Daniel Micay
02b7e4e5c1
add 3.releases.grapheneos.org server
2025-10-09 09:06:31 -04:00
Daniel Micay
a52a12450d
handle update server renaming for authorized_keys
2025-10-07 17:40:32 -04:00
Daniel Micay
e57096dfec
disable TCP Fast Open on BuyVM for now
2025-09-30 16:56:21 -04:00
Daniel Micay
c6156ebed7
switch from shaped CAKE to FQ for BuyVM servers
...
These servers originally only had the 1Gbps base bandwidth and shaping
it with CAKE worked well to make the most of it during traffic spikes
for the web servers. It has little value for the nameservers since the
only potentially high throughput service is non-interactive SSH.
These servers now have 10Gbps burst available but are heavily limited by
their single virtual core and unable to use all of it in practice. CAKE
can only provide significant value when it's the bottleneck which isn't
the case when the workload is CPU limited. We don't want to keep around
the artificially low 1Gbps limit and it can't do much more.
Unlike OVH, the practical bottleneck is the CPU and FQ has the lowest
CPU usage in practice due to being very performance-oriented with a FIFO
fast path and offloading TCP pacing from the TCP stack to itself. On the
DNS servers, the fast path is always used in practice. Our OVH servers
have a much lower enforced bandwidth limit and the way they implement it
ruins fairness across flows. We definitely want to stick with CAKE for
our VPS instances on OVH but it doesn't make sense on BuyVM anymore.
2025-09-18 01:26:39 -04:00
Daniel Micay
8bf64de00d
add hosts arrays for ns1 and ns2
2025-09-15 21:10:42 -04:00
Daniel Micay
defb596ac1
raise journal file size for relevant servers
2025-09-04 23:19:40 -04:00
Daniel Micay
676763b8a5
nftables: split out update servers
...
This will be used for fq-specific configuration.
2025-09-01 19:35:49 -04:00
Daniel Micay
e5ae9ca13b
raise tcp_wmem[2] for update servers
...
Linux recently raised the default tcp_rmem[2] to 32MiB so it makes sense
to match it on the sending side to maximize bandwidth.
2025-09-01 19:35:03 -04:00
Daniel Micay
f54010112e
switch to Unix socket for synapse
2025-08-22 16:59:05 -04:00
Daniel Micay
124dd54ef5
more frequent rotation for shorter log retention
2025-08-17 03:17:51 -04:00
Daniel Micay
931c72f9f5
raise journal size for relevant servers
2025-08-17 03:07:20 -04:00
Daniel Micay
785ad04bbf
rename update servers
2025-08-03 21:45:34 -04:00
Daniel Micay
53ca057a9a
adjust conntrack max based on available memory
2025-07-23 00:26:41 -04:00
Daniel Micay
05bc9199b3
use default log size for 2.ns2.grapheneos.org
2025-05-28 11:35:46 -04:00
Daniel Micay
3f2e33e8df
raise journal size for several servers
2025-05-28 11:01:12 -04:00
Daniel Micay
f9f3cdab05
add 1.ns1.grapheneos.org server
2025-05-08 22:26:56 -04:00
Daniel Micay
7095105832
add 3.ns1.grapheneos.org server
2025-05-08 22:26:56 -04:00
Daniel Micay
30128d2654
update releases.grapheneos.org authorized_keys configuration
2025-05-08 22:26:56 -04:00
Daniel Micay
029882f051
set up certificate replication for ns1 replicas
2025-05-05 17:29:54 -04:00
Daniel Micay
c7cb5d025e
add 2.ns1.grapheneos.org server
2025-05-04 16:01:04 -04:00
Daniel Micay
566f1a10d2
rename ns1.grapheneos.org to 0.ns1.grapheneos.org
2025-05-03 18:13:18 -04:00
Daniel Micay
c41f579a51
raise journal file size for 2.grapheneos.org
2025-05-03 09:21:37 -04:00
Daniel Micay
476d7f4794
raise journal file size for 1.grapheneos.network
2025-05-03 09:21:34 -04:00
Daniel Micay
7861ef2c30
remove legacy OVH update servers
2025-04-30 23:27:40 -04:00
Daniel Micay
9556ca4b79
use 4.releases.grapheneos.org as primary instance
2025-04-25 00:47:28 -04:00
Daniel Micay
9290c1fd90
add new ReliableSite update servers
2025-04-24 01:15:39 -04:00
Daniel Micay
8db0d61485
add authorized_keys configuration
2025-04-10 15:14:25 -04:00
Daniel Micay
e6311abe40
drop legacy OVH EU update servers
2025-04-10 11:07:31 -04:00
Daniel Micay
46395cc4e5
raise journald limits for new update server
2025-04-03 17:08:49 -04:00
Daniel Micay
b7aab6e0da
rename new update server
2025-04-03 17:08:45 -04:00
Daniel Micay
f32458e296
phase out old update server names
2025-04-03 15:36:37 -04:00
Daniel Micay
4dfae68196
add 8.releases.grapheneos.org server
2025-04-02 14:47:25 -04:00
Daniel Micay
86e6dd61e6
replace 0.releases.grapheneos.org server
2025-03-19 12:05:37 -04:00
Daniel Micay
2758a47f8a
raise log file size for 2.ns2.grapheneos.org
2025-03-17 19:51:58 -04:00
Daniel Micay
54dc10b79f
set up systemd runtime watchdog support
...
Services without a hardware watchdog will need to use softdog and won't
get most of the benefits but it's still useful.
2025-02-12 08:23:11 -05:00
Daniel Micay
5bf4a87d90
raise grapheneos.social journal size
2025-02-05 04:40:50 -05:00
Daniel Micay
4f49c50ef6
raise 3.grapheneos.network journal size
2025-01-03 10:13:59 -05:00
Daniel Micay
0151adf60e
replace grapheneos.social server
2024-11-20 19:00:49 -05:00
Daniel Micay
f375971fb4
fix grapheneos.social journald size configuration
2024-10-29 20:21:54 -04:00
Daniel Micay
9417513717
replace 3.releases.grapheneos.org server
2024-10-29 09:21:34 -04:00
Daniel Micay
9b3b3e69c8
raise release server journal size to 1G
2024-10-21 15:36:30 -04:00
Daniel Micay
7eeddfcffd
raise journal size for discuss.grapheneos.org
2024-10-14 06:30:16 -04:00
Daniel Micay
703e504928
raise journal size for matrix.grapheneos.org
2024-10-14 06:29:24 -04:00
Daniel Micay
652ca46ed9
raise journal size for 0.grapheneos.org
2024-10-14 06:28:03 -04:00
Daniel Micay
858a99a534
raise discuss.grapheneos.org journal size
2024-09-23 13:22:14 -04:00
Daniel Micay
b268bd4e59
raise journal size for EU website server
2024-09-13 06:32:39 -04:00
Daniel Micay
bdc6ee4a95
raise journal size for NA network servers
2024-09-12 18:59:55 -04:00
Daniel Micay
437c5a5f3d
raise journal file size for grapheneos.social
2024-07-25 11:59:56 -04:00
Daniel Micay
597f534d63
increase journal file size for 3.grapheneos.network
2024-06-21 16:51:36 -04:00
Daniel Micay
54181d3031
increase journal size for update servers
2024-06-19 11:42:42 -04:00
