Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-11-24 16:53:07 -05:00
Code Issues Projects Releases Packages Wiki Activity
712 commits 1 branch 0 tags 3.4 MiB
Commit graph

20 commits

Author SHA1 Message Date
Daniel Micay
3d0e2ffb23 expand SSH connection limit allowlist 2025-08-29 10:38:31 -04:00
Daniel Micay
cb01ad4f20 nftables: block IPv6 for forum web server 
We used to have this but it was lost during changes to our firewall
rules. We don't have an AAAA record for discuss.grapheneos.org to avoid
IPv6 connections but should also be explicitly blocking it. We're doing
this due to reliance on IP bans for registration to block spammers and
having IPv6 would greatly weaken it even if banning based on /64.
 2025-08-28 11:25:11 -04:00
Daniel Micay
0a810fd38f switch SSH IPv6 connection limit to /64 2025-08-23 22:21:27 -04:00
Daniel Micay
b4e1c96d74 nftables: drop obsolete synapse workaround 2025-08-23 21:05:28 -04:00
Daniel Micay
f54010112e switch to Unix socket for synapse 2025-08-22 16:59:05 -04:00
Daniel Micay
247f709df5 nftables: drop obsolete postgres stat collector rules 
PostgreSQL 15 removed the UDP-based statistics collector and replaced it
with a shared memory implementation.
 2025-08-22 13:14:17 -04:00
Daniel Micay
66d5c7602d nftables: mjolnir no longer connecting directly 2025-08-22 13:04:15 -04:00
Daniel Micay
4bf3955b38 nftables: pdns webserver moved to Unix socket 2025-08-22 12:43:38 -04:00
Daniel Micay
785ad04bbf rename update servers 2025-08-03 21:45:34 -04:00
Daniel Micay
58e107dd97 move zerotier-one to port 999 2025-07-23 00:26:41 -04:00
Daniel Micay
a948b7c244 move dnsdist control socket to port 55 
This avoids unnecessary overlap with our ephemeral port range.
 2025-07-23 00:26:41 -04:00
Daniel Micay
76b5b554ca nftables: simplify nameserver control socket rules 2025-07-23 00:26:41 -04:00
Daniel Micay
7153fcbc8a scale synproxy threshold based on conntrack max 2025-07-23 00:26:41 -04:00
Daniel Micay
5c41418606 nftables: add support for dnsdist control socket 2025-05-16 13:19:38 -04:00
Daniel Micay
e75172d57c replace nginx with dnsdist for DNS-over-TLS 2025-05-13 21:42:53 -04:00
Daniel Micay
a6d1e00d07 drop SSH connections to new anycast IPs 2025-05-05 17:29:56 -04:00
Daniel Micay
029882f051 set up certificate replication for ns1 replicas 2025-05-05 17:29:54 -04:00
Daniel Micay
2784008a65 nftables: add support for rage4 anycast for ns1 2025-05-03 18:13:20 -04:00
Daniel Micay
9556ca4b79 use 4.releases.grapheneos.org as primary instance 2025-04-25 00:47:28 -04:00
Daniel Micay
1f4d7316b8 reorganize configurations into etc directory 2025-04-15 12:53:49 -04:00