Skip to content

hydra-proxy: replace abuse handling with anubis#663

Merged
mweinelt merged 2 commits intomainfrom
anubis
Apr 25, 2025
Merged

hydra-proxy: replace abuse handling with anubis#663
mweinelt merged 2 commits intomainfrom
anubis

Conversation

@mweinelt
Copy link
Copy Markdown
Member

@mweinelt mweinelt commented Apr 24, 2025

Closes: #626

@mweinelt mweinelt requested a review from a team as a code owner April 24, 2025 23:01
jfly
jfly approved these changes Apr 24, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@jfly jfly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

style nit, feel free to ignore: I personally like using nix to inject config.services... references to port numbers rather than hardcoding the port number everywhere.

@mweinelt
Copy link
Copy Markdown
Member Author

mweinelt commented Apr 24, 2025

The issue with that is that the BIND variable is a go style bind which can reference a path, a port (:3000) or an ip/port combo.

@mweinelt mweinelt added this pull request to the merge queue Apr 25, 2025
Merged via the queue into main with commit b8ec122 Apr 25, 2025
13 checks passed
@mweinelt mweinelt deleted the anubis branch April 25, 2025 00:22
SuperSandro2000
SuperSandro2000 reviewed Apr 25, 2025
View reviewed changes
Comment thread build/hydra-proxy.nix
networking.firewall.allowedTCPPorts = [
80
443
9001
Copy link
Copy Markdown
Member

@SuperSandro2000 SuperSandro2000 Apr 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we limit that to Prometheus and not make it public?

Copy link
Copy Markdown
Member Author

@mweinelt mweinelt Apr 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Eventually, but up until now all exporters have been publically accessible.

Copy link
Copy Markdown
Member

@SuperSandro2000 SuperSandro2000 Apr 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is not that great.

Depending on the exporter this might be more or less of a problem. Some just expose internal counters but others execute commands on scrape and I am not sure if they have rate limit and if you could cause damage by spamming those endpoints.

This was referenced Apr 28, 2025
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jfly jfly jfly approved these changes

+1 more reviewer

@SuperSandro2000 SuperSandro2000 SuperSandro2000 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Evaluate anubis for hydra.nixos.org

3 participants

@mweinelt @jfly @SuperSandro2000