add 8.releases.grapheneos.org server

2025-07-26 00:05:17 -04:00 · 2025-04-02 14:47:25 -04:00 · 2025-04-02 14:47:25 -04:00 · 4dfae68196
commit 4dfae68196
parent 3746befc4e
6 changed files with 101 additions and 4 deletions
--- a/fstab.metal
+++ b/fstab.metal
@ -0,0 +1,5 @@
+/dev/md/root / xfs defaults 0 0
+/dev/md/boot /boot vfat rw,nosuid,nodev,noexec,fmask=0077,dmask=0077 0 2
+
+/dev/mapper/swap none swap defaults 0 0
+tmpfs /etc/nginx/session-ticket-keys tmpfs size=1M,mode=700,noswap,x-systemd.before=nginx-create-session-ticket-keys.service,x-systemd.required-by=nginx-create-session-ticket-keys.service 0 0
--- a/fstab.virtual
+++ b/fstab.virtual
--- a/hosts.sh
+++ b/hosts.sh
@ -22,6 +22,7 @@ declare -Ar hosts_hostname=(
    [5.releases.grapheneos.org]=5-releases
    [6.releases.grapheneos.org]=6-releases
    [7.releases.grapheneos.org]=7-releases
+    [8.releases.grapheneos.org]=8-releases
    [staging.attestation.app]=staging-attestation
    [attestation.app]=attestation
    [matrix.grapheneos.org]=matrix
@ -29,6 +30,18 @@ declare -Ar hosts_hostname=(
    [grapheneos.social]=social
 )

+declare -Ar hosts_uefi=(
+    [8.releases.grapheneos.org]=true
+)
+
+declare -Ar hosts_metal=(
+    [8.releases.grapheneos.org]=true
+)
+
+declare -Ar hosts_hardware_watchdog=(
+    [8.releases.grapheneos.org]=true
+)
+
 declare -Ar hosts_firewall=(
    [ns1.staging.grapheneos.org]=ns1
    [ns1.grapheneos.org]=ns1
@ -56,6 +69,7 @@ declare -Ar hosts_swap=(
    [5.releases.grapheneos.org]=8192
    [6.releases.grapheneos.org]=8192
    [7.releases.grapheneos.org]=8192
+    [8.releases.grapheneos.org]=32768
    [attestation.app]=4096
    [matrix.grapheneos.org]=8192
    [discuss.grapheneos.org]=4096
@ -71,6 +85,7 @@ declare -Ar hosts_agcount=(
    [5.releases.grapheneos.org]=8
    [6.releases.grapheneos.org]=8
    [7.releases.grapheneos.org]=8
+    [8.releases.grapheneos.org]=32
 )

 declare -Ar hosts_reserved_ports=(
@ -92,6 +107,7 @@ declare -Ar hosts_tcp_wmem_max=(
    [5.releases.grapheneos.org]=16777216
    [6.releases.grapheneos.org]=16777216
    [7.releases.grapheneos.org]=16777216
+    [8.releases.grapheneos.org]=16777216
    [matrix.grapheneos.org]=16777216
 )

@ -119,6 +135,7 @@ declare -Ar hosts_conntrack_size=(
    [5.releases.grapheneos.org]=262144
    [6.releases.grapheneos.org]=262144
    [7.releases.grapheneos.org]=262144
+    [8.releases.grapheneos.org]=4194304
    [staging.attestation.app]=65536
    [attestation.app]=131072
    [matrix.grapheneos.org]=131072
@ -149,6 +166,7 @@ declare -Ar hosts_journald_system_max_use=(
    [5.releases.grapheneos.org]=8G
    [6.releases.grapheneos.org]=8G
    [7.releases.grapheneos.org]=8G
+    [8.releases.grapheneos.org]=8G
 )

