From 9e6b18e3b27417c279ffc986b83eb8e433767e5d Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Thu, 6 Nov 2025 19:27:39 -0500
Subject: [PATCH] ns2.grapheneos.org: switch to location-based server names

---
 ....grapheneos.org => nyc.ns2.grapheneos.org} |  0
 etc/nftables/nftables-ns2.conf                |  4 +-
 ...s.org.link => brn.ns2.grapheneos.org.link} |  0
 ...network => brn.ns2.grapheneos.org.network} |  0
 ...s.org.link => las.ns2.grapheneos.org.link} |  0
 ...network => las.ns2.grapheneos.org.network} |  0
 ...s.org.link => nyc.ns2.grapheneos.org.link} |  0
 ...network => nyc.ns2.grapheneos.org.network} |  0
 hosts.sh                                      | 50 +++++++++----------
 ....grapheneos.org => brn.ns2.grapheneos.org} |  0
 ....grapheneos.org => las.ns2.grapheneos.org} |  0
 ....grapheneos.org => nyc.ns2.grapheneos.org} |  0
 12 files changed, 27 insertions(+), 27 deletions(-)
 rename certbot/{0.ns2.grapheneos.org => nyc.ns2.grapheneos.org} (100%)
 rename etc/systemd/network/{2.ns2.grapheneos.org.link => brn.ns2.grapheneos.org.link} (100%)
 rename etc/systemd/network/{2.ns2.grapheneos.org.network => brn.ns2.grapheneos.org.network} (100%)
 rename etc/systemd/network/{1.ns2.grapheneos.org.link => las.ns2.grapheneos.org.link} (100%)
 rename etc/systemd/network/{1.ns2.grapheneos.org.network => las.ns2.grapheneos.org.network} (100%)
 rename etc/systemd/network/{0.ns2.grapheneos.org.link => nyc.ns2.grapheneos.org.link} (100%)
 rename etc/systemd/network/{0.ns2.grapheneos.org.network => nyc.ns2.grapheneos.org.network} (100%)
 rename packages/{1.ns2.grapheneos.org => brn.ns2.grapheneos.org} (100%)
 rename packages/{2.ns2.grapheneos.org => las.ns2.grapheneos.org} (100%)
 rename packages/{0.ns2.grapheneos.org => nyc.ns2.grapheneos.org} (100%)

diff --git a/certbot/0.ns2.grapheneos.org b/certbot/nyc.ns2.grapheneos.org
similarity index 100%
rename from certbot/0.ns2.grapheneos.org
rename to certbot/nyc.ns2.grapheneos.org
diff --git a/etc/nftables/nftables-ns2.conf b/etc/nftables/nftables-ns2.conf
index 75c247b..db7cbd0 100644
--- a/etc/nftables/nftables-ns2.conf
+++ b/etc/nftables/nftables-ns2.conf
@@ -11,12 +11,12 @@ table inet filter {
 
     define ip-allowlist-ssh = {
         {{ssh_ipv4}},
-        198.98.53.141, # 0.ns2.grapheneos.org
+        198.98.53.141, # nyc.ns2.grapheneos.org
     }
 
     define ip6-allowlist-ssh = {
         {{ssh_ipv6}},
-        2605:6400:10:102e:95bc:89ef:2e7f:49bb, # 0.ns2.grapheneos.org
+        2605:6400:10:102e:95bc:89ef:2e7f:49bb, # nyc.ns2.grapheneos.org
     }
 
