Commit Graph

276 Commits

Author SHA1 Message Date
Daniel Micay
adec4b9bda certbot: drop absolute path for deploy hook 2023-08-21 03:19:47 -04:00
Daniel Micay
a92156528a add nftables dscp counter config to guide 2023-08-19 00:46:21 -04:00
Daniel Micay
104c1857d9 add vconsole.conf to pacreport.conf 2023-08-19 00:37:54 -04:00
Daniel Micay
14da5949f2 add fstrim/xfs_fsr configuration to pacreport.conf 2023-08-19 00:37:00 -04:00
Daniel Micay
5a86b91909 update pip-compile command 2023-08-19 00:27:56 -04:00
Daniel Micay
9419af1bd6 use af21 for unbound DoT traffic 2023-08-19 00:20:21 -04:00
Daniel Micay
e1af23a478 add attestation service config for email 2023-08-18 23:57:44 -04:00
Daniel Micay
343d1fdb2f add mtr package 2023-08-16 22:55:53 -04:00
Daniel Micay
b88d0d5c96 raise ssh background traffic priority to af11
The default cs1 is resulting traffic being completely dropped for some
routes with congestion.
2023-08-14 23:32:00 -04:00
Daniel Micay
ae2fc9244b support drop-in configurations for ssh configs 2023-08-11 11:36:08 -04:00
Daniel Micay
894f150a62 use CAKE no-split-gso for release servers 2023-08-06 23:18:53 -04:00
Daniel Micay
4160e5a6b7 chrony: mark traffic as EF 2023-08-04 17:20:25 -04:00
Daniel Micay
2f56bae4a5 use consistent naming for system drop-in configs 2023-08-04 14:45:15 -04:00
Daniel Micay
e56add4330 run fstrim daily instead of weekly 2023-08-04 14:38:41 -04:00
Daniel Micay
b67d037a5e add xfs_fsr service run before fstrim service 2023-08-03 16:35:53 -04:00
Daniel Micay
124897ccba update systemd/system.conf 2023-08-01 18:06:28 -04:00
Daniel Micay
7a95f6bfb4 update systemd/networkd.conf 2023-08-01 18:05:17 -04:00
Daniel Micay
2703b7a378 add pv package 2023-07-28 23:24:40 -04:00
Daniel Micay
53b46f6166 set correct subnet mask for BuyVM main IP 2023-07-28 00:12:05 -04:00
Daniel Micay
5e07ae005b use idle scheduling for fstrim.service 2023-07-26 13:21:24 -04:00
Daniel Micay
0e37437f0c update python dependencies 2023-07-26 03:41:24 -04:00
Daniel Micay
39c15372a2 add ioping package 2023-07-26 03:40:57 -04:00
Daniel Micay
e3b8692914 add buyvm and ovh hosts arrays 2023-07-24 21:31:24 -04:00
Daniel Micay
1173060c25 ssh: switch to AES256-GCM to use AES-NI 2023-07-22 16:39:37 -04:00
Daniel Micay
a164ca80c7 disable unused multilib repository 2023-07-18 16:58:34 -04:00
Daniel Micay
13d4dcb39e only discard swapfile at mount time 2023-07-18 16:41:39 -04:00
Daniel Micay
6a8529e1a3 enable discard support for swapfile dm-crypt 2023-07-18 16:41:35 -04:00
Daniel Micay
f7402790d1 blacklist virtio_console module 2023-07-17 02:21:12 -04:00
Daniel Micay
20590d561a blacklist snd_intel8x0 module 2023-07-17 01:50:56 -04:00
Daniel Micay
8f4431582c blacklist sr_mod module 2023-07-17 01:47:44 -04:00
Daniel Micay
f3d7d763de add dns-stats script 2023-07-16 02:18:17 -04:00
Daniel Micay
6b0eec9218 clean up stats scripts 2023-07-16 01:25:27 -04:00
Daniel Micay
15302563f2 drop local-reserved-ports.conf for mastodon 2023-07-15 13:16:06 -04:00
Daniel Micay
4717854ec8 add subuid/subgid backup files to pacreport.conf 2023-07-15 13:14:59 -04:00
Daniel Micay
3dbf62e943 add gdk-pixbuf2 loaders cache to pacreport.conf 2023-07-15 13:14:48 -04:00
Daniel Micay
a973881a30 add sysstat unit configuration to pacreport.conf 2023-07-15 13:00:48 -04:00
Daniel Micay
0452ce51a1 update python dependencies 2023-07-15 12:54:19 -04:00
Daniel Micay
6595a2b05f rename eth0 to public
This resolves a warning from systemd-networkd about using one of the
names reserved by the kernel.
2023-07-15 00:33:35 -04:00
Daniel Micay
b245498612 disable unused DHCP IPv4 address for mail server 2023-07-13 21:39:12 -04:00
Daniel Micay
6736cdc36f use highest accuracy for sysstat-collect.timer 2023-07-13 18:51:39 -04:00
Daniel Micay
6567335b31 run sysstat-collect.service every minute 2023-07-13 18:51:28 -04:00
Daniel Micay
4e6c0b0ae1 reorder hosts 2023-07-13 16:23:33 -04:00
Daniel Micay
2e05e09f94 add sysstat package 2023-07-13 14:39:38 -04:00
Daniel Micay
8a1cab9071 add SSH client configuration 2023-07-13 11:41:59 -04:00
Daniel Micay
55dba2e7db add ovh-mitigation.txt to gitignore 2023-07-11 11:59:04 -04:00
Daniel Micay
616232e1ab add directory structure for mirrorlist 2023-07-11 11:38:53 -04:00
Daniel Micay
a957abd347 unified info fetching script 2023-07-10 23:35:56 -04:00
Daniel Micay
d49deb3db6 add certbot-ocsp-fetcher copyright notice 2023-07-09 19:19:29 -04:00
Daniel Micay
34a7874ec3 add license 2023-07-09 19:19:16 -04:00
Tommy
f90943d9e9 Additional unbound hardening 2023-07-09 18:46:33 -04:00