Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-10-01 00:55:42 -04:00
Code Issues Packages Projects Releases Wiki Activity
115 Commits 1 Branch 0 Tags 1.8 MiB
88d8e37233
Commit Graph

115 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
1a195570c8 sshd: disable unused agent forwarding feature 
This is a misguided feature and while this doesn't meaningfully reduce
attack surface, it makes sense not to enable it.
 2022-07-11 19:57:42 -04:00
Daniel Micay
1d9d5df54c unbound: only listen on IPv6 2022-07-10 15:41:10 -04:00
Daniel Micay
710d487e78 qname-minimisation is enabled by default now 2022-07-03 09:30:44 -04:00
Daniel Micay
f957d83855 add resolv.conf 2022-07-03 09:05:41 -04:00
Daniel Micay
829ea23e8d lower conntrack established tcp connection timeout 2022-07-03 05:28:54 -04:00
Daniel Micay
1c47cd88ab disable loose TCP connection tracking 2022-07-03 03:50:53 -04:00
Daniel Micay
9dbc7347b5 directory for nginx unix domain sockets in /run 2022-07-02 13:10:42 -04:00
Daniel Micay
765704b07f style fix 2022-06-30 07:05:13 -04:00
Daniel Micay
32074453eb nftables: use numeric port format 2022-06-30 07:02:34 -04:00
Daniel Micay
01f9274fc4 nftables: implement output filtering for loopback 2022-06-30 06:41:52 -04:00
Daniel Micay
fea9197ace disable unused chrony command port 2022-06-30 03:08:28 -04:00
Daniel Micay
e0ab41c4f4 nftables: friendlier output traffic filtering 2022-06-29 21:27:01 -04:00
Daniel Micay
3ca0c347c6 add baseline nftables configurations 2022-06-29 10:53:07 -04:00
Daniel Micay
52d67a3085 add chrony configuration 2022-06-29 10:51:41 -04:00
Daniel Micay
f6435cae74 reduce tcp retransmission attempts 2022-06-29 03:58:53 -04:00
Daniel Micay
905ff4d433 update mirrorlist 2022-06-06 12:18:19 -04:00
Daniel Micay
e73dab2375 update systemd/system.conf 2022-05-22 15:57:02 -04:00
Daniel Micay
8c81a44d6d update mirrorlist and switch to NA pkgbuild.com 2022-05-02 00:56:41 -04:00
Daniel Micay
4a732879f3 update grub configuration 2022-03-16 22:56:06 -04:00
Daniel Micay
962270c183 update system.conf 2022-03-14 15:08:14 -04:00
Daniel Micay
adb1ab92b3 update mirrorlist 2022-03-12 12:06:17 -05:00
Daniel Micay
72937c922f add new file limit configuration for sshd 2022-02-25 19:31:35 -05:00
Daniel Micay
8ad991e8c5 add locale configuration 2022-02-15 01:03:56 -05:00
Void
151a761d2b Fix readme 2021-12-16 12:43:34 -05:00
Daniel Micay
ed3824208d update mirrorlist 2021-12-12 18:57:48 -05:00
Daniel Micay
19d0e86112 add sshd_config.tmp to gitignore 2021-11-30 13:02:57 -05:00
Daniel Micay
f1005cf339 user-based whitelist for ssh access 2021-11-27 20:33:48 -05:00
Daniel Micay
9f82fe54bd use double brace for templates 2021-11-27 20:25:47 -05:00
Daniel Micay
693655f5bc blacklist unused intel_agp driver 2021-11-27 18:45:10 -05:00
Daniel Micay
6bbe5bc95a blacklist unused mouse/joystick drivers 2021-11-27 18:16:13 -05:00
Daniel Micay
47a765066c blacklist unused virtio_balloon driver 2021-11-27 18:16:09 -05:00
Daniel Micay
73a78746f1 hard-wire ext4 as the only initramfs filesystem 2021-11-27 17:11:38 -05:00
Daniel Micay
00c21469df add mkinitcpio.conf 2021-11-27 17:09:26 -05:00
Daniel Micay
7671f6b795 switch to a more consistent mirror 2021-11-26 18:08:17 -05:00
Daniel Micay
91c9fd275e update system-login 2021-11-21 22:38:36 -05:00
Daniel Micay
932b117824 blacklist useless floppy module too 2021-11-17 14:34:19 -05:00
Daniel Micay
96c77bf78a update mirrorlist 2021-11-14 09:43:30 -05:00
Daniel Micay
4a6474cb56 128k tcp_notsent_lowat to improve fairness/latency 2021-10-02 15:45:21 -04:00
Daniel Micay
35f539f237 only permit native system call architecture 2021-09-16 03:57:53 -04:00
Daniel Micay
87e8cdd144 blacklist useless pcspkr module 2021-09-15 00:33:38 -04:00
Daniel Micay
f5e61e0ca7 unbound: enable prefetch and prefetch-key 2021-09-14 23:58:14 -04:00
Daniel Micay
e4872fb5bb enable IP and IO accounting by default 2021-09-09 08:44:11 -04:00
Daniel Micay
64b3a1031d move units to systemd directory 2021-09-08 17:57:50 -04:00
Daniel Micay
fe9d4e0f5f add systemd directory 2021-09-08 17:53:20 -04:00
Daniel Micay
e5fdf74ce6 disable deprecated pam user_readenv feature 2021-09-08 17:12:34 -04:00
Daniel Micay
e8c34cb913 enable networkd speed meter 2021-09-08 04:38:26 -04:00
Daniel Micay
964473b6c2 add IPv6 DNS resolvers 2021-09-08 04:08:36 -04:00
Daniel Micay
98ca37290a grub configuration for legacy boot 2021-09-08 03:30:41 -04:00
Daniel Micay
5eead0ad5a disable unprivileged userns for regular kernels 2021-09-07 22:50:57 -04:00
Daniel Micay
87db85274a sshd: raise MaxStartups to 4096 2021-09-06 02:42:22 -04:00