feat(nubus): Allow configuration of limits for password reset requests via security.passwordResetLimits

2025-12-06 07:21:36 +01:00 · 2025-07-30 17:49:25 +02:00
parent 1320ac3c6c
commit 883b0283f4
2 changed files with 12 additions and 0 deletions
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -113,6 +113,11 @@ global:
          token_validity_period: 172800
          blacklist:
            groups: __DELETE_KEY__
+          limit:
+            total:
+              day: {{ .Values.security.passwordResetLimits.day }}
+              hour: {{ .Values.security.passwordResetLimits.hour }}
+              minute: {{ .Values.security.passwordResetLimits.minute }}

 ingress:
  annotations:
--- a/helmfile/environments/default/security.yaml.gotmpl
+++ b/helmfile/environments/default/security.yaml.gotmpl
@@ -12,4 +12,11 @@ security:
      matchLabels:
        app.kubernetes.io/name: "ingress-nginx"
    namespace: "ingress-nginx"
+
+  # Global limits for how often a password reset action can be requested.
+  # Defaults are taken from the nubus stack-data-ums chart and should work with most small to medium installations
+  passwordResetLimits:
+    day: 1000
+    hour: 200
+    minute: 120
 ...