Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-04-21 16:29:28 -04:00
Code Issues Packages Projects Releases Wiki Activity
614 Commits 1 Branch 0 Tags
Commit Graph

614 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
b20cf862a3 update python dependencies 2025-04-17 10:32:41 -04:00
Daniel Micay
1f4d7316b8 reorganize configurations into etc directory 2025-04-15 12:53:49 -04:00
Daniel Micay
b5fd158374 add cpupower configuration for bare metal 2025-04-15 12:30:33 -04:00
Daniel Micay
0b6e5e017e sshd: use mlkem768x25519-sha256 for key exchange 
The default was switched from sntrup761x25519-sha512@openssh.com to
mlkem768x25519-sha256 in OpenSSH 10.0. It's much faster and also matches
the new default TLS key exchange algorithm for OpenSSL 3.5.0.
 2025-04-12 11:37:03 -04:00
Daniel Micay
397eac82b6 update sshd_config 2025-04-12 11:06:03 -04:00
Daniel Micay
d7564c99c4 add systemd-boot configuration 2025-04-11 13:44:37 -04:00
Daniel Micay
8db0d61485 add authorized_keys configuration 2025-04-10 15:14:25 -04:00
Daniel Micay
e6311abe40 drop legacy OVH EU update servers 2025-04-10 11:07:31 -04:00
Daniel Micay
fff5e43b89 work around systemd-boot disliking ESP on RAID 1 
Using RAID 1 for ESP is the normal approach used by typical automatic
installs on dedicated servers. It's discouraged by systemd since they
don't know if out-of-band writes could happen such as a Windows install
seeing it and mounting it. That's not a problem for us and we want to do
things the normal way instead of a more error prone approach of syncing
changes without RAID 1.
 2025-04-05 11:10:52 -04:00
Daniel Micay
9254dead0d deploy-initial: handle fstab split 2025-04-05 09:57:18 -04:00
Daniel Micay
38db9327be switch to BBR for congestion control 2025-04-03 17:08:49 -04:00
Daniel Micay
fd31471ae3 enable CAKE for the new update server 
This wasn't initially enabled because we were concerned about a
potential bottleneck due to CAKE being single threaded. We expect the
Ryzen 9950X will be more than powerful enough for CAKE at 25Gbps and it
does appear to help substantially compared to fq_codel with maintaining
high throughput across problematic connections especially when combined
with BBR which we'll likely switch to for congestion control across the
servers, especially with BBRv3 on the horizon.
 2025-04-03 17:08:49 -04:00
Daniel Micay
46395cc4e5 raise journald limits for new update server 2025-04-03 17:08:49 -04:00
Daniel Micay
b7aab6e0da rename new update server 2025-04-03 17:08:45 -04:00
Daniel Micay
f32458e296 phase out old update server names 2025-04-03 15:36:37 -04:00
Daniel Micay
4dfae68196 add 8.releases.grapheneos.org server 2025-04-02 14:47:25 -04:00
Daniel Micay
3746befc4e disable systemd-userdbd.socket in initial deployment 2025-04-02 14:46:48 -04:00
Daniel Micay
176fb30a4e drop kernel.sched_energy_aware sysctl 2025-03-19 12:13:06 -04:00
Daniel Micay
86e6dd61e6 replace 0.releases.grapheneos.org server 2025-03-19 12:05:37 -04:00
Daniel Micay
286045f90c update Arch Linux ISO to 2025.03.01 2025-03-19 11:32:40 -04:00
Daniel Micay
2758a47f8a raise log file size for 2.ns2.grapheneos.org 2025-03-17 19:51:58 -04:00
Daniel Micay
a374df4aa3 allow mjolnir to connect via nginx HTTPS 
This is needed because mjolnir connecting directly to synapse causes it
to repeatedly disconnect around every hour, likely due to an issue with
keepalive.
 2025-02-27 09:03:24 -05:00
Daniel Micay
bd4e51a18c switch to node.js 22 LTS for Mastodon 2025-02-25 12:44:06 -05:00
Daniel Micay
1180ee2638 switch to node.js 22 LTS for mjolnir 2025-02-25 12:43:52 -05:00
Daniel Micay
532bc95715 add iperf package to each server 2025-02-16 04:37:53 -05:00
Daniel Micay
6cce70a859 use CAKE no-split-gso for BuyVM servers 2025-02-16 04:32:21 -05:00
Daniel Micay
54dc10b79f set up systemd runtime watchdog support 
Services without a hardware watchdog will need to use softdog and won't
get most of the benefits but it's still useful.
 2025-02-12 08:23:11 -05:00
Daniel Micay
0dc18cdc27 update copyright notice 2025-02-05 04:40:50 -05:00
Daniel Micay
5bf4a87d90 raise grapheneos.social journal size 2025-02-05 04:40:50 -05:00
GrapheneOS
7a5080c232 update python dependencies 2025-02-04 03:23:13 -05:00
Daniel Micay
4f49c50ef6 raise 3.grapheneos.network journal size 2025-01-03 10:13:59 -05:00
Daniel Micay
d817740941 count: handle optimized factory image downloads 2025-01-02 23:39:25 -05:00
Daniel Micay
03a5db3b63 count: fix counting 9th gen Pixel update downloads 2025-01-02 23:39:11 -05:00
Daniel Micay
4de86ce967 update python dependencies 2024-12-26 17:55:05 -05:00
Daniel Micay
50ca73f7aa update python dependencies 2024-12-24 04:00:42 -05:00
Daniel Micay
e40fb1bd4e add chronyd.service hardening based on not using sendmail 
This reverts the extra directives included in the standard
chronyd.service for supporting sendmail.
 2024-12-19 11:35:51 -05:00
Daniel Micay
ad7a380ae9 update python dependencies 2024-12-14 23:20:04 -05:00
Daniel Micay
97b57a9418 improve reboot script confirmation message 2024-12-12 15:27:57 -05:00
Daniel Micay
8d59d143c1 update systemd sleep.conf 2024-12-12 10:24:25 -05:00
Daniel Micay
061deebc3e drop unused bash-completion package 2024-12-03 01:10:49 -05:00
Daniel Micay
7204b8d66e add reboot script 2024-12-03 01:10:46 -05:00
Daniel Micay
3cdd4914d3 fish: add vi keybinding setup 2024-11-29 14:03:58 -05:00
Daniel Micay
1407b2385b raise fish_prompt_pwd_full_dirs to 2 2024-11-29 12:59:02 -05:00
Daniel Micay
a3b029d3c5 move fish_title to a dedicated file 2024-11-29 12:42:08 -05:00
Daniel Micay
0dd981f389 fish: add extra abbreviations 2024-11-23 11:34:23 -05:00
Daniel Micay
78d53ded88 fish: add pstree alias 2024-11-21 11:12:38 -05:00
Daniel Micay
b7636d4139 fish: tweak ip alias 2024-11-21 09:17:43 -05:00
Daniel Micay
f65eedeec6 fish: use color for tc output 2024-11-20 19:05:32 -05:00
Daniel Micay
0151adf60e replace grapheneos.social server 2024-11-20 19:00:49 -05:00
Daniel Micay
a642c2e76f fix setting fish as default shell for new installs 2024-11-20 16:14:40 -05:00