Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-10-01 00:55:42 -04:00
Code Issues Packages Projects Releases Wiki Activity
261 Commits 1 Branch 0 Tags 1.8 MiB
124897ccba
Commit Graph

261 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
124897ccba update systemd/system.conf 2023-08-01 18:06:28 -04:00
Daniel Micay
7a95f6bfb4 update systemd/networkd.conf 2023-08-01 18:05:17 -04:00
Daniel Micay
2703b7a378 add pv package 2023-07-28 23:24:40 -04:00
Daniel Micay
53b46f6166 set correct subnet mask for BuyVM main IP 2023-07-28 00:12:05 -04:00
Daniel Micay
5e07ae005b use idle scheduling for fstrim.service 2023-07-26 13:21:24 -04:00
Daniel Micay
0e37437f0c update python dependencies 2023-07-26 03:41:24 -04:00
Daniel Micay
39c15372a2 add ioping package 2023-07-26 03:40:57 -04:00
Daniel Micay
e3b8692914 add buyvm and ovh hosts arrays 2023-07-24 21:31:24 -04:00
Daniel Micay
1173060c25 ssh: switch to AES256-GCM to use AES-NI 2023-07-22 16:39:37 -04:00
Daniel Micay
a164ca80c7 disable unused multilib repository 2023-07-18 16:58:34 -04:00
Daniel Micay
13d4dcb39e only discard swapfile at mount time 2023-07-18 16:41:39 -04:00
Daniel Micay
6a8529e1a3 enable discard support for swapfile dm-crypt 2023-07-18 16:41:35 -04:00
Daniel Micay
f7402790d1 blacklist virtio_console module 2023-07-17 02:21:12 -04:00
Daniel Micay
20590d561a blacklist snd_intel8x0 module 2023-07-17 01:50:56 -04:00
Daniel Micay
8f4431582c blacklist sr_mod module 2023-07-17 01:47:44 -04:00
Daniel Micay
f3d7d763de add dns-stats script 2023-07-16 02:18:17 -04:00
Daniel Micay
6b0eec9218 clean up stats scripts 2023-07-16 01:25:27 -04:00
Daniel Micay
15302563f2 drop local-reserved-ports.conf for mastodon 2023-07-15 13:16:06 -04:00
Daniel Micay
4717854ec8 add subuid/subgid backup files to pacreport.conf 2023-07-15 13:14:59 -04:00
Daniel Micay
3dbf62e943 add gdk-pixbuf2 loaders cache to pacreport.conf 2023-07-15 13:14:48 -04:00
Daniel Micay
a973881a30 add sysstat unit configuration to pacreport.conf 2023-07-15 13:00:48 -04:00
Daniel Micay
0452ce51a1 update python dependencies 2023-07-15 12:54:19 -04:00
Daniel Micay
6595a2b05f rename eth0 to public 
This resolves a warning from systemd-networkd about using one of the
names reserved by the kernel.
 2023-07-15 00:33:35 -04:00
Daniel Micay
b245498612 disable unused DHCP IPv4 address for mail server 2023-07-13 21:39:12 -04:00
Daniel Micay
6736cdc36f use highest accuracy for sysstat-collect.timer 2023-07-13 18:51:39 -04:00
Daniel Micay
6567335b31 run sysstat-collect.service every minute 2023-07-13 18:51:28 -04:00
Daniel Micay
4e6c0b0ae1 reorder hosts 2023-07-13 16:23:33 -04:00
Daniel Micay
2e05e09f94 add sysstat package 2023-07-13 14:39:38 -04:00
Daniel Micay
8a1cab9071 add SSH client configuration 2023-07-13 11:41:59 -04:00
Daniel Micay
55dba2e7db add ovh-mitigation.txt to gitignore 2023-07-11 11:59:04 -04:00
Daniel Micay
616232e1ab add directory structure for mirrorlist 2023-07-11 11:38:53 -04:00
Daniel Micay
a957abd347 unified info fetching script 2023-07-10 23:35:56 -04:00
Daniel Micay
d49deb3db6 add certbot-ocsp-fetcher copyright notice 2023-07-09 19:19:29 -04:00
Daniel Micay
34a7874ec3 add license 2023-07-09 19:19:16 -04:00
Tommy
f90943d9e9 Additional unbound hardening 2023-07-09 18:46:33 -04:00
Daniel Micay
5f339efb2d update certbot-ocsp-fetcher 2023-07-09 18:16:59 -04:00
Daniel Micay
462bdc8599 add session ticket key management scripts 2023-07-09 18:04:17 -04:00
Daniel Micay
eb9a4ef2d1 drop git package from discuss.grapheneos.org 2023-07-09 14:48:41 -04:00
Daniel Micay
d6b4b21f9b add count script 2023-07-08 01:25:30 -04:00
Daniel Micay
9d35c7629f add Samsung OPAL information 2023-07-08 01:15:09 -04:00
Daniel Micay
1abf27d74e blacklist tls kernel module 
This gets autoloaded unnecessarily. If we ever start using KTLS, we can
remove this on the servers where we want it.
 2023-07-08 01:11:11 -04:00
Daniel Micay
2bc3eb4857 add information fetch scripts 2023-07-08 01:10:56 -04:00
Daniel Micay
bb2b23bec3 add 3.grapheneos.network package list 2023-07-08 01:03:38 -04:00
Daniel Micay
3400e1f481 add stats scripts 2023-07-08 01:03:22 -04:00
Daniel Micay
5d07b89e77 specify python3 in setup script 2023-07-06 22:12:26 -04:00
Daniel Micay
48c9636fbd set proper mail.grapheneos.org certbot hook 2023-07-06 18:54:48 -04:00
Daniel Micay
92456a8327 add missing dependencies for mastodon 2023-07-06 18:47:33 -04:00
Daniel Micay
8eac68bc26 add hosts configuration file 2023-07-06 18:41:32 -04:00
Daniel Micay
8ac489c9aa allow nginx master process to use CAP_CHOWN 
This is required for it to create the /var directories it uses when the
master process is running as root. It would be possible to run the nginx
master process as non-root but it doesn't drop ambient capabilities when
it spawns the workers so running the master process as non-root will end
up giving the workers higher privileges due to them ending up getting
the CAP_NET_BIND_SERVICE capability passed through.
 2023-07-06 05:30:35 -04:00
Daniel Micay
2cf694017b silence systemd-networkd address prefix warning 
It does the right thing by default now but it still produces a warning,
so silence it.
 2023-07-06 04:39:16 -04:00