Daniel Micay
|
8708b133e5
|
update python dependencies
|
2023-12-03 23:52:09 -05:00 |
|
Daniel Micay
|
c1a826278e
|
add widevineprovisioning.grapheneos.org
|
2023-12-02 02:16:42 -05:00 |
|
Daniel Micay
|
d99ca0a43f
|
switch to development release of matterbridge
|
2023-12-02 02:16:24 -05:00 |
|
Daniel Micay
|
bed640859d
|
update python dependencies
|
2023-11-20 22:43:56 -05:00 |
|
Daniel Micay
|
f9bd8e2476
|
switch domain order for nameserver certbot setup
|
2023-11-05 01:33:56 -05:00 |
|
Daniel Micay
|
ebd0c7d8d0
|
add staging nameserver certbot setup
|
2023-11-05 01:32:44 -05:00 |
|
Daniel Micay
|
38bb002a01
|
add authenticated DNS-over-TLS to nameservers
|
2023-11-05 00:51:33 -04:00 |
|
Daniel Micay
|
3a92693611
|
move PowerDNS webserver to localhost port 81
|
2023-11-05 00:31:54 -04:00 |
|
Daniel Micay
|
c959f8bc5b
|
drop jdk-openjdk from attestation servers
|
2023-11-04 16:31:03 -04:00 |
|
Daniel Micay
|
a10afab253
|
update Python dependencies
|
2023-10-24 14:16:54 -04:00 |
|
Orazio
|
9aba6192e7
|
unbound: block dns rebinding
Blocking RFC 1918 addresses too is unlikely to be useful on your setup, but may be in case you add something like a VPC in the future.
|
2023-10-04 10:26:16 -04:00 |
|
Daniel Micay
|
cb0007f816
|
update python dependencies
|
2023-10-03 11:39:02 -04:00 |
|
Daniel Micay
|
a4af9e2faf
|
add ephemeral-trees directory to pacreport
|
2023-10-01 09:04:41 -04:00 |
|
Daniel Micay
|
c29206dff6
|
update python dependencies
|
2023-10-01 08:41:06 -04:00 |
|
Daniel Micay
|
ffff417df9
|
mastodon package now declares proper dependencies
|
2023-09-24 22:21:09 -04:00 |
|
Daniel Micay
|
1f7ea042fe
|
expand host variable declarations
|
2023-09-18 03:29:23 -04:00 |
|
Daniel Micay
|
15f1cbcd02
|
nginx: drop ExecStart override
|
2023-09-18 02:41:59 -04:00 |
|
Daniel Micay
|
90411f367c
|
update OCSP cache path for certbot-renew.service
|
2023-09-02 15:07:28 -04:00 |
|
Daniel Micay
|
067b42213f
|
update ocsp cache path for certbot deploy hook
|
2023-08-21 03:20:50 -04:00 |
|
Daniel Micay
|
adec4b9bda
|
certbot: drop absolute path for deploy hook
|
2023-08-21 03:19:47 -04:00 |
|
Daniel Micay
|
a92156528a
|
add nftables dscp counter config to guide
|
2023-08-19 00:46:21 -04:00 |
|
Daniel Micay
|
104c1857d9
|
add vconsole.conf to pacreport.conf
|
2023-08-19 00:37:54 -04:00 |
|
Daniel Micay
|
14da5949f2
|
add fstrim/xfs_fsr configuration to pacreport.conf
|
2023-08-19 00:37:00 -04:00 |
|
Daniel Micay
|
5a86b91909
|
update pip-compile command
|
2023-08-19 00:27:56 -04:00 |
|
Daniel Micay
|
9419af1bd6
|
use af21 for unbound DoT traffic
|
2023-08-19 00:20:21 -04:00 |
|
Daniel Micay
|
e1af23a478
|
add attestation service config for email
|
2023-08-18 23:57:44 -04:00 |
|
Daniel Micay
|
343d1fdb2f
|
add mtr package
|
2023-08-16 22:55:53 -04:00 |
|
Daniel Micay
|
b88d0d5c96
|
raise ssh background traffic priority to af11
The default cs1 is resulting traffic being completely dropped for some
routes with congestion.
|
2023-08-14 23:32:00 -04:00 |
|
Daniel Micay
|
ae2fc9244b
|
support drop-in configurations for ssh configs
|
2023-08-11 11:36:08 -04:00 |
|
Daniel Micay
|
894f150a62
|
use CAKE no-split-gso for release servers
|
2023-08-06 23:18:53 -04:00 |
|
Daniel Micay
|
4160e5a6b7
|
chrony: mark traffic as EF
|
2023-08-04 17:20:25 -04:00 |
|
Daniel Micay
|
2f56bae4a5
|
use consistent naming for system drop-in configs
|
2023-08-04 14:45:15 -04:00 |
|
Daniel Micay
|
e56add4330
|
run fstrim daily instead of weekly
|
2023-08-04 14:38:41 -04:00 |
|
Daniel Micay
|
b67d037a5e
|
add xfs_fsr service run before fstrim service
|
2023-08-03 16:35:53 -04:00 |
|
Daniel Micay
|
124897ccba
|
update systemd/system.conf
|
2023-08-01 18:06:28 -04:00 |
|
Daniel Micay
|
7a95f6bfb4
|
update systemd/networkd.conf
|
2023-08-01 18:05:17 -04:00 |
|
Daniel Micay
|
2703b7a378
|
add pv package
|
2023-07-28 23:24:40 -04:00 |
|
Daniel Micay
|
53b46f6166
|
set correct subnet mask for BuyVM main IP
|
2023-07-28 00:12:05 -04:00 |
|
Daniel Micay
|
5e07ae005b
|
use idle scheduling for fstrim.service
|
2023-07-26 13:21:24 -04:00 |
|
Daniel Micay
|
0e37437f0c
|
update python dependencies
|
2023-07-26 03:41:24 -04:00 |
|
Daniel Micay
|
39c15372a2
|
add ioping package
|
2023-07-26 03:40:57 -04:00 |
|
Daniel Micay
|
e3b8692914
|
add buyvm and ovh hosts arrays
|
2023-07-24 21:31:24 -04:00 |
|
Daniel Micay
|
1173060c25
|
ssh: switch to AES256-GCM to use AES-NI
|
2023-07-22 16:39:37 -04:00 |
|
Daniel Micay
|
a164ca80c7
|
disable unused multilib repository
|
2023-07-18 16:58:34 -04:00 |
|
Daniel Micay
|
13d4dcb39e
|
only discard swapfile at mount time
|
2023-07-18 16:41:39 -04:00 |
|
Daniel Micay
|
6a8529e1a3
|
enable discard support for swapfile dm-crypt
|
2023-07-18 16:41:35 -04:00 |
|
Daniel Micay
|
f7402790d1
|
blacklist virtio_console module
|
2023-07-17 02:21:12 -04:00 |
|
Daniel Micay
|
20590d561a
|
blacklist snd_intel8x0 module
|
2023-07-17 01:50:56 -04:00 |
|
Daniel Micay
|
8f4431582c
|
blacklist sr_mod module
|
2023-07-17 01:47:44 -04:00 |
|
Daniel Micay
|
f3d7d763de
|
add dns-stats script
|
2023-07-16 02:18:17 -04:00 |
|