releases.grapheneos.org: switch to location-based server names

etc/nftables/nftables-web-fq.conf

@@ -8,12 +8,12 @@ table inet filter {
 
     define ip-allowlist-ssh = {
         {{ssh_ipv4}},
-        172.96.172.37, # 0.releases.grapheneos.org
+        172.96.172.37, # mia.releases.grapheneos.org
     }
 
     define ip6-allowlist-ssh = {
         {{ssh_ipv6}},
-        2605:9880:400:1100:15:1240:515:6e, # 0.releases.grapheneos.org
+        2605:9880:400:1100:15:1240:515:6e, # mia.releases.grapheneos.org
     }
 
     define priority-besteffort = 0

hosts.sh

@@ -17,9 +17,9 @@ declare -Ar hosts_hostname=(
     [1.grapheneos.network]=1-network
     [2.grapheneos.network]=2-network
     [3.grapheneos.network]=3-network
-    [0.releases.grapheneos.org]=0-releases
-    [1.releases.grapheneos.org]=1-releases
-    [3.releases.grapheneos.org]=3-releases
+    [lax.releases.grapheneos.org]=releases-lax
+    [lon.releases.grapheneos.org]=releases-lon
+    [mia.releases.grapheneos.org]=releases-mia
     [staging.attestation.app]=staging-attestation
     [attestation.app]=attestation
     [matrix.grapheneos.org]=matrix
@@ -28,15 +28,15 @@ declare -Ar hosts_hostname=(
 )
 
 declare -Ar hosts_uefi=(
-    [0.releases.grapheneos.org]=true
-    [1.releases.grapheneos.org]=true
-    [3.releases.grapheneos.org]=true
+    [lax.releases.grapheneos.org]=true
+    [lon.releases.grapheneos.org]=true
+    [mia.releases.grapheneos.org]=true
 )
 
 declare -Ar hosts_mdraid=(
-    [0.releases.grapheneos.org]=true
-    [1.releases.grapheneos.org]=true
-    [3.releases.grapheneos.org]=true
+    [lax.releases.grapheneos.org]=true
+    [lon.releases.grapheneos.org]=true
+    [mia.releases.grapheneos.org]=true
 )
 
 declare -Ar hosts_metal=(
@@ -44,9 +44,9 @@ declare -Ar hosts_metal=(
 )
 
 declare -Ar hosts_hardware_watchdog=(
-    [0.releases.grapheneos.org]=true
-    [1.releases.grapheneos.org]=true
-    [3.releases.grapheneos.org]=true
+    [lax.releases.grapheneos.org]=true
+    [lon.releases.grapheneos.org]=true
+    [mia.releases.grapheneos.org]=true
 )
 
 declare -Ar hosts_authorized_keys=(
@@ -62,8 +62,8 @@ declare -Ar hosts_authorized_keys=(
     [1.grapheneos.network]=authorized_keys-replica-grapheneos
     [2.grapheneos.network]=authorized_keys-replica-grapheneos
     [3.grapheneos.network]=authorized_keys-replica-grapheneos
-    [1.releases.grapheneos.org]=authorized_keys-replica-releases
-    [3.releases.grapheneos.org]=authorized_keys-replica-releases
+    [lax.releases.grapheneos.org]=authorized_keys-replica-releases
+    [lon.releases.grapheneos.org]=authorized_keys-replica-releases
     [staging.attestation.app]=authorized_keys-staging-attestation
 )
 
@@ -86,9 +86,9 @@ declare -Ar hosts_firewall=(
     [1.grapheneos.network]=network-fq
     [2.grapheneos.network]=network
     [3.grapheneos.network]=network
-    [0.releases.grapheneos.org]=web-fq
-    [1.releases.grapheneos.org]=web-fq
-    [3.releases.grapheneos.org]=web-fq
+    [lax.releases.grapheneos.org]=web-fq
+    [lon.releases.grapheneos.org]=web-fq
+    [mia.releases.grapheneos.org]=web-fq
     [staging.attestation.app]=attestation-fq
     [attestation.app]=attestation
     [matrix.grapheneos.org]=matrix
@@ -97,9 +97,9 @@ declare -Ar hosts_firewall=(
 )
 
 declare -Ar hosts_swap=(
-    [0.releases.grapheneos.org]=32768
-    [1.releases.grapheneos.org]=32768
-    [3.releases.grapheneos.org]=32768
+    [lax.releases.grapheneos.org]=32768
+    [lon.releases.grapheneos.org]=32768
+    [mia.releases.grapheneos.org]=32768
     [attestation.app]=4096
     [matrix.grapheneos.org]=8192
     [discuss.grapheneos.org]=4096
@@ -107,9 +107,9 @@ declare -Ar hosts_swap=(
 )
 
 declare -Ar hosts_agcount=(
-    [0.releases.grapheneos.org]=24
-    [1.releases.grapheneos.org]=24
-    [3.releases.grapheneos.org]=32
+    [lax.releases.grapheneos.org]=24
+    [lon.releases.grapheneos.org]=32
+    [mia.releases.grapheneos.org]=24
 )
 
 declare -Ar hosts_reserved_ports=(
@@ -122,9 +122,9 @@ declare -Ar hosts_reserved_ports=(
 )
 
 declare -Ar hosts_tcp_wmem_max=(
-    [0.releases.grapheneos.org]=33554432
-    [1.releases.grapheneos.org]=33554432
-    [3.releases.grapheneos.org]=33554432
+    [lax.releases.grapheneos.org]=33554432
+    [lon.releases.grapheneos.org]=33554432
+    [mia.releases.grapheneos.org]=33554432
     [matrix.grapheneos.org]=16777216
 )
 
