Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-12-23 14:09:23 -05:00
Code Issues Packages Projects Releases Wiki Activity
494 Commits 1 Branch 0 Tags 1.9 MiB
167618930b
Commit Graph

494 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
167618930b update for pacman 7.0.0 download sandbox 2024-09-15 01:14:01 -04:00
Daniel Micay
ea3d577ac6 use incrementing auto-restart delay 2024-09-15 00:20:45 -04:00
Daniel Micay
76c1ae3aaf enable auto-restart for unbound and chronyd 2024-09-14 22:27:40 -04:00
Daniel Micay
b04898594a add valkey to discuss.grapheneos.org 2024-09-14 20:43:30 -04:00
Daniel Micay
1f411314b5 enable indefinite service restarts 2024-09-14 20:16:10 -04:00
Daniel Micay
a787d6c446 use default RestartSec for nginx 2024-09-14 20:16:10 -04:00
Daniel Micay
b268bd4e59 raise journal size for EU website server 2024-09-13 06:32:39 -04:00
Daniel Micay
bdc6ee4a95 raise journal size for NA network servers 2024-09-12 18:59:55 -04:00
Daniel Micay
0e3b64f259 update python dependencies 2024-09-05 20:58:00 -04:00
Daniel Micay
ae774a4661 drop base-devel from grapheneos.social 
The package is now working around this issue.
 2024-09-05 20:56:58 -04:00
Daniel Micay
b6d8ef1500 add intended CrashAction configuration 2024-08-18 19:49:51 -04:00
Daniel Micay
9638832f82 switch back to MaxRetentionSec now that it's fixed 
The fix for this causing excessive log rotation was backported to systemd 256.5.
 2024-08-18 19:41:04 -04:00
Daniel Micay
4dc70b8df7 update journald.conf 2024-08-18 19:28:57 -04:00
Daniel Micay
0dfe08d66e add stress package to all servers 
This is useful for regularly done testing and doesn't pull in a huge
number of dependencies like stress-ng.
 2024-08-11 18:30:34 -04:00
Daniel Micay
37842e4d17 temporarily add base-devel to grapheneos.social 
Needed to work around a Ruby dependency issue.
 2024-08-11 17:51:10 -04:00
Daniel Micay
27bd153454 nftables: use allowlist for ICMP types 2024-07-25 23:13:29 -04:00
Daniel Micay
437c5a5f3d raise journal file size for grapheneos.social 2024-07-25 11:59:56 -04:00
Daniel Micay
edfe1fae10 extend info fetching to sysctl values 2024-07-24 16:58:11 -04:00
Daniel Micay
80d15552dd add mutt to mail.grapheneos.org for inspecting service accounts 2024-07-13 19:39:31 -04:00
Daniel Micay
c6cd78e707 force DMARC enforcement for outlook.com 2024-07-08 10:38:42 -04:00
Daniel Micay
e3c2c1565d ovh-mitigation: add checking/toggling firewall 2024-07-05 00:40:20 -04:00
Daniel Micay
e8403c3098 update python dependencies 2024-07-05 00:32:25 -04:00
Daniel Micay
66c512b65f reduce SSH liveness check timeout to ~2 minutes 2024-07-02 18:06:47 -04:00
Daniel Micay
01201c0ece disable io_uring without CAP_SYS_ADMIN or io_uring group 2024-07-01 23:15:38 -04:00
Tommy
6e6957876e Update certbot-ocsp-fetcher to match upstream 2024-07-01 21:37:10 -04:00
Daniel Micay
84b2193808 switch to noswap tmpfs from ramfs for session ticket keys 2024-06-28 12:44:31 -04:00
Daniel Micay
ba2540c3fe add directory for home directory files 2024-06-27 10:13:15 -04:00
Tommy
6fc45525d9 Add NoNewPrivileges=true for certbot 2024-06-24 11:55:59 -04:00
Tommy
55221c8e44 Sort NGINX override alphabetically 
Everything is already sorted alphabetically, but for some reason NoNewPrivileges is above MemoryDenyWriteExecute
 2024-06-24 11:36:36 -04:00
Tommy
0e4d94e550 Remove redundant PrivateTmp=true 2024-06-24 11:18:11 -04:00
Daniel Micay
4382120e37 set umask for encrypted swapfile creation 2024-06-21 22:36:27 -04:00
Daniel Micay
597f534d63 increase journal file size for 3.grapheneos.network 2024-06-21 16:51:36 -04:00
Daniel Micay
f7643fa8b7 reorder initial deployment 2024-06-19 11:54:08 -04:00
Daniel Micay
4c52595bfd drop unmodified hosts file 2024-06-19 11:49:13 -04:00
Daniel Micay
54181d3031 increase journal size for update servers 2024-06-19 11:42:42 -04:00
Daniel Micay
65e2b8b109 increase journal size for network servers 2024-06-19 11:38:22 -04:00
Daniel Micay
1dc26ba006 add VerifyHostKeyDNS ask to ssh_config 2024-06-18 14:25:16 -04:00
Daniel Micay
4475df98a4 deploy nftables rules in deploy-initial 2024-06-18 14:15:19 -04:00
Daniel Micay
f40a017ec3 add nftables configuration mapping to hosts.sh 2024-06-18 13:55:18 -04:00
Daniel Micay
662a2d3522 update configuration for systemd 256 2024-06-18 13:16:03 -04:00
Daniel Micay
54490cf662 update python dependencies 2024-06-17 23:52:00 -04:00
Daniel Micay
d103f6cdf3 simplify deployment script usage 2024-06-17 18:29:28 -04:00
Daniel Micay
750cd5e985 replace urandom with random 
These both use the same CSPRNG on modern kernels, but random waits for
CSPRNG initialization instead of only attempting to initialize it.
 2024-06-17 15:04:13 -04:00
Daniel Micay
ce1fef8c0e use per-server package list for deploy-initial 2024-06-17 15:00:36 -04:00
Daniel Micay
73a88e36ad replace 3.grapheneos.org and 3.grapheneos.network 2024-06-15 14:02:29 -04:00
Daniel Micay
55e7cadc02 update deploy-initial image version 2024-06-15 13:36:29 -04:00
Daniel Micay
7a78e3bd07 count: add akita 2024-06-11 22:56:05 -04:00
Daniel Micay
aefa91830e update python dependencies 2024-06-08 14:34:08 -04:00
Daniel Micay
8e9fe48605 update python dependencies 2024-06-06 00:26:45 -04:00
Daniel Micay
1ed92eb04c short ISRG Root X1 chain is now the default 2024-06-04 13:26:50 -04:00