Daniel Micay
48c9636fbd
set proper mail.grapheneos.org certbot hook
2023-07-06 18:54:48 -04:00
Daniel Micay
92456a8327
add missing dependencies for mastodon
2023-07-06 18:47:33 -04:00
Daniel Micay
8eac68bc26
add hosts configuration file
2023-07-06 18:41:32 -04:00
Daniel Micay
8ac489c9aa
allow nginx master process to use CAP_CHOWN
...
This is required for it to create the /var directories it uses when the
master process is running as root. It would be possible to run the nginx
master process as non-root but it doesn't drop ambient capabilities when
it spawns the workers so running the master process as non-root will end
up giving the workers higher privileges due to them ending up getting
the CAP_NET_BIND_SERVICE capability passed through.
2023-07-06 05:30:35 -04:00
Daniel Micay
2cf694017b
silence systemd-networkd address prefix warning
...
It does the right thing by default now but it still produces a warning,
so silence it.
2023-07-06 04:39:16 -04:00
Daniel Micay
5777fa38ae
add network configuration for 1.grapheneos.network
2023-07-06 04:30:23 -04:00
Daniel Micay
2f4e9f67c4
set log retention time per server
2023-07-06 00:17:05 -04:00
Daniel Micay
5ea36399d1
rename 1.grapheneos.network to 2.grapheneos.network
2023-07-05 17:31:48 -04:00
Daniel Micay
a97e039314
rename 2.grapheneos.network to 3.grapheneos.network
2023-07-05 17:31:30 -04:00
Daniel Micay
626653c23e
add 3.grapheneos.org package list
2023-07-03 21:35:48 -04:00
Daniel Micay
affc4518da
rename OVH mitigation script
2023-07-03 18:35:43 -04:00
Daniel Micay
45c79b3909
drop legacy connectivity check subdomain
2023-07-03 17:03:17 -04:00
Daniel Micay
37bf4935f1
drop mail server specific certbot configuration
...
The mail server is now using the webroot authentication method via nginx
due to moving the MTA-STS web service to the mail server.
2023-06-30 15:47:33 -04:00
Daniel Micay
8114047b9b
add new website server instance
2023-06-30 15:45:09 -04:00
Daniel Micay
52a1e9f18e
remove unused qemu-guest-agent package
2023-06-30 12:22:01 -04:00
Daniel Micay
d8d721ecd9
update python dependencies
2023-06-30 10:53:45 -04:00
Daniel Micay
9cec692b28
fix staging.attestation.app name for certbot
2023-06-29 13:25:10 -04:00
Daniel Micay
2641d41169
move staging.attestation.app to BuyVM
2023-06-29 13:14:50 -04:00
Daniel Micay
f9bee29ab8
move staging.grapheneos.org to BuyVM
2023-06-23 14:41:01 -04:00
Daniel Micay
82bf5e752c
add mail.grapheneos.net fallback name for MX
2023-06-23 11:59:52 -04:00
Daniel Micay
4089b07be1
rename staging nameserver package list
2023-06-22 16:03:11 -04:00
Daniel Micay
3c1c21f1a1
update package lists for split ns2.grapheneos.org
2023-06-22 16:02:12 -04:00
Daniel Micay
129af30134
add nginx to mail.grapheneos.org
2023-06-22 15:58:13 -04:00
Daniel Micay
2f4218fc77
move ns1.staging.grapheneos.org to BuyVM
2023-06-22 12:41:26 -04:00
Daniel Micay
254e628a79
move staging.ns1.grapheneos.org to ns1.staging.grapheneos.org
2023-06-22 00:27:08 -04:00
Daniel Micay
f1d9c0693e
disable link-local addressing
2023-06-21 23:10:09 -04:00
Daniel Micay
384c29bd5e
simplify route metric configuration
2023-06-21 22:56:50 -04:00
Daniel Micay
d128124200
move website server mta-sts to mail server
2023-06-21 14:53:07 -04:00
Daniel Micay
4abeaf06f5
move network server mta-sts to mail server
2023-06-21 14:43:06 -04:00
Daniel Micay
884906f160
move mta-sts.seamlessupdate.app to mail server
2023-06-21 14:37:46 -04:00
Daniel Micay
5c6f540cf3
move mta-sts.matrix.grapheneos.org to mail server
2023-06-21 14:31:49 -04:00
Daniel Micay
dc840b7925
move mta-sts.grapheneos.social to mail server
2023-06-21 14:20:43 -04:00
Daniel Micay
aa89e675d6
move mta-sts.discuss.grapheneos.org to mail server
2023-06-21 14:20:21 -04:00
Daniel Micay
95e0c68cb0
move mta-sts.attestation.app to mail server
2023-06-21 13:59:46 -04:00
Daniel Micay
3034c845c9
move mta-sts.mail.grapheneos.org to mail server
2023-06-21 13:51:09 -04:00
Daniel Micay
a07fa271e3
fix domain for mail.grapheneos.org certbot init
2023-06-21 13:40:43 -04:00
Daniel Micay
fdf3839571
prepare to move MTA-STS web server to mail server
2023-06-21 13:12:04 -04:00
Daniel Micay
3d869bcac7
split out anycast DNS nftables configuration
2023-06-19 03:28:59 -04:00
Daniel Micay
d0d72994e2
replace ns2.grapheneos.org network configuration
2023-06-16 20:30:29 -04:00
Daniel Micay
341861f886
add xfsprogs package
2023-06-16 13:54:06 -04:00
Daniel Micay
f9bd265028
nftables: drop unnecessary semicolons
2023-06-10 22:14:54 -04:00
Daniel Micay
27aca7474c
drop no-op RemoveIPC
2023-06-10 20:42:37 -04:00
Daniel Micay
6223daec3f
document DANE TLSA commands
2023-06-09 01:09:47 -04:00
Daniel Micay
dcb50a9085
add /etc/sysctl.d/local-reserved-ports.conf
2023-06-06 21:55:11 -04:00
Daniel Micay
48f855cf83
exclude /etc/sysconfig in pacreport.conf
2023-06-06 17:05:58 -04:00
Daniel Micay
39ec27f421
move ssh configuration to subdirectory
2023-06-06 15:18:19 -04:00
Daniel Micay
4e12323e27
regenerate requirements.txt
2023-05-31 19:04:12 -04:00
Daniel Micay
36876296cd
update pacman.conf to match standard one
2023-05-22 19:26:21 -04:00
Daniel Micay
593701cd63
add certbot commands
2023-05-22 18:44:50 -04:00
Daniel Micay
6f6b8ceb54
enable chronyd seccomp filter
2023-05-07 00:02:51 -04:00