@@ -136,7 +136,7 @@ declare -Ar hosts_tcp_fastopen=(
     [staging.grapheneos.org]=false
     [1.grapheneos.org]=false
     [1.grapheneos.network]=false
-    [3.releases.grapheneos.org]=false
+    [lon.releases.grapheneos.org]=false
     [staging.attestation.app]=false
 )
 
@@ -159,9 +159,9 @@ declare -Ar hosts_conntrack_size=(
     [1.grapheneos.network]=65536
     [2.grapheneos.network]=131072
     [3.grapheneos.network]=131072
-    [0.releases.grapheneos.org]=12582912
-    [1.releases.grapheneos.org]=12582912
-    [3.releases.grapheneos.org]=8388608
+    [lax.releases.grapheneos.org]=12582912
+    [lon.releases.grapheneos.org]=8388608
+    [mia.releases.grapheneos.org]=12582912
     [staging.attestation.app]=65536
     [attestation.app]=131072
     [matrix.grapheneos.org]=131072
@@ -180,9 +180,9 @@ declare -Ar hosts_journald_system_max_use=(
     [staging.grapheneos.org]=4G
     [1.grapheneos.org]=4G
     [1.grapheneos.network]=4G
-    [0.releases.grapheneos.org]=64G
-    [1.releases.grapheneos.org]=64G
-    [3.releases.grapheneos.org]=64G
+    [lax.releases.grapheneos.org]=64G
+    [lon.releases.grapheneos.org]=64G
+    [mia.releases.grapheneos.org]=64G
     [staging.attestation.app]=4G
 )
 
@@ -191,9 +191,9 @@ declare -Ar hosts_journald_system_max_file_size=(
     [staging.grapheneos.org]=256M
     [1.grapheneos.org]=256M
     [1.grapheneos.network]=256M
-    [0.releases.grapheneos.org]=4G
-    [1.releases.grapheneos.org]=4G
-    [3.releases.grapheneos.org]=4G
+    [lax.releases.grapheneos.org]=4G
+    [lon.releases.grapheneos.org]=4G
+    [mia.releases.grapheneos.org]=4G
     [staging.attestation.app]=256M
 )
 
@@ -216,9 +216,9 @@ declare -Ar hosts_ipv4_address=(
     [1.grapheneos.network]=209.141.37.35
     [2.grapheneos.network]=54.37.41.189
     [3.grapheneos.network]=51.79.161.36
-    [0.releases.grapheneos.org]=172.96.172.37
-    [1.releases.grapheneos.org]=104.194.8.203
-    [3.releases.grapheneos.org]=45.88.230.12
+    [lax.releases.grapheneos.org]=104.194.8.203
+    [lon.releases.grapheneos.org]=45.88.230.12
+    [mia.releases.grapheneos.org]=172.96.172.37
     [staging.attestation.app]=198.98.57.157
     [attestation.app]=51.79.66.27
     [matrix.grapheneos.org]=51.79.51.42
@@ -245,8 +245,8 @@ declare -Ar hosts_ipv6_address=(
     [1.grapheneos.network]=2605:6400:20:387:72d4:dab9:a369:f351
     [2.grapheneos.network]=2001:41d0:304:200::b109
     [3.grapheneos.network]=2402:1f00:8000:800::1949
-    [0.releases.grapheneos.org]=2605:9880:400:1100:15:1240:515:6e
-    [1.releases.grapheneos.org]=2605:9880:200:20::113
+    [lax.releases.grapheneos.org]=2605:9880:200:20::113
+    [mia.releases.grapheneos.org]=2605:9880:400:1100:15:1240:515:6e
     [staging.attestation.app]=2605:6400:10:aa9:1c0f:44d3:da15:c0ec
     [attestation.app]=2607:5300:205:200::7e9
     [matrix.grapheneos.org]=2607:5300:205:200::26e1
@@ -281,7 +281,7 @@ readonly hosts_certbot=(
     mail.grapheneos.org
     staging.grapheneos.org
     0.grapheneos.org
-    0.releases.grapheneos.org
+    mia.releases.grapheneos.org
     staging.attestation.app
     attestation.app
     matrix.grapheneos.org
@@ -293,7 +293,7 @@ readonly hosts_primary=(
     0.ns1.grapheneos.org
     0.ns2.grapheneos.org
     0.grapheneos.org
-    0.releases.grapheneos.org
+    mia.releases.grapheneos.org
 )
 
 readonly hosts_secondary=(
@@ -301,7 +301,7 @@ readonly hosts_secondary=(
     {1..2}.ns2.grapheneos.org
     {1..3}.grapheneos.org
     {0..3}.grapheneos.network
-    {1,3}.releases.grapheneos.org
+    {lax,lon}.releases.grapheneos.org
 )
 
 readonly hosts_backup=(
@@ -324,7 +324,7 @@ readonly hosts_grapheneos_all=(
 )
 
 readonly hosts_releases=(
-    {0,1,3}.releases.grapheneos.org
+    {lax,lon,mia}.releases.grapheneos.org
 )
 
 readonly hosts_attestation=(