Daniel Micay
6f6b8ceb54
enable chronyd seccomp filter
2023-05-07 00:02:51 -04:00
Daniel Micay
a74812ca6e
allow NTP requests to network servers
2023-05-05 10:44:43 -04:00
Daniel Micay
04e7114468
more precise gitignore rules
2023-04-16 16:09:20 -04:00
Daniel Micay
6c0201a9f7
add venv to gitignore
2023-04-16 16:08:58 -04:00
Daniel Micay
9b4d547dc1
mark php explicitly installed for forum
2023-04-10 02:22:20 -04:00
Daniel Micay
06d672d7f8
add credstore to pacreport configuration
2023-04-05 22:44:35 -04:00
Daniel Micay
19a7b5b9c9
add explicitly installed packages to repository
2023-04-04 14:43:57 -04:00
Daniel Micay
ac23681718
update systemd/system.conf
2023-03-30 03:17:00 -04:00
Daniel Micay
7ffac9ab5a
raise max journald files
2023-03-29 00:15:04 -04:00
Daniel Micay
c573091af4
use per-host journald SystemMaxUse
2023-03-25 07:04:46 -04:00
Daniel Micay
581b590be0
update python dependencies
2023-03-24 18:47:48 -04:00
Daniel Micay
83877cb983
add OVH mitigation control script
2023-02-22 16:22:47 -05:00
Daniel Micay
d550ccbc73
update sleep.conf
2023-02-17 17:51:41 -05:00
Daniel Micay
68a73e798a
update system.conf
2023-02-17 17:51:24 -05:00
Daniel Micay
7fc42a25c4
remove Arch Linux nginx error_log configuration
...
error_log works the same way as add_header where defining it again on
the same level is additive and logs to both places, meaning that there
are duplicated logs when defining a proper syslog error_log output at
the top level.
2023-02-17 17:31:00 -05:00
Daniel Micay
312b1a027b
switch to unix domain sockets for mastodon
2023-02-17 16:24:35 -05:00
Daniel Micay
53b2431f6b
switch to unix socket socket for redis
2023-02-15 02:45:52 -05:00
Daniel Micay
f8d62478cf
drop old nginx tmpfiles.d conf from pacreport.conf
2023-02-14 01:43:03 -05:00
Daniel Micay
c9dcf479fc
allow PowerDNS webserver on loopback for root
2023-02-14 01:19:19 -05:00
Daniel Micay
7871fa2d51
add comments for unbound avoid port configuration
2023-02-11 20:29:33 -05:00
Daniel Micay
edbb9158a4
avoid port 7275 (supl) for unbound
2023-02-11 20:23:22 -05:00
Daniel Micay
34d0f7fc3b
baseline web server config doesn't use DNS
2023-02-11 03:26:25 -05:00
Daniel Micay
8b96ee620c
split out network nftables rules for SUPL proxy
2023-02-11 03:11:47 -05:00
Daniel Micay
f0f6b9d993
sshd: switch to SSH protocol keep alive
2023-02-10 11:20:54 -05:00
Daniel Micay
d47d1569e5
update sshd_config
2023-02-02 13:48:35 -05:00
Daniel Micay
1ba011b865
update pacreport.conf
2023-01-31 20:22:36 -05:00
Daniel Micay
3dfbd4e777
add init_on_free=1 for non-hardened kernels
2023-01-23 21:34:33 -05:00
Daniel Micay
67de376313
add slab_nomerge for non-hardened kernels
2023-01-15 14:34:44 -05:00
Daniel Micay
3c6aeeab3d
add Mastodon ports to unbound avoid list
2023-01-10 14:09:10 -05:00
Daniel Micay
4fd4aa40ee
switch to C.UTF-8 locale
...
en_US.UTF-8 still needs to be generated for now since the PostgreSQL
databases and potentially other applications will still be using it.
2023-01-10 14:09:06 -05:00
Daniel Micay
6530e1a583
reboot immediately on kernel panic
...
We can adjust this if we ever need to debug a kernel panic issue which
is not expected.
2023-01-09 14:18:30 -05:00
Daniel Micay
13a3a4ece0
use optimized dm-crypt configuration for swap
2023-01-03 02:27:23 -05:00
Daniel Micay
cea56c8acd
fix matrix.grapheneos.org loopback nftables rules
2022-12-25 19:03:41 -05:00
Daniel Micay
88692df381
dd nftables rules for grapheneos.social
2022-12-25 18:54:08 -05:00
Daniel Micay
34627b993a
switch to default mkinitcpio.conf
...
We no longer make any changes to this configuration and are unlikely to
need any.
2022-12-14 05:10:51 -05:00
Daniel Micay
01f0b498cf
add additional gitignore entries
2022-12-13 13:12:23 -05:00
Daniel Micay
3ea5a14b2f
drop floating IPs for DNS servers
2022-11-30 19:23:18 -05:00
Daniel Micay
91e36044ca
drop floating IPs for release servers
2022-11-29 02:26:51 -05:00
Daniel Micay
9f1ba5f2a5
drop floating IPs for website servers
2022-11-29 02:07:56 -05:00
Daniel Micay
3354bcb34d
drop floating IPs for network servers
2022-11-29 02:07:05 -05:00
Daniel Micay
ace45c7d5c
drop floating IP for attestation server
2022-11-29 01:39:15 -05:00
Daniel Micay
9929542f43
drop floating IP for forum server
2022-11-29 01:27:01 -05:00
Daniel Micay
38414a8313
drop floating IP for Matrix server
2022-11-29 01:26:31 -05:00
Daniel Micay
0aff07f884
add grapheneos.social network configuration
2022-11-27 01:41:42 -05:00
Daniel Micay
08da28f7b5
drop floating IPs for staging servers
2022-11-27 00:08:29 -05:00
Daniel Micay
7b3111deb6
update grub configuration
2022-11-16 22:49:10 -05:00
Daniel Micay
b996f5586f
update systemd/system.conf
2022-11-10 17:09:19 -05:00
Daniel Micay
7a4ace53f7
disable less history by default for login sessions
2022-10-26 04:35:23 -04:00
Daniel Micay
224b1ae5d3
pam configuration now matches the package defaults
2022-10-21 21:48:35 -04:00
Daniel Micay
b93695ecc4
add encrypted swapfile configuration
2022-09-26 23:01:44 -04:00