     define priority-besteffort = 0
diff --git a/etc/systemd/network/2.ns2.grapheneos.org.link b/etc/systemd/network/brn.ns2.grapheneos.org.link
similarity index 100%
rename from etc/systemd/network/2.ns2.grapheneos.org.link
rename to etc/systemd/network/brn.ns2.grapheneos.org.link
diff --git a/etc/systemd/network/2.ns2.grapheneos.org.network b/etc/systemd/network/brn.ns2.grapheneos.org.network
similarity index 100%
rename from etc/systemd/network/2.ns2.grapheneos.org.network
rename to etc/systemd/network/brn.ns2.grapheneos.org.network
diff --git a/etc/systemd/network/1.ns2.grapheneos.org.link b/etc/systemd/network/las.ns2.grapheneos.org.link
similarity index 100%
rename from etc/systemd/network/1.ns2.grapheneos.org.link
rename to etc/systemd/network/las.ns2.grapheneos.org.link
diff --git a/etc/systemd/network/1.ns2.grapheneos.org.network b/etc/systemd/network/las.ns2.grapheneos.org.network
similarity index 100%
rename from etc/systemd/network/1.ns2.grapheneos.org.network
rename to etc/systemd/network/las.ns2.grapheneos.org.network
diff --git a/etc/systemd/network/0.ns2.grapheneos.org.link b/etc/systemd/network/nyc.ns2.grapheneos.org.link
similarity index 100%
rename from etc/systemd/network/0.ns2.grapheneos.org.link
rename to etc/systemd/network/nyc.ns2.grapheneos.org.link
diff --git a/etc/systemd/network/0.ns2.grapheneos.org.network b/etc/systemd/network/nyc.ns2.grapheneos.org.network
similarity index 100%
rename from etc/systemd/network/0.ns2.grapheneos.org.network
rename to etc/systemd/network/nyc.ns2.grapheneos.org.network
diff --git a/hosts.sh b/hosts.sh
index 8ba6675..4e5c76e 100644
--- a/hosts.sh
+++ b/hosts.sh
@@ -4,9 +4,9 @@ declare -Ar hosts_hostname=(
     [1.ns1.grapheneos.org]=1-ns1
     [2.ns1.grapheneos.org]=2-ns1
     [3.ns1.grapheneos.org]=3-ns1
-    [0.ns2.grapheneos.org]=0-ns2
-    [1.ns2.grapheneos.org]=1-ns2
-    [2.ns2.grapheneos.org]=2-ns2
+    [brn.ns2.grapheneos.org]=ns2-brn
+    [las.ns2.grapheneos.org]=ns2-las
+    [nyc.ns2.grapheneos.org]=ns2-nyc
     [mail.grapheneos.org]=mail
     [staging.grapheneos.org]=staging
     [0.grapheneos.org]=0-grapheneos
@@ -53,8 +53,8 @@ declare -Ar hosts_authorized_keys=(
     [1.ns1.grapheneos.org]=authorized_keys-replica-ns1
     [2.ns1.grapheneos.org]=authorized_keys-replica-ns1
     [3.ns1.grapheneos.org]=authorized_keys-replica-ns1
-    [1.ns2.grapheneos.org]=authorized_keys-replica-ns2
-    [2.ns2.grapheneos.org]=authorized_keys-replica-ns2
+    [brn.ns2.grapheneos.org]=authorized_keys-replica-ns2
+    [las.ns2.grapheneos.org]=authorized_keys-replica-ns2
     [1.grapheneos.org]=authorized_keys-replica-grapheneos
     [2.grapheneos.org]=authorized_keys-replica-grapheneos
     [3.grapheneos.org]=authorized_keys-replica-grapheneos
@@ -73,9 +73,9 @@ declare -Ar hosts_firewall=(
     [1.ns1.grapheneos.org]=ns1
     [2.ns1.grapheneos.org]=ns1
     [3.ns1.grapheneos.org]=ns1
-    [0.ns2.grapheneos.org]=ns2
-    [1.ns2.grapheneos.org]=ns2
-    [2.ns2.grapheneos.org]=ns2
+    [brn.ns2.grapheneos.org]=ns2
+    [las.ns2.grapheneos.org]=ns2
+    [nyc.ns2.grapheneos.org]=ns2
     [mail.grapheneos.org]=mail
     [staging.grapheneos.org]=network-fq
     [0.grapheneos.org]=network
@@ -130,9 +130,9 @@ declare -Ar hosts_tcp_wmem_max=(
 
