Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-08-03 12:06:33 -04:00
Code Issues Projects Releases Packages Wiki Activity

reorganize configurations into etc directory

Browse source
This commit is contained in:
Daniel Micay 2025-04-15 12:32:52 -04:00
parent b5fd158374
commit 1f4d7316b8
106 changed files with 18 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

50
etc/systemd/journald.conf Normal file
View file

@ -0,0 +1,50 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file (or a copy of it placed in
# /etc/ if the original file is shipped in /usr/), or by creating "drop-ins" in
# the /etc/systemd/journald.conf.d/ directory. The latter is generally
# recommended. Defaults can be restored by simply deleting the main
# configuration file and all drop-ins located in /etc/.
#
# Use 'systemd-analyze cat-config systemd/journald.conf' to display the full config.
#
# See journald.conf(5) for details.
[Journal]
#Storage=auto
#Compress=yes
#Seal=yes
#SplitMode=uid
#SyncIntervalSec=5m
#RateLimitIntervalSec=30s
#RateLimitBurst=10000
SystemMaxUse={{journald_system_max_use}}
#SystemKeepFree=
SystemMaxFileSize={{journald_system_max_file_size}}
SystemMaxFiles=10000
#RuntimeMaxUse=
#RuntimeKeepFree=
#RuntimeMaxFileSize=
#RuntimeMaxFiles=100
MaxRetentionSec={{journald_max_retention_sec}}
MaxFileSec=1day
#ForwardToSyslog=no
#ForwardToKMsg=no
#ForwardToConsole=no
#ForwardToWall=yes
#TTYPath=/dev/console
#MaxLevelStore=debug
#MaxLevelSyslog=debug
#MaxLevelKMsg=notice
#MaxLevelConsole=info
#MaxLevelWall=emerg
#MaxLevelSocket=debug
#LineMax=48K
#ReadKMsg=yes
#Audit=yes

5
etc/systemd/network/0.grapheneos.network.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:2d:63:3f
[Link]
Name=public

23
etc/systemd/network/0.grapheneos.network.network Normal file
View file

@ -0,0 +1,23 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2607:5300:205:200::2584/128
[Route]
Destination=::/0
Gateway=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::2584
[Route]
Destination=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::2584
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=500M
PriorityQueueingPreset=besteffort

5
etc/systemd/network/0.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:40:35:e3
[Link]
Name=public

23
etc/systemd/network/0.grapheneos.org.network Normal file
View file

@ -0,0 +1,23 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2607:5300:205:200::29c6/128
[Route]
Destination=::/0
Gateway=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::29c6
[Route]
Destination=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::29c6
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=500M
PriorityQueueingPreset=besteffort

5
etc/systemd/network/0.ns2.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=00:16:54:9a:90:82
[Link]
Name=public

33
etc/systemd/network/0.ns2.grapheneos.org.network Normal file
View file

@ -0,0 +1,33 @@
[Match]
Name=public
[Network]
LinkLocalAddressing=no
Address=198.98.53.141/24
Address=2605:6400:10:102e:95bc:89ef:2e7f:49bb/128
[Address]
Address=198.251.90.93/32
[Route]
Destination=0.0.0.0/0
Gateway=198.98.53.1
PreferredSource=198.98.53.141
[Route]
Destination=198.98.53.1
PreferredSource=198.98.53.141
[Route]
Destination=::/0
Gateway=2605:6400:10::1
PreferredSource=2605:6400:10:102e:95bc:89ef:2e7f:49bb
[Route]
Destination=2605:6400:10::1
PreferredSource=2605:6400:10:102e:95bc:89ef:2e7f:49bb
[CAKE]
Bandwidth=1000M
PriorityQueueingPreset=besteffort
SplitGSO=false

5
etc/systemd/network/0.releases.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:97:c5:19
[Link]
Name=public

24
etc/systemd/network/0.releases.grapheneos.org.network Normal file
View file

@ -0,0 +1,24 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2607:5300:205:200::47ea/128
[Route]
Destination=::/0
Gateway=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::47ea
[Route]
Destination=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::47ea
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=2000M
PriorityQueueingPreset=besteffort
SplitGSO=false

5
etc/systemd/network/1.grapheneos.network.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=00:16:ed:7b:89:9b
[Link]
Name=public

