Daniel Micay
86d582ba2b
add stripped down initial deployment script
2024-02-03 17:47:41 -05:00
Daniel Micay
154811ab1e
add uptime to dns stats
2024-02-03 17:30:22 -05:00
Daniel Micay
963921413e
add 8th generation Pixels to count script
2024-02-02 14:46:39 -05:00
Daniel Micay
a010e02c52
use leaner format for update log output
2024-02-02 07:26:36 -05:00
Daniel Micay
6989905361
add updatedb drop-in unit to pacreport exclusions
2024-02-01 18:01:06 -05:00
Daniel Micay
d583da0a65
disable sending console output to unused ttyS0
2024-02-01 16:39:33 -05:00
Daniel Micay
2fe25c5218
grub: remove extra space
2024-01-31 21:28:14 -05:00
Daniel Micay
69c7803b31
update python dependencies
2024-01-30 14:37:31 -05:00
Daniel Micay
4371062b71
add sshpass on mail.grapheneos.org
2024-01-26 00:41:51 -05:00
Daniel Micay
50de6d59c0
switch main domain for ECDSA mail server cert
2024-01-25 12:55:57 -05:00
Daniel Micay
88eba9a5fe
update copyright notice
2024-01-25 01:57:18 -05:00
Daniel Micay
a5fa9f930f
update certbot-ocsp-fetcher
2024-01-25 01:23:49 -05:00
Daniel Micay
0e3521564c
replace mail.grapheneos.org server
2024-01-24 22:53:09 -05:00
Daniel Micay
da98484270
replace attestation.app server
2024-01-23 19:15:19 -05:00
Daniel Micay
7213c1745a
replace 2.grapheneos.org and 2.grapheneos.network
2024-01-22 01:39:38 -05:00
Daniel Micay
4714b0bdb9
replace discuss.grapheneos.org server
2024-01-20 23:36:30 -05:00
Daniel Micay
6a0481714f
replace 0.grapheneos.org and 0.grapheneos.network
2024-01-20 00:59:00 -05:00
Daniel Micay
8d1782161f
stop sending external ADoT queries through unbound
2024-01-19 13:44:47 -05:00
Daniel Micay
5ed0c02e99
nftables: extend notrack rules for ADoT changes
2024-01-19 12:51:52 -05:00
Daniel Micay
a954a4a024
use clean syntax for IPv6 address
2024-01-18 08:44:19 -05:00
Daniel Micay
d22b380520
replace ns1.grapheneos.org server
2024-01-18 08:19:33 -05:00
Daniel Micay
d44a316624
disable 32-bit support via kernel line
...
This is now supported in mainline and will be available in Linux 6.7. It
will be a while before we have it in production due to using the latest
LTS branch, but it might as well be set up in advance.
We currently have SystemCallArchitectures=native in the systemd
configuration to disallow 32-bit system calls via seccomp-bpf.
2024-01-03 11:10:07 -05:00
Daniel Micay
dd9d6ff2a5
disable unused multipath TCP
2024-01-03 10:52:27 -05:00
Daniel Micay
d0e6159220
filter irrelevant module output
2024-01-03 10:18:15 -05:00
Daniel Micay
e581aeafb5
use idle CPU scheduling mode for updatedb
2024-01-03 10:10:04 -05:00
Daniel Micay
ae0373cc38
simplify log fetching
2023-12-24 20:21:06 -05:00
Daniel Micay
15a2fa132f
disable services on IPv6 for discussion forum
2023-12-22 17:47:49 -05:00
Daniel Micay
8bfec062dc
switch to nodejs 20 LTS branch
2023-12-21 20:12:55 -05:00
Daniel Micay
99973b1ca2
add mmdblookup to servers using geoip2
2023-12-21 09:49:36 -05:00
Daniel Micay
5a7110bee4
add geoip2 packages for discuss.grapheneos.org
2023-12-21 09:46:53 -05:00
Daniel Micay
5cef4a2aa6
allow geoipupdate internet access for discuss
2023-12-21 09:44:05 -05:00
Daniel Micay
dc4101f3de
update systemd configuration files
2023-12-07 12:33:59 -05:00
Daniel Micay
8708b133e5
update python dependencies
2023-12-03 23:52:09 -05:00
Daniel Micay
c1a826278e
add widevineprovisioning.grapheneos.org
2023-12-02 02:16:42 -05:00
Daniel Micay
d99ca0a43f
switch to development release of matterbridge
2023-12-02 02:16:24 -05:00
Daniel Micay
bed640859d
update python dependencies
2023-11-20 22:43:56 -05:00
Daniel Micay
f9bd8e2476
switch domain order for nameserver certbot setup
2023-11-05 01:33:56 -05:00
Daniel Micay
ebd0c7d8d0
add staging nameserver certbot setup
2023-11-05 01:32:44 -05:00
Daniel Micay
38bb002a01
add authenticated DNS-over-TLS to nameservers
2023-11-05 00:51:33 -04:00
Daniel Micay
3a92693611
move PowerDNS webserver to localhost port 81
2023-11-05 00:31:54 -04:00
Daniel Micay
c959f8bc5b
drop jdk-openjdk from attestation servers
2023-11-04 16:31:03 -04:00
Daniel Micay
a10afab253
update Python dependencies
2023-10-24 14:16:54 -04:00
Orazio
9aba6192e7
unbound: block dns rebinding
...
Blocking RFC 1918 addresses too is unlikely to be useful on your setup, but may be in case you add something like a VPC in the future.
2023-10-04 10:26:16 -04:00
Daniel Micay
cb0007f816
update python dependencies
2023-10-03 11:39:02 -04:00
Daniel Micay
a4af9e2faf
add ephemeral-trees directory to pacreport
2023-10-01 09:04:41 -04:00
Daniel Micay
c29206dff6
update python dependencies
2023-10-01 08:41:06 -04:00
Daniel Micay
ffff417df9
mastodon package now declares proper dependencies
2023-09-24 22:21:09 -04:00
Daniel Micay
1f7ea042fe
expand host variable declarations
2023-09-18 03:29:23 -04:00
Daniel Micay
15f1cbcd02
nginx: drop ExecStart override
2023-09-18 02:41:59 -04:00
Daniel Micay
90411f367c
update OCSP cache path for certbot-renew.service
2023-09-02 15:07:28 -04:00