24,7 +24,14 @@ let
24 pid=$! 24 pid=$!
25 25
26 newpid="" 26 newpid=""
27 i=100
27 while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do 28 while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
29 if ! kill -0 "''${pid}"; then
30 wait "''${pid}"
31 exit $?
32 fi
33 [[ "''${i}" -gt 0 ]] || exit 1
34 i=$((''${i} - 1))
28 ${pkgs.coreutils}/bin/sleep 0.1 35 ${pkgs.coreutils}/bin/sleep 0.1
29 done 36 done
30 37
@@ -73,11 +80,14 @@ in {
73 NotifyAccess = "all"; 80 NotifyAccess = "all";
74 WorkingDirectory = "~"; 81 WorkingDirectory = "~";
75 Restart = "always"; 82 Restart = "always";
83 RestartSec = "2s";
76 ExecStart = "${autossh-socks-script} \"%I\""; 84 ExecStart = "${autossh-socks-script} \"%I\"";
77 Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ]; 85 Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];
78 }; 86 };
79 Unit = { 87 Unit = {
80 StopWhenUnneeded = true; 88 StopWhenUnneeded = true;
89 StartLimitInterval = "2s";
90 StartLimitBurst = 5;
81 }; 91 };
82 }; 92 };
83 "proxy-to-autossh-socks@8118" = { 93 "proxy-to-autossh-socks@8118" = {
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-25 07:55:41 +0000