30
etc/systemd/network/1.grapheneos.network.network Normal file
View file

@ -0,0 +1,30 @@
[Match]
Name=public
[Network]
LinkLocalAddressing=no
Address=209.141.37.35/24
Address=2605:6400:20:387:72d4:dab9:a369:f351/128
[Route]
Destination=0.0.0.0/0
Gateway=209.141.37.1
PreferredSource=209.141.37.35
[Route]
Destination=209.141.37.1
PreferredSource=209.141.37.35
[Route]
Destination=::/0
Gateway=2605:6400:20::1
PreferredSource=2605:6400:20:387:72d4:dab9:a369:f351
[Route]
Destination=2605:6400:20::1
PreferredSource=2605:6400:20:387:72d4:dab9:a369:f351
[CAKE]
Bandwidth=1000M
PriorityQueueingPreset=besteffort
SplitGSO=false

5
etc/systemd/network/1.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=00:16:fc:5d:d5:ed
[Link]
Name=public

30
etc/systemd/network/1.grapheneos.org.network Normal file
View file

@ -0,0 +1,30 @@
[Match]
Name=public
[Network]
LinkLocalAddressing=no
Address=209.141.35.164/24
Address=2605:6400:20:1131:8088:e08:84e6:632/128
[Route]
Destination=0.0.0.0/0
Gateway=209.141.35.1
PreferredSource=209.141.35.164
[Route]
Destination=209.141.35.1
PreferredSource=209.141.35.164
[Route]
Destination=::/0
Gateway=2605:6400:20::1
PreferredSource=2605:6400:20:1131:8088:e08:84e6:632
[Route]
Destination=2605:6400:20::1
PreferredSource=2605:6400:20:1131:8088:e08:84e6:632
[CAKE]
Bandwidth=1000M
PriorityQueueingPreset=besteffort
SplitGSO=false

5
etc/systemd/network/1.ns2.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=00:16:bf:aa:e3:77
[Link]
Name=public

33
etc/systemd/network/1.ns2.grapheneos.org.network Normal file
View file

@ -0,0 +1,33 @@
[Match]
Name=public
[Network]
LinkLocalAddressing=no
Address=205.185.124.155/24
Address=2605:6400:20:1c8f:a0c9:372d:482e:945b/128
[Address]
Address=198.251.90.93/32
[Route]
Destination=0.0.0.0/0
Gateway=205.185.124.1
PreferredSource=205.185.124.155
[Route]
Destination=205.185.124.1
PreferredSource=205.185.124.155
[Route]
Destination=::/0
Gateway=2605:6400:20::1
PreferredSource=2605:6400:20:1c8f:a0c9:372d:482e:945b
[Route]
Destination=2605:6400:20::1
PreferredSource=2605:6400:20:1c8f:a0c9:372d:482e:945b
[CAKE]
Bandwidth=1000M
PriorityQueueingPreset=besteffort
SplitGSO=false

5
etc/systemd/network/1.releases.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:02:18:e8
[Link]
Name=public

24
etc/systemd/network/1.releases.grapheneos.org.network Normal file
View file

@ -0,0 +1,24 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2607:5300:205:200::2441/128
[Route]
Destination=::/0
Gateway=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::2441
[Route]
Destination=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::2441
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=2000M
PriorityQueueingPreset=besteffort
SplitGSO=false

5
etc/systemd/network/2.grapheneos.network.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:98:41:2c
[Link]
Name=public

23
etc/systemd/network/2.grapheneos.network.network Normal file
View file

@ -0,0 +1,23 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2001:41d0:304:200::b109/128
[Route]
Destination=::/0
Gateway=2001:41d0:304:200::1
PreferredSource=2001:41d0:304:200::b109
[Route]
Destination=2001:41d0:304:200::1
PreferredSource=2001:41d0:304:200::b109
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=500M
PriorityQueueingPreset=besteffort

5
etc/systemd/network/2.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:92:1f:72
[Link]
Name=public

23
etc/systemd/network/2.grapheneos.org.network Normal file
View file

@ -0,0 +1,23 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2001:41d0:304:200::902f/128
[Route]
Destination=::/0
Gateway=2001:41d0:304:200::1
PreferredSource=2001:41d0:304:200::902f
[Route]
Destination=2001:41d0:304:200::1
PreferredSource=2001:41d0:304:200::902f
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=500M
PriorityQueueingPreset=besteffort

5
etc/systemd/network/2.ns2.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=00:16:0b:de:a3:3b
[Link]
Name=public

