Updates to the server and first rate limiting attempts

2026-01-06 17:44:17 +01:00 · 2026-01-06 17:44:17 +01:00 · e91c83f572
commit e91c83f572
parent c8a103ea43
4 changed files with 34 additions and 11 deletions
--- a/hosts/zora/networking.nix
+++ b/hosts/zora/networking.nix
@ -50,4 +50,22 @@
      };
    };
  };
+
+  # Imposing a bandwidth limit to avoid Aurore/Crans disruptions
+  networking.nftables = {
+    tables.rate_limit = {
+      name = "rate_limit";
+      family = "inet";
+      enable = true;
+      content = ''
+        limit lim  { rate over 20 mbytes/second burst 1 gbytes ; comment "use to limit taffic" ; }
+
+        chain IN {
+          type filter hook input priority filter; policy drop;
+          tcp dport 80 limit name "lim" accept
+          tcp dport 443 limit name "lim" accept
+        }
+      '';
+    };
+  };
 }