Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-07-20 13:39:01 -04:00
Code Issues Projects Releases Packages Wiki Activity

scale synproxy threshold based on conntrack max

Browse source
This commit is contained in:
Daniel Micay 2025-06-22 22:06:29 -04:00
parent bb797f412b
commit 8b87654075
10 changed files with 12 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
deploy-initial
View file

@ -58,7 +58,9 @@ sed -i "s/{{ssh_users}}/${hosts_ssh_users[$host]:-root}/g" etc/ssh/sshd_config.t
rsync -cv etc/ssh/sshd_config.tmp $remote:/mnt/etc/ssh/sshd_config
rm etc/ssh/sshd_config.tmp
rsync -cv etc/nftables/nftables-${hosts_firewall[$host]:-web}.conf $remote:/mnt/etc/nftables.conf
synproxy_threshold=$(( ${hosts_conntrack_size[$host]} / 64 ))
sed "s/{{synproxy_threshold}}/$synproxy_threshold/g" etc/nftables/nftables-${hosts_firewall[$host]:-web}.conf >tmp
rsync -cv tmp $remote:/mnt/etc/nftables.conf
ssh $remote "arch-chroot /mnt systemctl enable chronyd.service fstrim.timer logrotate.timer nftables.service systemd-networkd.service systemd-oomd.service sshd.service sysstat.service unbound.service"
ssh $remote "arch-chroot /mnt systemctl disable remote-fs.target systemd-network-generator.service systemd-userdbd.socket"