graphene-os-server-infrastructure

Git-Mirrors/graphene-os-server-infrastructure

mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-11-24 16:53:07 -05:00

Author	SHA1	Message	Date
Daniel Micay	a054b6cd29	note BuyVM anycast address is only a fallback	2025-11-17 03:01:16 -05:00
Daniel Micay	8db7dd0dc8	add tyo.ns1.grapheneos.org server	2025-11-16 23:48:19 -05:00
Daniel Micay	a7a45cc5d7	dns-stats: add IPv4 vs. IPv6 query stats	2025-11-16 23:13:51 -05:00
Daniel Micay	a8185b3444	dns-stats: use simpler pdns_control command	2025-11-16 13:46:00 -05:00
Daniel Micay	7b7f1de0bd	drop zerotier-one from ns1.staging.grapheneos.org We aren't currently using this for testing and it's going to be phased out for the ns1 servers as soon as we get a second IPv4 /24. This also switches over to using the nftables ruleset for ns2 instead of ns1 since it doesn't need the zerotier nftables configuration anymore.	2025-11-16 00:22:08 -05:00
Daniel Micay	52f0062590	networkd: set PreferredLifetime=0 for anycast IPs This avoids these being used for outbound connections.	2025-11-15 20:51:19 -05:00
Daniel Micay	974ca7442e	remove gra1.grapheneos.org and las0.grapheneos.org	2025-11-15 18:23:59 -05:00
Daniel Micay	864a434511	add fra.grapheneos.org and hio.grapheneos.org servers These were previously 2 of our 4 OVH ns1.grapheneos.org instances. Our ns1.grapheneos.network network has been entirely moved to Vultr for BGP support so we're reusing these 2 instances as replacements for 2 of the existing grapheneos.org servers.	2025-11-15 17:17:47 -05:00
Daniel Micay	076812a30d	deploy-web: improve error checking	2025-11-15 15:41:29 -05:00
Daniel Micay	d825e67a39	make /var/log/nginx permissions match log files	2025-11-15 15:26:31 -05:00
Daniel Micay	2425756c2a	pacreport: add syslog-ng configuration sub-directory	2025-11-15 06:21:45 -05:00
Daniel Micay	0db92863c3	reboot: add BGP integration	2025-11-14 21:27:51 -05:00
Daniel Micay	da67af9299	add lon.ns1.grapheneos.org	2025-11-14 17:17:09 -05:00
Daniel Micay	79255e34b3	switch to geolocation-based pkgbuild.com mirror	2025-11-14 05:36:02 -05:00
Daniel Micay	4caf974bf4	nftables: include our own anycast addresses	2025-11-14 05:35:58 -05:00
Daniel Micay	af9b254ff6	ns2: add IPv4 address from our anycast /24	2025-11-14 05:35:58 -05:00
Daniel Micay	b600418a27	networkd: add comments for anycast addresses	2025-11-14 05:35:58 -05:00
Daniel Micay	4c9be33036	networkd: remove unnecessary [Address] sections	2025-11-14 05:35:58 -05:00
Daniel Micay	21b9f52b4a	add mia.ns2.grapheneos.org server	2025-11-14 05:35:58 -05:00
Daniel Micay	d682b05846	replace remaining OVH ns1 servers with Vultr	2025-11-14 05:35:58 -05:00
Daniel Micay	6819359c45	add IPv6 address from our /48 announced from BuyVM	2025-11-11 03:39:21 -05:00
Daniel Micay	80c8b239d5	add bird to ns2.grapheneos.org to use our IP space	2025-11-11 03:39:21 -05:00
Daniel Micay	f1859e38cc	hosts: add list of Vultr instances	2025-11-11 03:39:21 -05:00
Daniel Micay	70cccd1e21	add IPv6 address from our /48 announced from Vultr	2025-11-11 03:39:21 -05:00
Daniel Micay	c4b5da59d5	nftables: ns1: add fq priority configuration	2025-11-11 03:39:21 -05:00
Daniel Micay	77795f92f6	replace 1.ns1.grapheneos.org server with sea.ns1.grapheneos.org	2025-11-11 03:39:21 -05:00
Daniel Micay	396086759b	add lax.ns1.grapheneos.org server	2025-11-10 04:04:21 -05:00
Daniel Micay	72e3a980aa	replace 0.ns1.grapheneos.org server with nyc.ns1.grapheneos.org	2025-11-09 23:20:09 -05:00
Daniel Micay	fa9e6de004	add mia.ns1.grapheneos.org server	2025-11-09 18:57:21 -05:00
Daniel Micay	8c57177aef	deploy-initial-vps: handle mkinitcpio.conf split	2025-11-09 17:55:16 -05:00
Daniel Micay	cae80e26ab	deploy-initial-vps: update Arch ISO image version	2025-11-09 17:55:12 -05:00
Daniel Micay	a76f259c23	certbot: add nominatim.staging.grapheneos.org	2025-11-08 23:28:40 -05:00
Daniel Micay	3b5589f117	certbot: rename 0.grapheneos.org to bhs0.grapheneos.org	2025-11-08 23:19:37 -05:00
Daniel Micay	c808621659	syslog-ng: add receive timestamps to nginx logs Since nginx only uses 1 second precision for the error logs and syslog timestamps, we can use receive time on the syslog-ng side. We can switch to source time once nginx adds RFC 5424 support which is currently in an open pull request but will likely require changes to add a configuration option for it. Our approach to working around this within nginx doesn't work perfectly since $msec generates the time on-demand separately from the timestamp used by $time_iso8601.	2025-11-08 14:56:27 -05:00
Daniel Micay	c9fae6c345	syslog-ng: split nginx configuration into conf.d	2025-11-08 13:44:52 -05:00
Daniel Micay	3682298d01	syslog-ng: raise frac-digits to 3	2025-11-08 02:41:34 -05:00
Daniel Micay	a05232d2f6	add syslog-ng include directory	2025-11-08 01:41:56 -05:00
Daniel Micay	fa03067604	add script for checking reverse DNS	2025-11-07 23:51:33 -05:00
Daniel Micay	c15a09758b	update lax.releases.grapheneos.org IPv6 address	2025-11-07 23:51:17 -05:00
Daniel Micay	459455286d	use journald reload support added in systemd 258	2025-11-07 23:23:09 -05:00
Daniel Micay	4a5e91de42	count: handle nginx logs being done with syslog-ng	2025-11-07 21:56:47 -05:00
Daniel Micay	c3d7324536	certbot: merge 0.grapheneos.network into 0.grapheneos.org	2025-11-06 22:44:58 -05:00
Daniel Micay	7551794b6c	grapheneos.org: switch to location-based server names	2025-11-06 22:44:33 -05:00
Daniel Micay	0195d84f25	add missing reserved ports entries for unbound	2025-11-06 22:06:47 -05:00
Daniel Micay	3c248a9bd0	add deploy-hostname script	2025-11-06 19:54:19 -05:00
Daniel Micay	ddc56da224	new naming convention for staging server hostnames	2025-11-06 19:54:09 -05:00
Daniel Micay	9e6b18e3b2	ns2.grapheneos.org: switch to location-based server names	2025-11-06 19:27:39 -05:00
Daniel Micay	2cf774ca19	releases.grapheneos.org: switch to location-based server names	2025-11-06 19:01:50 -05:00
Daniel Micay	99b32fe4a9	grapheneos.social: switch to Node.js 24 LTS	2025-11-06 11:59:13 -05:00
Daniel Micay	cb8701e6d7	nftables: style fix	2025-11-06 11:59:13 -05:00

1 2 3 4 5 ...

863 commits