 declare -Ar hosts_journald_system_max_file_size=(
@ -167,6 +185,7 @@ declare -Ar hosts_journald_system_max_file_size=(
    [5.releases.grapheneos.org]=1G
    [6.releases.grapheneos.org]=1G
    [7.releases.grapheneos.org]=1G
+    [8.releases.grapheneos.org]=1G
    [matrix.grapheneos.org]=512M
    [discuss.grapheneos.org]=512M
    [grapheneos.social]=512M
@ -208,6 +227,7 @@ declare -Ar hosts_ipv4_address=(
    [5.releases.grapheneos.org]=141.94.71.72
    [6.releases.grapheneos.org]=135.125.183.155
    [7.releases.grapheneos.org]=141.95.0.242
+    [8.releases.grapheneos.org]=45.90.185.33
    [staging.attestation.app]=198.98.57.157
    [attestation.app]=51.79.66.27
    [matrix.grapheneos.org]=51.79.51.42
@ -239,6 +259,7 @@ declare -Ar hosts_ipv6_address=(
    [5.releases.grapheneos.org]=2001:41d0:304:200::a687
    [6.releases.grapheneos.org]=2001:41d0:701:1100::2ec9
    [7.releases.grapheneos.org]=2001:41d0:701:1100::3e56
+    [8.releases.grapheneos.org]=2a14:3f87:6920:250::100
    [staging.attestation.app]=2605:6400:10:aa9:1c0f:44d3:da15:c0ec
    [attestation.app]=2607:5300:205:200::7e9
    [matrix.grapheneos.org]=2607:5300:205:200::26e1
@ -246,9 +267,6 @@ declare -Ar hosts_ipv6_address=(
    [grapheneos.social]=2607:5300:205:200::5e3f
 )

-declare -Ar hosts_hardware_watchdog=(
-)
-
 readonly hosts_dns=(
    ns1.staging.grapheneos.org
    ns1.grapheneos.org
@ -296,7 +314,7 @@ readonly hosts_grapheneos_all=(
 )

 readonly hosts_releases=(
-    {0..7}.releases.grapheneos.org
+    {0..8}.releases.grapheneos.org
 )

 readonly hosts_network=(
--- a/packages/8.releases.grapheneos.org
+++ b/packages/8.releases.grapheneos.org
@ -0,0 +1,40 @@
+amd-ucode
+base
+chrony
+cloud-guest-utils
+conntrack-tools
+cpupower
+dmidecode
+dosfstools
+efibootmgr
+fish
+htop
+ioping
+iperf
+linux-firmware
+linux-lts
+logrotate
+man-db
+mdadm
+moreutils
+mtr
+neovim
+nftables
+nginx
+nginx-mod-brotli
+nmap
+openssh
+pacman-contrib
+pacutils
+plocate
+pv
+rsync
+smartmontools
+strace
+stress
+sysstat
+tinyxxd
+tree
+turbostat
+unbound
+xfsprogs
--- a/systemd/network/8.releases.grapheneos.org.link
+++ b/systemd/network/8.releases.grapheneos.org.link
@ -0,0 +1,5 @@
+[Match]
+MACAddress=50:7c:6f:7d:4c:93
+
+[Link]
+Name=public
--- a/systemd/network/8.releases.grapheneos.org.network
+++ b/systemd/network/8.releases.grapheneos.org.network
@ -0,0 +1,29 @@
+[Match]
+Name=public
+
+[Network]
+LinkLocalAddressing=no
+Address=45.90.185.33/24
+Address=2a14:3f87:6920:250::100/60
+
+[Route]
+Destination=0.0.0.0/0
+Gateway=45.90.185.1
+PreferredSource=45.90.185.33
+
+[Route]
+Destination=::/0
+Gateway=2a14:3f87:6920:250::1
+PreferredSource=2a14:3f87:6920:250::100
+
+[Route]
+Destination=2a14:3f87:6920:250::1
+PreferredSource=2a14:3f87:6920:250::100
+
+[DHCP]
+UseMTU=true
+
+#[CAKE]
+#Bandwidth=25000M
+#PriorityQueueingPreset=besteffort
+#SplitGSO=false