33
etc/systemd/network/2.ns2.grapheneos.org.network Normal file
View file

@ -0,0 +1,33 @@
[Match]
Name=public
[Network]
LinkLocalAddressing=no
Address=107.189.3.168/24
Address=2605:6400:30:ec25:102c:af6d:5be:1eb8/128
[Address]
Address=198.251.90.93/32
[Route]
Destination=0.0.0.0/0
Gateway=107.189.3.1
PreferredSource=107.189.3.168
[Route]
Destination=107.189.3.1
PreferredSource=107.189.3.168
[Route]
Destination=::/0
Gateway=2605:6400:30::1
PreferredSource=2605:6400:30:ec25:102c:af6d:5be:1eb8
[Route]
Destination=2605:6400:30::1
PreferredSource=2605:6400:30:ec25:102c:af6d:5be:1eb8
[CAKE]
Bandwidth=1000M
PriorityQueueingPreset=besteffort
SplitGSO=false

5
etc/systemd/network/2.releases.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:94:ee:5b
[Link]
Name=public

24
etc/systemd/network/2.releases.grapheneos.org.network Normal file
View file

@ -0,0 +1,24 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2607:5300:205:200::3f46/128
[Route]
Destination=::/0
Gateway=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::3f46
[Route]
Destination=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::3f46
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=2000M
PriorityQueueingPreset=besteffort
SplitGSO=false

5
etc/systemd/network/3.grapheneos.network.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:9a:33:c3
[Link]
Name=public

23
etc/systemd/network/3.grapheneos.network.network Normal file
View file

@ -0,0 +1,23 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2402:1f00:8000:800::1949/128
[Route]
Destination=::/0
Gateway=2402:1f00:8000:800::1
PreferredSource=2402:1f00:8000:800::1949
[Route]
Destination=2402:1f00:8000:800::1
PreferredSource=2402:1f00:8000:800::1949
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=500M
PriorityQueueingPreset=besteffort

5
etc/systemd/network/3.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:ed:88:95
[Link]
Name=public

23
etc/systemd/network/3.grapheneos.org.network Normal file
View file

@ -0,0 +1,23 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2402:1f00:8000:800::16d6/128
[Route]
Destination=::/0
Gateway=2402:1f00:8000:800::1
PreferredSource=2402:1f00:8000:800::16d6
[Route]
Destination=2402:1f00:8000:800::1
PreferredSource=2402:1f00:8000:800::16d6
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=500M
PriorityQueueingPreset=besteffort

5
etc/systemd/network/3.releases.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:21:92:de
[Link]
Name=public

24
etc/systemd/network/3.releases.grapheneos.org.network Normal file
View file

@ -0,0 +1,24 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2607:5300:205:200::5854/128
[Route]
Destination=::/0
Gateway=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::5854
[Route]
Destination=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::5854
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=2000M
PriorityQueueingPreset=besteffort
SplitGSO=false

5
etc/systemd/network/4.releases.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=50:7c:6f:7d:4c:93
[Link]
Name=public

29
etc/systemd/network/4.releases.grapheneos.org.network Normal file
View file

@ -0,0 +1,29 @@
[Match]
Name=public
[Network]
LinkLocalAddressing=no
Address=45.90.185.33/24
Address=2a14:3f87:6920:250::100/60
[Route]
Destination=0.0.0.0/0
Gateway=45.90.185.1
PreferredSource=45.90.185.33
[Route]
Destination=::/0
Gateway=2a14:3f87:6920:250::1
PreferredSource=2a14:3f87:6920:250::100
[Route]
Destination=2a14:3f87:6920:250::1
PreferredSource=2a14:3f87:6920:250::100
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=25000M
PriorityQueueingPreset=besteffort
SplitGSO=false

5
etc/systemd/network/attestation.app.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:03:e1:1a
[Link]
Name=public

23
etc/systemd/network/attestation.app.network Normal file
View file

@ -0,0 +1,23 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2607:5300:205:200::7e9/128
[Route]
Destination=::/0
Gateway=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::7e9
[Route]
Destination=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::7e9
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=1000M
PriorityQueueingPreset=besteffort

5
etc/systemd/network/discuss.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:19:92:33
[Link]
Name=public

23
etc/systemd/network/discuss.grapheneos.org.network Normal file
View file

@ -0,0 +1,23 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2607:5300:205:200::3c4/128
[Route]
Destination=::/0
Gateway=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::3c4
[Route]
Destination=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::3c4
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=1000M
PriorityQueueingPreset=besteffort

