Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-07-01 16:51:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
321 Commits 1 Branch 0 Tags 1.7 MiB
2fe25c5218
Commit Graph

321 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
1abf27d74e blacklist tls kernel module 
This gets autoloaded unnecessarily. If we ever start using KTLS, we can
remove this on the servers where we want it.
 2023-07-08 01:11:11 -04:00
Daniel Micay
2bc3eb4857 add information fetch scripts 2023-07-08 01:10:56 -04:00
Daniel Micay
bb2b23bec3 add 3.grapheneos.network package list 2023-07-08 01:03:38 -04:00
Daniel Micay
3400e1f481 add stats scripts 2023-07-08 01:03:22 -04:00
Daniel Micay
5d07b89e77 specify python3 in setup script 2023-07-06 22:12:26 -04:00
Daniel Micay
48c9636fbd set proper mail.grapheneos.org certbot hook 2023-07-06 18:54:48 -04:00
Daniel Micay
92456a8327 add missing dependencies for mastodon 2023-07-06 18:47:33 -04:00
Daniel Micay
8eac68bc26 add hosts configuration file 2023-07-06 18:41:32 -04:00
Daniel Micay
8ac489c9aa allow nginx master process to use CAP_CHOWN 
This is required for it to create the /var directories it uses when the
master process is running as root. It would be possible to run the nginx
master process as non-root but it doesn't drop ambient capabilities when
it spawns the workers so running the master process as non-root will end
up giving the workers higher privileges due to them ending up getting
the CAP_NET_BIND_SERVICE capability passed through.
 2023-07-06 05:30:35 -04:00
Daniel Micay
2cf694017b silence systemd-networkd address prefix warning 
It does the right thing by default now but it still produces a warning,
so silence it.
 2023-07-06 04:39:16 -04:00
Daniel Micay
5777fa38ae add network configuration for 1.grapheneos.network 2023-07-06 04:30:23 -04:00
Daniel Micay
2f4e9f67c4 set log retention time per server 2023-07-06 00:17:05 -04:00
Daniel Micay
5ea36399d1 rename 1.grapheneos.network to 2.grapheneos.network 2023-07-05 17:31:48 -04:00
Daniel Micay
a97e039314 rename 2.grapheneos.network to 3.grapheneos.network 2023-07-05 17:31:30 -04:00
Daniel Micay
626653c23e add 3.grapheneos.org package list 2023-07-03 21:35:48 -04:00
Daniel Micay
affc4518da rename OVH mitigation script 2023-07-03 18:35:43 -04:00
Daniel Micay
45c79b3909 drop legacy connectivity check subdomain 2023-07-03 17:03:17 -04:00
Daniel Micay
37bf4935f1 drop mail server specific certbot configuration 
The mail server is now using the webroot authentication method via nginx
due to moving the MTA-STS web service to the mail server.
 2023-06-30 15:47:33 -04:00
Daniel Micay
8114047b9b add new website server instance 2023-06-30 15:45:09 -04:00
Daniel Micay
52a1e9f18e remove unused qemu-guest-agent package 2023-06-30 12:22:01 -04:00
Daniel Micay
d8d721ecd9 update python dependencies 2023-06-30 10:53:45 -04:00
Daniel Micay
9cec692b28 fix staging.attestation.app name for certbot 2023-06-29 13:25:10 -04:00
Daniel Micay
2641d41169 move staging.attestation.app to BuyVM 2023-06-29 13:14:50 -04:00
Daniel Micay
f9bee29ab8 move staging.grapheneos.org to BuyVM 2023-06-23 14:41:01 -04:00
Daniel Micay
82bf5e752c add mail.grapheneos.net fallback name for MX 2023-06-23 11:59:52 -04:00
Daniel Micay
4089b07be1 rename staging nameserver package list 2023-06-22 16:03:11 -04:00
Daniel Micay
3c1c21f1a1 update package lists for split ns2.grapheneos.org 2023-06-22 16:02:12 -04:00
Daniel Micay
129af30134 add nginx to mail.grapheneos.org 2023-06-22 15:58:13 -04:00
Daniel Micay
2f4218fc77 move ns1.staging.grapheneos.org to BuyVM 2023-06-22 12:41:26 -04:00
Daniel Micay
254e628a79 move staging.ns1.grapheneos.org to ns1.staging.grapheneos.org 2023-06-22 00:27:08 -04:00
Daniel Micay
f1d9c0693e disable link-local addressing 2023-06-21 23:10:09 -04:00
Daniel Micay
384c29bd5e simplify route metric configuration 2023-06-21 22:56:50 -04:00
Daniel Micay
d128124200 move website server mta-sts to mail server 2023-06-21 14:53:07 -04:00
Daniel Micay
4abeaf06f5 move network server mta-sts to mail server 2023-06-21 14:43:06 -04:00
Daniel Micay
884906f160 move mta-sts.seamlessupdate.app to mail server 2023-06-21 14:37:46 -04:00
Daniel Micay
5c6f540cf3 move mta-sts.matrix.grapheneos.org to mail server 2023-06-21 14:31:49 -04:00
Daniel Micay
dc840b7925 move mta-sts.grapheneos.social to mail server 2023-06-21 14:20:43 -04:00
Daniel Micay
aa89e675d6 move mta-sts.discuss.grapheneos.org to mail server 2023-06-21 14:20:21 -04:00
Daniel Micay
95e0c68cb0 move mta-sts.attestation.app to mail server 2023-06-21 13:59:46 -04:00
Daniel Micay
3034c845c9 move mta-sts.mail.grapheneos.org to mail server 2023-06-21 13:51:09 -04:00
Daniel Micay
a07fa271e3 fix domain for mail.grapheneos.org certbot init 2023-06-21 13:40:43 -04:00
Daniel Micay
fdf3839571 prepare to move MTA-STS web server to mail server 2023-06-21 13:12:04 -04:00
Daniel Micay
3d869bcac7 split out anycast DNS nftables configuration 2023-06-19 03:28:59 -04:00
Daniel Micay
d0d72994e2 replace ns2.grapheneos.org network configuration 2023-06-16 20:30:29 -04:00
Daniel Micay
341861f886 add xfsprogs package 2023-06-16 13:54:06 -04:00
Daniel Micay
f9bd265028 nftables: drop unnecessary semicolons 2023-06-10 22:14:54 -04:00
Daniel Micay
27aca7474c drop no-op RemoveIPC 2023-06-10 20:42:37 -04:00
Daniel Micay
6223daec3f document DANE TLSA commands 2023-06-09 01:09:47 -04:00
Daniel Micay
dcb50a9085 add /etc/sysctl.d/local-reserved-ports.conf 2023-06-06 21:55:11 -04:00
Daniel Micay
48f855cf83 exclude /etc/sysconfig in pacreport.conf 2023-06-06 17:05:58 -04:00