Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-12-20 10:45:22 -05:00
Code Issues Projects Releases Packages Wiki Activity

set a default value for hosts_conntrack_size

Browse source
This commit is contained in:
Daniel Micay 2025-11-26 10:40:37 -05:00
parent 253113acc8
commit f0e24df323
3 changed files with 2 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

2
deploy-initial-vps
View file

@ -62,7 +62,7 @@ rsync tmp $remote:/mnt/etc/ssh/sshd_config
rm tmp rm tmp
cp etc/nftables/nftables-${hosts_firewall[$host]:-web}.conf tmp cp etc/nftables/nftables-${hosts_firewall[$host]:-web}.conf tmp
sed -i "s/{{synproxy_threshold}}/$(( ${hosts_conntrack_size[$host]} / 64 ))/g" tmp sed -i "s/{{synproxy_threshold}}/$(( ${hosts_conntrack_size[$host]:-65536} / 64 ))/g" tmp
sed -i "s/{{ssh_ipv4}}/$ssh_ipv4/g" tmp sed -i "s/{{ssh_ipv4}}/$ssh_ipv4/g" tmp
sed -i "s/{{ssh_ipv6}}/$ssh_ipv6/g" tmp sed -i "s/{{ssh_ipv6}}/$ssh_ipv6/g" tmp
rsync tmp $remote:/mnt/etc/nftables.conf rsync tmp $remote:/mnt/etc/nftables.conf

2
deploy-nftables
View file

@ -12,7 +12,7 @@ for host in ${hosts_all[@]}; do
echo echo
cp etc/nftables/nftables-${hosts_firewall[$host]:-web}.conf tmp cp etc/nftables/nftables-${hosts_firewall[$host]:-web}.conf tmp
sed -i "s/{{synproxy_threshold}}/$(( ${hosts_conntrack_size[$host]} / 64 ))/g" tmp sed -i "s/{{synproxy_threshold}}/$(( ${hosts_conntrack_size[$host]:-65536} / 64 ))/g" tmp
sed -i "s/{{ssh_ipv4}}/$ssh_ipv4/g" tmp sed -i "s/{{ssh_ipv4}}/$ssh_ipv4/g" tmp
sed -i "s/{{ssh_ipv6}}/$ssh_ipv6/g" tmp sed -i "s/{{ssh_ipv6}}/$ssh_ipv6/g" tmp
rsync tmp $remote:/etc/nftables.conf rsync tmp $remote:/etc/nftables.conf

24
hosts.sh
View file

@ -167,34 +167,10 @@ declare -Ar hosts_tcp_fastopen=(
) )
declare -Ar hosts_conntrack_size=( declare -Ar hosts_conntrack_size=(
[ns1.staging.grapheneos.org]=65536
[bom.ns1.grapheneos.org]=65536
[fra.ns1.grapheneos.org]=65536
[lax.ns1.grapheneos.org]=65536
[lon.ns1.grapheneos.org]=65536
[mia.ns1.grapheneos.org]=65536
[nyc.ns1.grapheneos.org]=65536
[sea.ns1.grapheneos.org]=65536
[sin.ns1.grapheneos.org]=65536
[syd.ns1.grapheneos.org]=65536
[tyo.ns1.grapheneos.org]=65536
[brn.ns2.grapheneos.org]=65536
[las.ns2.grapheneos.org]=65536
[mia.ns2.grapheneos.org]=65536
[nyc.ns2.grapheneos.org]=65536
[mail.grapheneos.org]=131072 [mail.grapheneos.org]=131072
[staging.grapheneos.org]=65536
[brn.grapheneos.org]=65536
[las.grapheneos.org]=65536
[mia.grapheneos.org]=65536
[nyc.grapheneos.org]=65536
[sea.grapheneos.org]=65536
[sin.grapheneos.org]=65536
[syd.grapheneos.org]=65536
[lax.releases.grapheneos.org]=12582912 [lax.releases.grapheneos.org]=12582912
[lon.releases.grapheneos.org]=8388608 [lon.releases.grapheneos.org]=8388608
[mia.releases.grapheneos.org]=12582912 [mia.releases.grapheneos.org]=12582912
[staging.attestation.app]=65536
[attestation.app]=131072 [attestation.app]=131072
[matrix.grapheneos.org]=131072 [matrix.grapheneos.org]=131072
[discuss.grapheneos.org]=131072 [discuss.grapheneos.org]=131072