5
etc/systemd/network/grapheneos.social.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:45:3b:9c
[Link]
Name=public

23
etc/systemd/network/grapheneos.social.network Normal file
View file

@ -0,0 +1,23 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2607:5300:205:200::5e3f/128
[Route]
Destination=::/0
Gateway=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::5e3f
[Route]
Destination=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::5e3f
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=1000M
PriorityQueueingPreset=besteffort

5
etc/systemd/network/mail.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:ee:8b:bc
[Link]
Name=public

29
etc/systemd/network/mail.grapheneos.org.network Normal file
View file

@ -0,0 +1,29 @@
[Match]
Name=public
[Network]
LinkLocalAddressing=no
Address=192.99.98.22/32
Address=2607:5300:205:200::472f/128
[Route]
Destination=0.0.0.0/0
Gateway=51.79.64.1
PreferredSource=192.99.98.22
[Route]
Destination=51.79.64.1
PreferredSource=192.99.98.22
[Route]
Destination=::/0
Gateway=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::472f
[Route]
Destination=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::472f
[CAKE]
Bandwidth=500M
PriorityQueueingPreset=besteffort

5
etc/systemd/network/matrix.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:67:24:cc
[Link]
Name=public

23
etc/systemd/network/matrix.grapheneos.org.network Normal file
View file

@ -0,0 +1,23 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2607:5300:205:200::26e1/128
[Route]
Destination=::/0
Gateway=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::26e1
[Route]
Destination=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::26e1
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=1000M
PriorityQueueingPreset=besteffort

5
etc/systemd/network/ns1.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=fa:16:3e:2c:22:df
[Link]
Name=public

23
etc/systemd/network/ns1.grapheneos.org.network Normal file
View file

@ -0,0 +1,23 @@
[Match]
Name=public
[Network]
DHCP=ipv4
LinkLocalAddressing=no
Address=2607:5300:205:200::eaa/128
[Route]
Destination=::/0
Gateway=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::eaa
[Route]
Destination=2607:5300:205:200::1
PreferredSource=2607:5300:205:200::eaa
[DHCP]
UseMTU=true
[CAKE]
Bandwidth=500M
PriorityQueueingPreset=besteffort

5
etc/systemd/network/ns1.staging.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=00:16:27:1c:de:4c
[Link]
Name=public

30
etc/systemd/network/ns1.staging.grapheneos.org.network Normal file
View file

@ -0,0 +1,30 @@
[Match]
Name=public
[Network]
LinkLocalAddressing=no
Address=198.98.56.238/24
Address=2605:6400:10:c41:de92:c534:326a:711a/128
[Route]
Destination=0.0.0.0/0
Gateway=198.98.56.1
PreferredSource=198.98.56.238
[Route]
Destination=198.98.56.1
PreferredSource=198.98.56.238
[Route]
Destination=::/0
Gateway=2605:6400:10::1
PreferredSource=2605:6400:10:c41:de92:c534:326a:711a
[Route]
Destination=2605:6400:10::1
PreferredSource=2605:6400:10:c41:de92:c534:326a:711a
[CAKE]
Bandwidth=1000M
PriorityQueueingPreset=besteffort
SplitGSO=false

5
etc/systemd/network/staging.attestation.app.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=00:16:a6:ef:f0:28
[Link]
Name=public

30
etc/systemd/network/staging.attestation.app.network Normal file
View file

@ -0,0 +1,30 @@
[Match]
Name=public
[Network]
LinkLocalAddressing=no
Address=198.98.57.157/24
Address=2605:6400:10:aa9:1c0f:44d3:da15:c0ec/128
[Route]
Destination=0.0.0.0/0
Gateway=198.98.57.1
PreferredSource=198.98.57.157
[Route]
Destination=198.98.57.1
PreferredSource=198.98.57.157
[Route]
Destination=::/0
Gateway=2605:6400:10::1
PreferredSource=2605:6400:10:aa9:1c0f:44d3:da15:c0ec
[Route]
Destination=2605:6400:10::1
PreferredSource=2605:6400:10:aa9:1c0f:44d3:da15:c0ec
[CAKE]
Bandwidth=1000M
PriorityQueueingPreset=besteffort
SplitGSO=false

