From e70cadf597b5867095238fb5070f0beda6091db5 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 8 Dec 2021 16:32:27 +0100
Subject: gkleen@sif: ssh proxy: ratelimit

---
 accounts/gkleen@sif/systemd.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'accounts/gkleen@sif')

diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix
index e6133896..c8eda9d0 100644
--- a/accounts/gkleen@sif/systemd.nix
+++ b/accounts/gkleen@sif/systemd.nix
@@ -24,7 +24,14 @@ let
     pid=$!
 
     newpid=""
+    i=100
     while ! newpid=$(${pkgs.lsof}/bin/lsof -Pi @localhost:"''${port}" -sTCP:LISTEN -t); do
+      if ! kill -0 "''${pid}"; then
+        wait "''${pid}"
+        exit $?
+      fi
+      [[ "''${i}" -gt 0 ]] || exit 1
+      i=$((''${i} - 1))
       ${pkgs.coreutils}/bin/sleep 0.1
     done
 
@@ -73,11 +80,14 @@ in {
         NotifyAccess = "all";
         WorkingDirectory = "~";
         Restart = "always";
+        RestartSec = "2s";
         ExecStart = "${autossh-socks-script} \"%I\"";
         Environment = [ "SSHPASS_SECRET=gkleen@mathw0g.math.lmu.de" ];
       };
       Unit = {
         StopWhenUnneeded = true;
+        StartLimitInterval = "2s";
+        StartLimitBurst = 5;
       };
     };
     "proxy-to-autossh-socks@8118" = {
-- 
cgit v1.2.3