 declare -Ar hosts_tcp_fastopen=(
     [ns1.staging.grapheneos.org]=false
-    [0.ns2.grapheneos.org]=false
-    [1.ns2.grapheneos.org]=false
-    [2.ns2.grapheneos.org]=false
+    [brn.ns2.grapheneos.org]=false
+    [las.ns2.grapheneos.org]=false
+    [nyc.ns2.grapheneos.org]=false
     [staging.grapheneos.org]=false
     [1.grapheneos.org]=false
     [1.grapheneos.network]=false
@@ -146,9 +146,9 @@ declare -Ar hosts_conntrack_size=(
     [1.ns1.grapheneos.org]=131072
     [2.ns1.grapheneos.org]=131072
     [3.ns1.grapheneos.org]=131072
-    [0.ns2.grapheneos.org]=65536
-    [1.ns2.grapheneos.org]=65536
-    [2.ns2.grapheneos.org]=65536
+    [brn.ns2.grapheneos.org]=65536
+    [las.ns2.grapheneos.org]=65536
+    [nyc.ns2.grapheneos.org]=65536
     [mail.grapheneos.org]=131072
     [staging.grapheneos.org]=65536
     [0.grapheneos.org]=131072
@@ -203,9 +203,9 @@ declare -Ar hosts_ipv4_address=(
     [1.ns1.grapheneos.org]=15.204.8.153
     [2.ns1.grapheneos.org]=57.129.65.223
     [3.ns1.grapheneos.org]=15.235.197.61
-    [0.ns2.grapheneos.org]=198.98.53.141
-    [1.ns2.grapheneos.org]=205.185.124.155
-    [2.ns2.grapheneos.org]=107.189.3.168
+    [brn.ns2.grapheneos.org]=107.189.3.168
+    [las.ns2.grapheneos.org]=205.185.124.155
+    [nyc.ns2.grapheneos.org]=198.98.53.141
     [mail.grapheneos.org]=192.99.98.22
     [staging.grapheneos.org]=199.195.250.78
     [0.grapheneos.org]=51.222.156.101
@@ -232,9 +232,9 @@ declare -Ar hosts_ipv6_address=(
     [1.ns1.grapheneos.org]=2604:2dc0:202:300::23a6
     [2.ns1.grapheneos.org]=2001:41d0:701:1100::245b
     [3.ns1.grapheneos.org]=2402:1f00:8000:800::3966
-    [0.ns2.grapheneos.org]=2605:6400:10:102e:95bc:89ef:2e7f:49bb
-    [1.ns2.grapheneos.org]=2605:6400:20:1c8f:a0c9:372d:482e:945b
-    [2.ns2.grapheneos.org]=2605:6400:30:ec25:102c:af6d:5be:1eb8
+    [brn.ns2.grapheneos.org]=2605:6400:30:ec25:102c:af6d:5be:1eb8
+    [las.ns2.grapheneos.org]=2605:6400:20:1c8f:a0c9:372d:482e:945b
+    [nyc.ns2.grapheneos.org]=2605:6400:10:102e:95bc:89ef:2e7f:49bb
     [mail.grapheneos.org]=2607:5300:205:200::472f
     [staging.grapheneos.org]=2605:6400:10:9d6:6d84:e183:acda:16d7
     [0.grapheneos.org]=2607:5300:205:200::29c6
@@ -259,7 +259,7 @@ readonly hosts_ns1=(
 )
 
 readonly hosts_ns2=(
-    {0..2}.ns2.grapheneos.org
+    {brn,las,nyc}.ns2.grapheneos.org
 )
 
 readonly hosts_dns=(
@@ -277,7 +277,7 @@ readonly hosts_staging=(
 readonly hosts_certbot=(
     ns1.staging.grapheneos.org
     0.ns1.grapheneos.org
-    0.ns2.grapheneos.org
+    nyc.ns2.grapheneos.org
     mail.grapheneos.org
     staging.grapheneos.org
     0.grapheneos.org
@@ -291,14 +291,14 @@ readonly hosts_certbot=(
 
 readonly hosts_primary=(
     0.ns1.grapheneos.org
-    0.ns2.grapheneos.org
+    nyc.ns2.grapheneos.org
     0.grapheneos.org
     mia.releases.grapheneos.org
 )
 
 readonly hosts_secondary=(
     {1..3}.ns1.grapheneos.org
-    {1..2}.ns2.grapheneos.org
+    {brn,las}.ns2.grapheneos.org
     {1..3}.grapheneos.org
     {0..3}.grapheneos.network
     {lax,lon}.releases.grapheneos.org
@@ -349,7 +349,7 @@ readonly hosts_all=(
 
 readonly hosts_buyvm=(
     ns1.staging.grapheneos.org
-    {0..2}.ns2.grapheneos.org
+    {brn,las,nyc}.ns2.grapheneos.org
     staging.grapheneos.org
     1.grapheneos.org
     1.grapheneos.network
diff --git a/packages/1.ns2.grapheneos.org b/packages/brn.ns2.grapheneos.org
similarity index 100%
rename from packages/1.ns2.grapheneos.org
rename to packages/brn.ns2.grapheneos.org
diff --git a/packages/2.ns2.grapheneos.org b/packages/las.ns2.grapheneos.org
similarity index 100%
rename from packages/2.ns2.grapheneos.org
rename to packages/las.ns2.grapheneos.org
diff --git a/packages/0.ns2.grapheneos.org b/packages/nyc.ns2.grapheneos.org
similarity index 100%
rename from packages/0.ns2.grapheneos.org
rename to packages/nyc.ns2.grapheneos.org