5
etc/systemd/network/staging.grapheneos.org.link Normal file
View file

@ -0,0 +1,5 @@
[Match]
MACAddress=00:16:54:aa:09:82
[Link]
Name=public

30
etc/systemd/network/staging.grapheneos.org.network Normal file
View file

@ -0,0 +1,30 @@
[Match]
Name=public
[Network]
LinkLocalAddressing=no
Address=199.195.250.78/24
Address=2605:6400:10:9d6:6d84:e183:acda:16d7/128
[Route]
Destination=0.0.0.0/0
Gateway=199.195.250.1
PreferredSource=199.195.250.78
[Route]
Destination=199.195.250.1
PreferredSource=199.195.250.78
[Route]
Destination=::/0
Gateway=2605:6400:10::1
PreferredSource=2605:6400:10:9d6:6d84:e183:acda:16d7
[Route]
Destination=2605:6400:10::1
PreferredSource=2605:6400:10:9d6:6d84:e183:acda:16d7
[CAKE]
Bandwidth=1000M
PriorityQueueingPreset=besteffort
SplitGSO=false

43
etc/systemd/networkd.conf Normal file
View file

@ -0,0 +1,43 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file (or a copy of it placed in
# /etc/ if the original file is shipped in /usr/), or by creating "drop-ins" in
# the /etc/systemd/networkd.conf.d/ directory. The latter is generally
# recommended. Defaults can be restored by simply deleting the main
# configuration file and all drop-ins located in /etc/.
#
# Use 'systemd-analyze cat-config systemd/networkd.conf' to display the full config.
#
# See networkd.conf(5) for details.
[Network]
SpeedMeter=yes
#SpeedMeterIntervalSec=10sec
#ManageForeignRoutingPolicyRules=yes
#ManageForeignRoutes=yes
#ManageForeignNextHops=yes
#RouteTable=
#IPv6PrivacyExtensions=no
#UseDomains=no
[IPv6AcceptRA]
#UseDomains=
[DHCPv4]
#DUIDType=vendor
#DUIDRawData=
#UseDomains=
[DHCPv6]
#DUIDType=vendor
#DUIDRawData=
#UseDomains=
[DHCPServer]
#PersistLeases=yes

29
etc/systemd/sleep.conf Normal file
View file

@ -0,0 +1,29 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file (or a copy of it placed in
# /etc/ if the original file is shipped in /usr/), or by creating "drop-ins" in
# the /etc/systemd/sleep.conf.d/ directory. The latter is generally
# recommended. Defaults can be restored by simply deleting the main
# configuration file and all drop-ins located in /etc/.
#
# Use 'systemd-analyze cat-config systemd/sleep.conf' to display the full config.
#
# See systemd-sleep.conf(5) for details.
[Sleep]
AllowSuspend=no
AllowHibernation=no
#AllowSuspendThenHibernate=yes
#AllowHybridSleep=yes
#SuspendState=mem standby freeze
#HibernateMode=platform shutdown
#MemorySleepMode=
#HibernateDelaySec=
#HibernateOnACPower=yes
#SuspendEstimationSec=60min

