Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-09-30 04:25:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
454 Commits 1 Branch 0 Tags 1.8 MiB
54490cf662
Commit Graph

454 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
455ef92c18 disable chrony client log 
This is only needed to support clients using the interleaved mode. We
only use chrony as a server on our network servers and the clients are
only using SNTP via xtra-daemon so we don't need this. This frees up a
little bit of memory and avoids having a list of recent clients stored
in memory.
 2024-03-20 23:24:57 -04:00
Daniel Micay
e1df22a68f clean up session ticket rotation scripts 2024-03-20 22:55:40 -04:00
Daniel Micay
f35dc08868 split grapheneos.org hosts array 2024-03-18 21:10:47 -04:00
Daniel Micay
f6d6b0584b use larger journal for matrix.grapheneos.org too 2024-03-17 19:47:36 -04:00
Daniel Micay
bcfa2aef63 add basic inputrc 2024-03-14 15:48:53 -04:00
Daniel Micay
d5653b25f2 increase 0.grapheneos.network journal size 2024-03-12 11:40:26 -04:00
Daniel Micay
d57ca21e06 add sqlite-analyzer to attestation servers 2024-03-08 11:54:02 -05:00
Daniel Micay
e9d90bf88b lsof replaced with lsfd 2024-03-06 16:53:42 -05:00
Daniel Micay
c8d359af57 disable mkinitcpio fallback image 2024-03-04 13:13:58 -05:00
Daniel Micay
8591cb9354 raise 2.grapheneos.network journal size to 2G 2024-03-03 15:47:19 -05:00
Daniel Micay
14174e90f4 nginx-rotate-session-ticket-keys: drop unnecessary time sync 2024-03-03 09:57:30 -05:00
Daniel Micay
fb8775bb85 use checksum-based rsync 2024-03-03 09:55:02 -05:00
Daniel Micay
d8b70fce4f raise journal size for high log volume servers 2024-03-01 10:05:39 -05:00
Daniel Micay
16e3df0c39 raise max log size for OVH network instances 2024-02-29 13:58:38 -05:00
Daniel Micay
67a71a5cd3 count: drop 3rd gen Pixels 2024-02-24 19:19:59 -05:00
Daniel Micay
23207e99bf replace 4.releases.grapheneos.org server 2024-02-24 10:34:52 -05:00
Daniel Micay
c9cceb3bc0 explicit set XFS allocation group count 2024-02-24 10:28:10 -05:00
Daniel Micay
e0d5ff2fb2 enable deploy-initial script 2024-02-24 10:22:19 -05:00
Daniel Micay
b185e04a2c update install image to 2024.02.01 2024-02-24 10:21:24 -05:00
Daniel Micay
0899b7e984 update python dependencies 2024-02-23 13:04:36 -05:00
Daniel Micay
827324d15d stop generating unused en_US.UTF-8 locale 
We only use the C.UTF-8 locale now.
 2024-02-15 13:56:29 -05:00
Daniel Micay
5b25870f96 enable reboot on systemd crash caught systemd 2024-02-13 13:07:51 -05:00
Daniel Micay
2e7058e9c4 replace certbot log rotation with logrotate 2024-02-13 12:38:14 -05:00
Daniel Micay
e81e9feef3 replace MaxRetentionSec to stop excessive rotation 2024-02-13 11:30:56 -05:00
Daniel Micay
d39937fc6c disable currently unused energy aware scheduling 2024-02-12 16:13:45 -05:00
Daniel Micay
bd9a3d97d7 update python dependencies 2024-02-08 15:08:27 -05:00
Daniel Micay
81307b3bb9 add authorized_keys to gitignore 2024-02-03 17:48:56 -05:00
Daniel Micay
86d582ba2b add stripped down initial deployment script 2024-02-03 17:47:41 -05:00
Daniel Micay
154811ab1e add uptime to dns stats 2024-02-03 17:30:22 -05:00
Daniel Micay
963921413e add 8th generation Pixels to count script 2024-02-02 14:46:39 -05:00
Daniel Micay
a010e02c52 use leaner format for update log output 2024-02-02 07:26:36 -05:00
Daniel Micay
6989905361 add updatedb drop-in unit to pacreport exclusions 2024-02-01 18:01:06 -05:00
Daniel Micay
d583da0a65 disable sending console output to unused ttyS0 2024-02-01 16:39:33 -05:00
Daniel Micay
2fe25c5218 grub: remove extra space 2024-01-31 21:28:14 -05:00
Daniel Micay
69c7803b31 update python dependencies 2024-01-30 14:37:31 -05:00
Daniel Micay
4371062b71 add sshpass on mail.grapheneos.org 2024-01-26 00:41:51 -05:00
Daniel Micay
50de6d59c0 switch main domain for ECDSA mail server cert 2024-01-25 12:55:57 -05:00
Daniel Micay
88eba9a5fe update copyright notice 2024-01-25 01:57:18 -05:00
Daniel Micay
a5fa9f930f update certbot-ocsp-fetcher 2024-01-25 01:23:49 -05:00
Daniel Micay
0e3521564c replace mail.grapheneos.org server 2024-01-24 22:53:09 -05:00
Daniel Micay
da98484270 replace attestation.app server 2024-01-23 19:15:19 -05:00
Daniel Micay
7213c1745a replace 2.grapheneos.org and 2.grapheneos.network 2024-01-22 01:39:38 -05:00
Daniel Micay
4714b0bdb9 replace discuss.grapheneos.org server 2024-01-20 23:36:30 -05:00
Daniel Micay
6a0481714f replace 0.grapheneos.org and 0.grapheneos.network 2024-01-20 00:59:00 -05:00
Daniel Micay
8d1782161f stop sending external ADoT queries through unbound 2024-01-19 13:44:47 -05:00
Daniel Micay
5ed0c02e99 nftables: extend notrack rules for ADoT changes 2024-01-19 12:51:52 -05:00
Daniel Micay
a954a4a024 use clean syntax for IPv6 address 2024-01-18 08:44:19 -05:00
Daniel Micay
d22b380520 replace ns1.grapheneos.org server 2024-01-18 08:19:33 -05:00
Daniel Micay
d44a316624 disable 32-bit support via kernel line 
This is now supported in mainline and will be available in Linux 6.7. It
will be a while before we have it in production due to using the latest
LTS branch, but it might as well be set up in advance.

We currently have SystemCallArchitectures=native in the systemd
configuration to disallow 32-bit system calls via seccomp-bpf.
 2024-01-03 11:10:07 -05:00
Daniel Micay
dd9d6ff2a5 disable unused multipath TCP 2024-01-03 10:52:27 -05:00