Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-10-01 00:55:42 -04:00
Code Issues Packages Projects Releases Wiki Activity
432 Commits 1 Branch 0 Tags 1.8 MiB
a067120a49
Commit Graph

432 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
55dba2e7db add ovh-mitigation.txt to gitignore 2023-07-11 11:59:04 -04:00
Daniel Micay
616232e1ab add directory structure for mirrorlist 2023-07-11 11:38:53 -04:00
Daniel Micay
a957abd347 unified info fetching script 2023-07-10 23:35:56 -04:00
Daniel Micay
d49deb3db6 add certbot-ocsp-fetcher copyright notice 2023-07-09 19:19:29 -04:00
Daniel Micay
34a7874ec3 add license 2023-07-09 19:19:16 -04:00
Tommy
f90943d9e9 Additional unbound hardening 2023-07-09 18:46:33 -04:00
Daniel Micay
5f339efb2d update certbot-ocsp-fetcher 2023-07-09 18:16:59 -04:00
Daniel Micay
462bdc8599 add session ticket key management scripts 2023-07-09 18:04:17 -04:00
Daniel Micay
eb9a4ef2d1 drop git package from discuss.grapheneos.org 2023-07-09 14:48:41 -04:00
Daniel Micay
d6b4b21f9b add count script 2023-07-08 01:25:30 -04:00
Daniel Micay
9d35c7629f add Samsung OPAL information 2023-07-08 01:15:09 -04:00
Daniel Micay
1abf27d74e blacklist tls kernel module 
This gets autoloaded unnecessarily. If we ever start using KTLS, we can
remove this on the servers where we want it.
 2023-07-08 01:11:11 -04:00
Daniel Micay
2bc3eb4857 add information fetch scripts 2023-07-08 01:10:56 -04:00
Daniel Micay
bb2b23bec3 add 3.grapheneos.network package list 2023-07-08 01:03:38 -04:00
Daniel Micay
3400e1f481 add stats scripts 2023-07-08 01:03:22 -04:00
Daniel Micay
5d07b89e77 specify python3 in setup script 2023-07-06 22:12:26 -04:00
Daniel Micay
48c9636fbd set proper mail.grapheneos.org certbot hook 2023-07-06 18:54:48 -04:00
Daniel Micay
92456a8327 add missing dependencies for mastodon 2023-07-06 18:47:33 -04:00
Daniel Micay
8eac68bc26 add hosts configuration file 2023-07-06 18:41:32 -04:00
Daniel Micay
8ac489c9aa allow nginx master process to use CAP_CHOWN 
This is required for it to create the /var directories it uses when the
master process is running as root. It would be possible to run the nginx
master process as non-root but it doesn't drop ambient capabilities when
it spawns the workers so running the master process as non-root will end
up giving the workers higher privileges due to them ending up getting
the CAP_NET_BIND_SERVICE capability passed through.
 2023-07-06 05:30:35 -04:00
Daniel Micay
2cf694017b silence systemd-networkd address prefix warning 
It does the right thing by default now but it still produces a warning,
so silence it.
 2023-07-06 04:39:16 -04:00
Daniel Micay
5777fa38ae add network configuration for 1.grapheneos.network 2023-07-06 04:30:23 -04:00
Daniel Micay
2f4e9f67c4 set log retention time per server 2023-07-06 00:17:05 -04:00
Daniel Micay
5ea36399d1 rename 1.grapheneos.network to 2.grapheneos.network 2023-07-05 17:31:48 -04:00
Daniel Micay
a97e039314 rename 2.grapheneos.network to 3.grapheneos.network 2023-07-05 17:31:30 -04:00
Daniel Micay
626653c23e add 3.grapheneos.org package list 2023-07-03 21:35:48 -04:00
Daniel Micay
affc4518da rename OVH mitigation script 2023-07-03 18:35:43 -04:00
Daniel Micay
45c79b3909 drop legacy connectivity check subdomain 2023-07-03 17:03:17 -04:00
Daniel Micay
37bf4935f1 drop mail server specific certbot configuration 
The mail server is now using the webroot authentication method via nginx
due to moving the MTA-STS web service to the mail server.
 2023-06-30 15:47:33 -04:00
Daniel Micay
8114047b9b add new website server instance 2023-06-30 15:45:09 -04:00
Daniel Micay
52a1e9f18e remove unused qemu-guest-agent package 2023-06-30 12:22:01 -04:00
Daniel Micay
d8d721ecd9 update python dependencies 2023-06-30 10:53:45 -04:00
Daniel Micay
9cec692b28 fix staging.attestation.app name for certbot 2023-06-29 13:25:10 -04:00
Daniel Micay
2641d41169 move staging.attestation.app to BuyVM 2023-06-29 13:14:50 -04:00
Daniel Micay
f9bee29ab8 move staging.grapheneos.org to BuyVM 2023-06-23 14:41:01 -04:00
Daniel Micay
82bf5e752c add mail.grapheneos.net fallback name for MX 2023-06-23 11:59:52 -04:00
Daniel Micay
4089b07be1 rename staging nameserver package list 2023-06-22 16:03:11 -04:00
Daniel Micay
3c1c21f1a1 update package lists for split ns2.grapheneos.org 2023-06-22 16:02:12 -04:00
Daniel Micay
129af30134 add nginx to mail.grapheneos.org 2023-06-22 15:58:13 -04:00
Daniel Micay
2f4218fc77 move ns1.staging.grapheneos.org to BuyVM 2023-06-22 12:41:26 -04:00
Daniel Micay
254e628a79 move staging.ns1.grapheneos.org to ns1.staging.grapheneos.org 2023-06-22 00:27:08 -04:00
Daniel Micay
f1d9c0693e disable link-local addressing 2023-06-21 23:10:09 -04:00
Daniel Micay
384c29bd5e simplify route metric configuration 2023-06-21 22:56:50 -04:00
Daniel Micay
d128124200 move website server mta-sts to mail server 2023-06-21 14:53:07 -04:00
Daniel Micay
4abeaf06f5 move network server mta-sts to mail server 2023-06-21 14:43:06 -04:00
Daniel Micay
884906f160 move mta-sts.seamlessupdate.app to mail server 2023-06-21 14:37:46 -04:00
Daniel Micay
5c6f540cf3 move mta-sts.matrix.grapheneos.org to mail server 2023-06-21 14:31:49 -04:00
Daniel Micay
dc840b7925 move mta-sts.grapheneos.social to mail server 2023-06-21 14:20:43 -04:00
Daniel Micay
aa89e675d6 move mta-sts.discuss.grapheneos.org to mail server 2023-06-21 14:20:21 -04:00
Daniel Micay
95e0c68cb0 move mta-sts.attestation.app to mail server 2023-06-21 13:59:46 -04:00