Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-06-26 14:22:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
422 Commits 1 Branch 0 Tags 1.7 MiB
5ba6cbd3d1
Commit Graph

422 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
d583da0a65 disable sending console output to unused ttyS0 2024-02-01 16:39:33 -05:00
Daniel Micay
2fe25c5218 grub: remove extra space 2024-01-31 21:28:14 -05:00
Daniel Micay
69c7803b31 update python dependencies 2024-01-30 14:37:31 -05:00
Daniel Micay
4371062b71 add sshpass on mail.grapheneos.org 2024-01-26 00:41:51 -05:00
Daniel Micay
50de6d59c0 switch main domain for ECDSA mail server cert 2024-01-25 12:55:57 -05:00
Daniel Micay
88eba9a5fe update copyright notice 2024-01-25 01:57:18 -05:00
Daniel Micay
a5fa9f930f update certbot-ocsp-fetcher 2024-01-25 01:23:49 -05:00
Daniel Micay
0e3521564c replace mail.grapheneos.org server 2024-01-24 22:53:09 -05:00
Daniel Micay
da98484270 replace attestation.app server 2024-01-23 19:15:19 -05:00
Daniel Micay
7213c1745a replace 2.grapheneos.org and 2.grapheneos.network 2024-01-22 01:39:38 -05:00
Daniel Micay
4714b0bdb9 replace discuss.grapheneos.org server 2024-01-20 23:36:30 -05:00
Daniel Micay
6a0481714f replace 0.grapheneos.org and 0.grapheneos.network 2024-01-20 00:59:00 -05:00
Daniel Micay
8d1782161f stop sending external ADoT queries through unbound 2024-01-19 13:44:47 -05:00
Daniel Micay
5ed0c02e99 nftables: extend notrack rules for ADoT changes 2024-01-19 12:51:52 -05:00
Daniel Micay
a954a4a024 use clean syntax for IPv6 address 2024-01-18 08:44:19 -05:00
Daniel Micay
d22b380520 replace ns1.grapheneos.org server 2024-01-18 08:19:33 -05:00
Daniel Micay
d44a316624 disable 32-bit support via kernel line 
This is now supported in mainline and will be available in Linux 6.7. It
will be a while before we have it in production due to using the latest
LTS branch, but it might as well be set up in advance.

We currently have SystemCallArchitectures=native in the systemd
configuration to disallow 32-bit system calls via seccomp-bpf.
 2024-01-03 11:10:07 -05:00
Daniel Micay
dd9d6ff2a5 disable unused multipath TCP 2024-01-03 10:52:27 -05:00
Daniel Micay
d0e6159220 filter irrelevant module output 2024-01-03 10:18:15 -05:00
Daniel Micay
e581aeafb5 use idle CPU scheduling mode for updatedb 2024-01-03 10:10:04 -05:00
Daniel Micay
ae0373cc38 simplify log fetching 2023-12-24 20:21:06 -05:00
Daniel Micay
15a2fa132f disable services on IPv6 for discussion forum 2023-12-22 17:47:49 -05:00
Daniel Micay
8bfec062dc switch to nodejs 20 LTS branch 2023-12-21 20:12:55 -05:00
Daniel Micay
99973b1ca2 add mmdblookup to servers using geoip2 2023-12-21 09:49:36 -05:00
Daniel Micay
5a7110bee4 add geoip2 packages for discuss.grapheneos.org 2023-12-21 09:46:53 -05:00
Daniel Micay
5cef4a2aa6 allow geoipupdate internet access for discuss 2023-12-21 09:44:05 -05:00
Daniel Micay
dc4101f3de update systemd configuration files 2023-12-07 12:33:59 -05:00
Daniel Micay
8708b133e5 update python dependencies 2023-12-03 23:52:09 -05:00
Daniel Micay
c1a826278e add widevineprovisioning.grapheneos.org 2023-12-02 02:16:42 -05:00
Daniel Micay
d99ca0a43f switch to development release of matterbridge 2023-12-02 02:16:24 -05:00
Daniel Micay
bed640859d update python dependencies 2023-11-20 22:43:56 -05:00
Daniel Micay
f9bd8e2476 switch domain order for nameserver certbot setup 2023-11-05 01:33:56 -05:00
Daniel Micay
ebd0c7d8d0 add staging nameserver certbot setup 2023-11-05 01:32:44 -05:00
Daniel Micay
38bb002a01 add authenticated DNS-over-TLS to nameservers 2023-11-05 00:51:33 -04:00
Daniel Micay
3a92693611 move PowerDNS webserver to localhost port 81 2023-11-05 00:31:54 -04:00
Daniel Micay
c959f8bc5b drop jdk-openjdk from attestation servers 2023-11-04 16:31:03 -04:00
Daniel Micay
a10afab253 update Python dependencies 2023-10-24 14:16:54 -04:00
Orazio
9aba6192e7 unbound: block dns rebinding 
Blocking RFC 1918 addresses too is unlikely to be useful on your setup, but may be in case you add something like a VPC in the future.
 2023-10-04 10:26:16 -04:00
Daniel Micay
cb0007f816 update python dependencies 2023-10-03 11:39:02 -04:00
Daniel Micay
a4af9e2faf add ephemeral-trees directory to pacreport 2023-10-01 09:04:41 -04:00
Daniel Micay
c29206dff6 update python dependencies 2023-10-01 08:41:06 -04:00
Daniel Micay
ffff417df9 mastodon package now declares proper dependencies 2023-09-24 22:21:09 -04:00
Daniel Micay
1f7ea042fe expand host variable declarations 2023-09-18 03:29:23 -04:00
Daniel Micay
15f1cbcd02 nginx: drop ExecStart override 2023-09-18 02:41:59 -04:00
Daniel Micay
90411f367c update OCSP cache path for certbot-renew.service 2023-09-02 15:07:28 -04:00
Daniel Micay
067b42213f update ocsp cache path for certbot deploy hook 2023-08-21 03:20:50 -04:00
Daniel Micay
adec4b9bda certbot: drop absolute path for deploy hook 2023-08-21 03:19:47 -04:00
Daniel Micay
a92156528a add nftables dscp counter config to guide 2023-08-19 00:46:21 -04:00
Daniel Micay
104c1857d9 add vconsole.conf to pacreport.conf 2023-08-19 00:37:54 -04:00
Daniel Micay
14da5949f2 add fstrim/xfs_fsr configuration to pacreport.conf 2023-08-19 00:37:00 -04:00