From 5b8ccc8a6cced989910f3a7c2e28ec5669d9d85d Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Thu, 1 Jun 2023 21:17:35 +0200
Subject: [PATCH] gitlab: Bypass rate limiting for gemini

We do not want our packagers on gemini to hit the rate-limit.
---
 roles/gitlab/tasks/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/gitlab/tasks/main.yml b/roles/gitlab/tasks/main.yml
index 66a99ac07..cbd251540 100644
--- a/roles/gitlab/tasks/main.yml
+++ b/roles/gitlab/tasks/main.yml
@@ -34,6 +34,7 @@
         registry_external_url 'https://registry.archlinux.org'
         nginx['client_max_body_size'] = '10g'
         nginx['listen_addresses'] = {{ gitlab_primary_addresses }}
+        nginx['custom_gitlab_server_config'] = "set $bypass 0;\nif ($remote_addr = \"{{ hostvars['gemini.archlinux.org']['ipv4_address'] }}\") {\nset $bypass 1;\n}\nif ($remote_addr = \"{{hostvars['gemini.archlinux.org']['ipv6_address']}}\") {\nset $bypass 1;\n}\nproxy_set_header Gitlab-Bypass-Rate-Limiting $bypass;\n"
         registry_nginx['listen_addresses'] = {{ gitlab_primary_addresses }}
         gitlab_pages['inplace_chroot'] = true
         pages_external_url "http://{{ gitlab_domain }}"
@@ -45,6 +46,7 @@
         gitlab_pages['env'] = {'FF_ENFORCE_IP_RATE_LIMITS' => 'true'}
         letsencrypt['enable'] = true
         letsencrypt['contact_emails'] = ['webmaster@archlinux.org']
+        gitlab_rails['env'] = {'GITLAB_THROTTLE_BYPASS_HEADER' => 'Gitlab-Bypass-Rate-Limiting'}
         gitlab_rails['lfs_enabled'] = true
         gitlab_rails['gitlab_username_changing_enabled'] = false
         gitlab_rails['initial_root_password'] = "{{ vault_gitlab_root_password }}"
-- 
GitLab