From c0373a22d54aa62f7bbf60ef106ac777b581998d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sat, 4 Jan 2025 11:07:06 +0100
Subject: [PATCH] rate limit wiki

---
 modules/nixos-wiki/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/nixos-wiki/default.nix b/modules/nixos-wiki/default.nix
index ab8a5aa..208bd23 100644
--- a/modules/nixos-wiki/default.nix
+++ b/modules/nixos-wiki/default.nix
@@ -217,9 +217,16 @@ in
       80
     ];
     security.acme.acceptTerms = true;
+    services.nginx.appendHttpConfig = ''
+      limit_req_zone $binary_remote_addr zone=ip:20m rate=5r/s;
+      limit_req_status 429;
+    '';
     services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
       enableACME = lib.mkDefault true;
       forceSSL = lib.mkDefault true;
+      extraConfig = ''
+        limit_req zone=ip burst=20 nodelay;
+      '';
       locations."=/nixos.png".alias = ./nixos.png;
       locations."=/favicon.ico".alias = ./favicon.ico;
       locations."=/robots.txt".alias = ./robots.txt;