From e70cadf597b5867095238fb5070f0beda6091db5 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 8 Dec 2021 16:32:27 +0100 Subject: gkleen@sif: ssh proxy: ratelimit --- accounts/gkleen@sif/systemd.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix index e6133896..c8eda9d0 100644 --- a/accounts/gkleen@sif/systemd.nix +++ b/accounts/gkleen@sif/systemd.nix @@ -24,7 +24,14 @@ let pid=$! newpid="" + i=100 while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do + if ! kill -0 "''${pid}"; then + wait "''${pid}" + exit $? + fi + [[ "''${i}" -gt 0 ]] || exit 1 + i=$((''${i} - 1)) ${pkgs.coreutils}/bin/sleep 0.1 done @@ -73,11 +80,14 @@ in { NotifyAccess = "all"; WorkingDirectory = "~"; Restart = "always"; + RestartSec = "2s"; ExecStart = "${autossh-socks-script} \"%I\""; Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ]; }; Unit = { StopWhenUnneeded = true; + StartLimitInterval = "2s"; + StartLimitBurst = 5; }; }; "proxy-to-autossh-socks@8118" = { -- cgit v1.2.3