84
etc/systemd/system.conf Normal file
View file

@ -0,0 +1,84 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file (or a copy of it placed in
# /etc/ if the original file is shipped in /usr/), or by creating "drop-ins" in
# /etc/systemd/system.conf.d/ directory. The latter is generally recommended.
# Defaults can be restored by simply deleting the main configuration file and
# all drop-ins located in /etc/.
#
# Use 'systemd-analyze cat-config systemd/system.conf' to display the full config.
#
# See systemd-system.conf(5) for details.
[Manager]
#LogLevel=info
#LogTarget=journal-or-kmsg
#LogColor=yes
#LogLocation=no
#LogTime=no
#DumpCore=yes
#ShowStatus=yes
#CrashChangeVT=no
#CrashShell=no
CrashAction=reboot
#CtrlAltDelBurstAction=reboot-force
#CPUAffinity=
#NUMAPolicy=default
#NUMAMask=
RuntimeWatchdogSec=60s
#RuntimeWatchdogPreSec=off
#RuntimeWatchdogPreGovernor=
RebootWatchdogSec=60s
#KExecWatchdogSec=off
#WatchdogDevice=
#CapabilityBoundingSet=
#NoNewPrivileges=no
#ProtectSystem=auto
SystemCallArchitectures=native
#TimerSlackNSec=
#StatusUnitFormat=description
#DefaultTimerAccuracySec=1min
#DefaultStandardOutput=journal
#DefaultStandardError=inherit
#DefaultTimeoutStartSec=90s
#DefaultTimeoutStopSec=90s
#DefaultTimeoutAbortSec=
#DefaultDeviceTimeoutSec=90s
#DefaultRestartSec=100ms
DefaultStartLimitIntervalSec=0
#DefaultStartLimitBurst=5
#DefaultEnvironment=
#DefaultCPUAccounting=yes
DefaultIOAccounting=yes
DefaultIPAccounting=yes
#DefaultMemoryAccounting=yes
#DefaultTasksAccounting=yes
#DefaultTasksMax=15%
#DefaultLimitCPU=
#DefaultLimitFSIZE=
#DefaultLimitDATA=
#DefaultLimitSTACK=
#DefaultLimitCORE=
#DefaultLimitRSS=
#DefaultLimitNOFILE=1024:524288
#DefaultLimitAS=
#DefaultLimitNPROC=
#DefaultLimitMEMLOCK=8M
#DefaultLimitLOCKS=
#DefaultLimitSIGPENDING=
#DefaultLimitMSGQUEUE=
#DefaultLimitNICE=
#DefaultLimitRTPRIO=
#DefaultLimitRTTIME=
#DefaultMemoryPressureThresholdSec=200ms
#DefaultMemoryPressureWatch=auto
#DefaultOOMPolicy=stop
#DefaultSmackProcessLabel=
#ReloadLimitIntervalSec=
#ReloadLimitBurst=

2
etc/systemd/system/-.slice.d/override.conf Normal file
View file

@ -0,0 +1,2 @@
[Slice]
ManagedOOMSwap=kill

3
etc/systemd/system/attestation.service.d/override.conf Normal file
View file

@ -0,0 +1,3 @@
[Service]
IPAddressAllow={{ipv4_address}}
IPAddressAllow={{ipv6_address}}

57
etc/systemd/system/certbot-ocsp-fetcher.service Normal file
View file

@ -0,0 +1,57 @@
[Unit]
Description=Fetch OCSP responses for all certificates issued with Certbot
[Service]
Type=oneshot
Restart=on-failure
CacheDirectory=%N
User=root
Group=root
ExecStart=%N --no-reload-webserver
ExecStartPost=systemctl reload nginx.service
RestartSec=5
PrivateDevices=true
PrivateTmp=yes
PrivateUsers=yes
PrivateIPC=true
NoNewPrivileges=true
LockPersonality=true
CapabilityBoundingSet=
ProtectHome=yes
ProtectControlGroups=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectClock=true
ProtectProc=invisible
ProcSubset=pid
ProtectHostname=true
RemoveIPC=true
RestrictAddressFamilies=AF_INET6 AF_INET AF_UNIX
MemoryDenyWriteExecute=true
RestrictRealtime=true
RestrictNamespaces=true
RestrictSUIDSGID=true
DevicePolicy=strict
DeviceAllow=/dev/random r
DeviceAllow=/dev/urandom r
DeviceAllow=/dev/stdin r
DeviceAllow=/dev/stdout r
DeviceAllow=/dev/null w
ProtectSystem=strict
InaccessiblePaths=/root/
ReadOnlyPaths=/etc/letsencrypt
UMask=0077
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@clock @debug @module @mount @reboot @swap @resources @cpu-emulation @raw-io @obsolete @keyring @privileged

10
etc/systemd/system/certbot-ocsp-fetcher.timer Normal file
View file

@ -0,0 +1,10 @@
[Unit]
Description=Nightly run %N
[Timer]
OnCalendar=*-*-* 01:00:00
RandomizedDelaySec=21600
Persistent=true
[Install]
WantedBy=timers.target

29
etc/systemd/system/certbot-renew.service.d/override.conf Normal file
View file

@ -0,0 +1,29 @@
[Service]
CapabilityBoundingSet=
CPUSchedulingPolicy=batch
ExecStart=
ExecStart=/usr/bin/certbot -q renew --no-random-sleep-on-renew --max-log-backups 0
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
PrivateIPC=true
PrivateUsers=true
ProcSubset=pid
ProtectClock=true
ProtectControlGroups=true
ProtectHome=read-only
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
ReadWritePaths=/etc/letsencrypt /var/lib/letsencrypt /var/log/letsencrypt -/srv/certbot -/var/cache/certbot-ocsp-fetcher
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@resources @obsolete

