Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-12-22 13:45:02 -05:00
Code Issues Packages Projects Releases Wiki Activity
483 Commits 1 Branch 0 Tags 1.9 MiB
9638832f82
Commit Graph

483 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
9638832f82 switch back to MaxRetentionSec now that it's fixed 
The fix for this causing excessive log rotation was backported to systemd 256.5.
 2024-08-18 19:41:04 -04:00
Daniel Micay
4dc70b8df7 update journald.conf 2024-08-18 19:28:57 -04:00
Daniel Micay
0dfe08d66e add stress package to all servers 
This is useful for regularly done testing and doesn't pull in a huge
number of dependencies like stress-ng.
 2024-08-11 18:30:34 -04:00
Daniel Micay
37842e4d17 temporarily add base-devel to grapheneos.social 
Needed to work around a Ruby dependency issue.
 2024-08-11 17:51:10 -04:00
Daniel Micay
27bd153454 nftables: use allowlist for ICMP types 2024-07-25 23:13:29 -04:00
Daniel Micay
437c5a5f3d raise journal file size for grapheneos.social 2024-07-25 11:59:56 -04:00
Daniel Micay
edfe1fae10 extend info fetching to sysctl values 2024-07-24 16:58:11 -04:00
Daniel Micay
80d15552dd add mutt to mail.grapheneos.org for inspecting service accounts 2024-07-13 19:39:31 -04:00
Daniel Micay
c6cd78e707 force DMARC enforcement for outlook.com 2024-07-08 10:38:42 -04:00
Daniel Micay
e3c2c1565d ovh-mitigation: add checking/toggling firewall 2024-07-05 00:40:20 -04:00
Daniel Micay
e8403c3098 update python dependencies 2024-07-05 00:32:25 -04:00
Daniel Micay
66c512b65f reduce SSH liveness check timeout to ~2 minutes 2024-07-02 18:06:47 -04:00
Daniel Micay
01201c0ece disable io_uring without CAP_SYS_ADMIN or io_uring group 2024-07-01 23:15:38 -04:00
Tommy
6e6957876e Update certbot-ocsp-fetcher to match upstream 2024-07-01 21:37:10 -04:00
Daniel Micay
84b2193808 switch to noswap tmpfs from ramfs for session ticket keys 2024-06-28 12:44:31 -04:00
Daniel Micay
ba2540c3fe add directory for home directory files 2024-06-27 10:13:15 -04:00
Tommy
6fc45525d9 Add NoNewPrivileges=true for certbot 2024-06-24 11:55:59 -04:00
Tommy
55221c8e44 Sort NGINX override alphabetically 
Everything is already sorted alphabetically, but for some reason NoNewPrivileges is above MemoryDenyWriteExecute
 2024-06-24 11:36:36 -04:00
Tommy
0e4d94e550 Remove redundant PrivateTmp=true 2024-06-24 11:18:11 -04:00
Daniel Micay
4382120e37 set umask for encrypted swapfile creation 2024-06-21 22:36:27 -04:00
Daniel Micay
597f534d63 increase journal file size for 3.grapheneos.network 2024-06-21 16:51:36 -04:00
Daniel Micay
f7643fa8b7 reorder initial deployment 2024-06-19 11:54:08 -04:00
Daniel Micay
4c52595bfd drop unmodified hosts file 2024-06-19 11:49:13 -04:00
Daniel Micay
54181d3031 increase journal size for update servers 2024-06-19 11:42:42 -04:00
Daniel Micay
65e2b8b109 increase journal size for network servers 2024-06-19 11:38:22 -04:00
Daniel Micay
1dc26ba006 add VerifyHostKeyDNS ask to ssh_config 2024-06-18 14:25:16 -04:00
Daniel Micay
4475df98a4 deploy nftables rules in deploy-initial 2024-06-18 14:15:19 -04:00
Daniel Micay
f40a017ec3 add nftables configuration mapping to hosts.sh 2024-06-18 13:55:18 -04:00
Daniel Micay
662a2d3522 update configuration for systemd 256 2024-06-18 13:16:03 -04:00
Daniel Micay
54490cf662 update python dependencies 2024-06-17 23:52:00 -04:00
Daniel Micay
d103f6cdf3 simplify deployment script usage 2024-06-17 18:29:28 -04:00
Daniel Micay
750cd5e985 replace urandom with random 
These both use the same CSPRNG on modern kernels, but random waits for
CSPRNG initialization instead of only attempting to initialize it.
 2024-06-17 15:04:13 -04:00
Daniel Micay
ce1fef8c0e use per-server package list for deploy-initial 2024-06-17 15:00:36 -04:00
Daniel Micay
73a88e36ad replace 3.grapheneos.org and 3.grapheneos.network 2024-06-15 14:02:29 -04:00
Daniel Micay
55e7cadc02 update deploy-initial image version 2024-06-15 13:36:29 -04:00
Daniel Micay
7a78e3bd07 count: add akita 2024-06-11 22:56:05 -04:00
Daniel Micay
aefa91830e update python dependencies 2024-06-08 14:34:08 -04:00
Daniel Micay
8e9fe48605 update python dependencies 2024-06-06 00:26:45 -04:00
Daniel Micay
1ed92eb04c short ISRG Root X1 chain is now the default 2024-06-04 13:26:50 -04:00
Daniel Micay
aacde289bf add postfix-pcre package to mail.grapheneos.org 2024-05-30 12:12:05 -04:00
Daniel Micay
59e15db025 update python dependencies 2024-05-30 10:32:19 -04:00
Daniel Micay
f837b81bbd replace obsolete python-postfix-policyd-spf with python-spf-engine 2024-05-29 22:32:33 -04:00
Daniel Micay
d77a7b2cff drop python-pydantic workaround 
This was added as a dependency for matrix-synapse.
 2024-05-24 15:43:08 -04:00
Daniel Micay
e1f968617b replace sshpass with swiftclient for backups 2024-05-24 15:35:04 -04:00
Daniel Micay
f1d388e5c9 add list of hosts using automated backups 2024-05-24 15:34:16 -04:00
Daniel Micay
a2758fe665 update python dependencies 2024-05-24 15:33:27 -04:00
Daniel Micay
39a48e6585 update python dependencies 2024-05-21 13:38:50 -04:00
Daniel Micay
38dc2fb4d2 add samsung.psds.grapheneos.org subdomain 2024-05-15 14:36:26 -04:00
Daniel Micay
3b1c43d29f update requirements.txt 2024-04-30 12:32:40 -04:00
Daniel Micay
f9425e3ebd reduce conntrack UDP timeouts 
This only applies to outbound NTP requests since we use notrack for our
UDP services and DNS-over-TLS for our local resolver. We'd have no need
for longer timeouts even if that wasn't the case.
 2024-04-30 12:13:02 -04:00