Commit Graph

572 Commits

Author SHA1 Message Date
Daniel Micay
e2c73f3c6d drop discard for swapfile
This doesn't quite work as intended since the reserved file space is
dropped and it results in fragmentation.
2024-10-26 13:54:07 -04:00
Daniel Micay
ef3d3f35e1 handle kernel.sched_energy_aware being unavailable 2024-10-26 13:10:36 -04:00
Daniel Micay
0c9bc19b9d add imagemagick to grapheneos.social for now
We can switch to one of the newer options later or wait for the package
to get updated to do it for us.
2024-10-23 08:16:46 -04:00
Daniel Micay
3c8a2b7ac2 deploy-initial: fix obtaining swap size 2024-10-22 06:53:52 -04:00
Daniel Micay
fed4e23007 deploy-initial update IMAGE_VERSION 2024-10-22 06:42:03 -04:00
Daniel Micay
9b3b3e69c8 raise release server journal size to 1G 2024-10-21 15:36:30 -04:00
Daniel Micay
5cc16bab0e use incrementing auto-restart delay for unbound 2024-10-21 07:25:41 -04:00
GrapheneOS
c0581d4da5 add 9th gen Pixels to count script 2024-10-21 05:22:59 -04:00
Daniel Micay
e6df4e30e4 remove extra newline 2024-10-20 14:57:09 -04:00
Daniel Micay
4a7919d736 add ManagedOOMPreference=avoid for sshd.service 2024-10-20 13:45:24 -04:00
Daniel Micay
5d28d1e87f switch to systemd-based initramfs 2024-10-19 13:54:54 -04:00
Daniel Micay
960d08b3e6 drop global environment configuration for less
This is being handled per-user now.
2024-10-18 12:44:37 -04:00
Daniel Micay
7eeddfcffd raise journal size for discuss.grapheneos.org 2024-10-14 06:30:16 -04:00
Daniel Micay
703e504928 raise journal size for matrix.grapheneos.org 2024-10-14 06:29:24 -04:00
Daniel Micay
652ca46ed9 raise journal size for 0.grapheneos.org 2024-10-14 06:28:03 -04:00
Daniel Micay
3d80dc4eed add dependencies for session ticket rotation unit 2024-10-14 06:13:15 -04:00
Daniel Micay
2ddd98d485 cleanup session ticket key units 2024-10-14 06:11:32 -04:00
Daniel Micay
05d903ae3f move umask to systemd unit configuration 2024-10-14 06:11:32 -04:00
Daniel Micay
9ec62a0b79 move session ticket mount to fstab 2024-10-14 06:00:42 -04:00
Daniel Micay
cbed8c0b42 use standard override.conf name for unit overrides 2024-10-13 21:27:51 -04:00
Daniel Micay
26bedef1a1 enable ManagedOOMSwap=kill for root slice 2024-10-13 05:26:08 -04:00
Daniel Micay
e0fa670834 update python dependencies 2024-10-11 02:44:17 -04:00
Daniel Micay
b91653c696 enable systemd-oomd.service during initial deployment 2024-10-10 23:48:01 -04:00
Daniel Micay
a410e5aac6 enable sysstat.service during initial deployment 2024-10-10 23:47:40 -04:00
Daniel Micay
ce3ab7802c certbot: add gs-loc.apple.grapheneos.org 2024-09-26 14:55:04 -04:00
Daniel Micay
051a8bddf7 add disconnect script 2024-09-25 17:44:13 -04:00
Daniel Micay
858a99a534 raise discuss.grapheneos.org journal size 2024-09-23 13:22:14 -04:00
Daniel Micay
3578236a7d force DMARC enforcement for hotmail.com and live.com 2024-09-15 01:31:08 -04:00
Daniel Micay
167618930b update for pacman 7.0.0 download sandbox 2024-09-15 01:14:01 -04:00
Daniel Micay
ea3d577ac6 use incrementing auto-restart delay 2024-09-15 00:20:45 -04:00
Daniel Micay
76c1ae3aaf enable auto-restart for unbound and chronyd 2024-09-14 22:27:40 -04:00
Daniel Micay
b04898594a add valkey to discuss.grapheneos.org 2024-09-14 20:43:30 -04:00
Daniel Micay
1f411314b5 enable indefinite service restarts 2024-09-14 20:16:10 -04:00
Daniel Micay
a787d6c446 use default RestartSec for nginx 2024-09-14 20:16:10 -04:00
Daniel Micay
b268bd4e59 raise journal size for EU website server 2024-09-13 06:32:39 -04:00
Daniel Micay
bdc6ee4a95 raise journal size for NA network servers 2024-09-12 18:59:55 -04:00
Daniel Micay
0e3b64f259 update python dependencies 2024-09-05 20:58:00 -04:00
Daniel Micay
ae774a4661 drop base-devel from grapheneos.social
The package is now working around this issue.
2024-09-05 20:56:58 -04:00
Daniel Micay
b6d8ef1500 add intended CrashAction configuration 2024-08-18 19:49:51 -04:00
Daniel Micay
9638832f82 switch back to MaxRetentionSec now that it's fixed
The fix for this causing excessive log rotation was backported to systemd 256.5.
2024-08-18 19:41:04 -04:00
Daniel Micay
4dc70b8df7 update journald.conf 2024-08-18 19:28:57 -04:00
Daniel Micay
0dfe08d66e add stress package to all servers
This is useful for regularly done testing and doesn't pull in a huge
number of dependencies like stress-ng.
2024-08-11 18:30:34 -04:00
Daniel Micay
37842e4d17 temporarily add base-devel to grapheneos.social
Needed to work around a Ruby dependency issue.
2024-08-11 17:51:10 -04:00
Daniel Micay
27bd153454 nftables: use allowlist for ICMP types 2024-07-25 23:13:29 -04:00
Daniel Micay
437c5a5f3d raise journal file size for grapheneos.social 2024-07-25 11:59:56 -04:00
Daniel Micay
edfe1fae10 extend info fetching to sysctl values 2024-07-24 16:58:11 -04:00
Daniel Micay
80d15552dd add mutt to mail.grapheneos.org for inspecting service accounts 2024-07-13 19:39:31 -04:00
Daniel Micay
c6cd78e707 force DMARC enforcement for outlook.com 2024-07-08 10:38:42 -04:00
Daniel Micay
e3c2c1565d ovh-mitigation: add checking/toggling firewall 2024-07-05 00:40:20 -04:00
Daniel Micay
e8403c3098 update python dependencies 2024-07-05 00:32:25 -04:00