9
etc/systemd/system/chronyd.service.d/override.conf Normal file
View file

@ -0,0 +1,9 @@
[Service]
NoNewPrivileges=yes
ReadWritePaths=
ReadWritePaths=/run /var/lib/chrony -/var/log
Restart=always
RestartMaxDelaySec=10s
RestartSec=100ms
RestartSteps=5
RestrictAddressFamilies=~AF_NETLINK

7
etc/systemd/system/fstrim.service.d/override.conf Normal file
View file

@ -0,0 +1,7 @@
[Unit]
Wants=xfs_fsr.service
After=xfs_fsr.service
[Service]
CPUSchedulingPolicy=idle
IOSchedulingClass=idle

6
etc/systemd/system/fstrim.timer.d/override.conf Normal file
View file

@ -0,0 +1,6 @@
[Unit]
Description=Discard unused filesystem blocks once a day
[Timer]
OnCalendar=
OnCalendar=daily

11
etc/systemd/system/nginx-create-session-ticket-keys.service Normal file
View file

@ -0,0 +1,11 @@
[Unit]
Description=Create nginx TLS session ticket keys
Before=nginx.service
[Service]
ExecStart=/usr/local/bin/nginx-create-session-ticket-keys
Type=oneshot
UMask=0077
[Install]
WantedBy=multi-user.target

9
etc/systemd/system/nginx-rotate-session-ticket-keys.service Normal file
View file

@ -0,0 +1,9 @@
[Unit]
Description=Rotate nginx TLS session ticket keys
After=nginx.service nginx-create-session-ticket-keys.service
Requires=nginx.service nginx-create-session-ticket-keys.service
[Service]
ExecStart=/usr/local/bin/nginx-rotate-session-ticket-keys
Type=oneshot
UMask=0077

8
etc/systemd/system/nginx-rotate-session-ticket-keys.timer Normal file
View file

@ -0,0 +1,8 @@
[Unit]
Description=Run nginx-rotate-session-ticket-keys three times daily
[Timer]
OnCalendar=0/8:00:00
[Install]
WantedBy=timers.target

30
etc/systemd/system/nginx.service.d/override.conf Normal file
View file

@ -0,0 +1,30 @@
[Service]
CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_NET_BIND_SERVICE CAP_SETUID CAP_SETGID
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateIPC=true
ProcSubset=pid
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
ReadWritePaths=/var/lib/nginx /var/log/nginx -/var/cache/nginx
Restart=always
RestartMaxDelaySec=10s
RestartSec=100ms
RestartSteps=5
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
RuntimeDirectory=nginx
RuntimeDirectoryMode=700
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@obsolete

2
etc/systemd/system/plocate-updatedb.service.d/override.conf Normal file
View file

@ -0,0 +1,2 @@
[Service]
CPUSchedulingPolicy=idle

3
etc/systemd/system/sshd.service.d/override.conf Normal file
View file

@ -0,0 +1,3 @@
[Service]
LimitNOFILE=8192
ManagedOOMPreference=avoid

7
etc/systemd/system/sysstat-collect.timer.d/override.conf Normal file
View file

@ -0,0 +1,7 @@
[Unit]
Description=Run system activity accounting tool every minute
[Timer]
AccuracySec=1us
OnCalendar=
OnCalendar=minutely

3
etc/systemd/system/system.slice.d/override.conf Normal file
View file

@ -0,0 +1,3 @@
[Slice]
MemoryLow=64M
MemoryMin=64M

2
etc/systemd/system/systemd-boot-update.service.d/local.conf Normal file
View file

@ -0,0 +1,2 @@
[Service]
Environment=SYSTEMD_RELAX_ESP_CHECKS=1

5
etc/systemd/system/unbound.service.d/override.conf Normal file
View file

@ -0,0 +1,5 @@
[Service]
Restart=always
RestartMaxDelaySec=10s
RestartSec=100ms
RestartSteps=5

12
etc/systemd/system/xfs_fsr.service Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=XFS filesystem reorganization
[Service]
CPUSchedulingPolicy=idle
ExecStart=/usr/bin/xfs_fsr -f /var/lib/.fsrlast
IOSchedulingClass=idle
IPAddressDeny=any
MemoryDenyWriteExecute=true
PrivateIPC=true
PrivateNetwork=true
Type=oneshot