Daniel Micay
50de6d59c0
switch main domain for ECDSA mail server cert
2024-01-25 12:55:57 -05:00
Daniel Micay
88eba9a5fe
update copyright notice
2024-01-25 01:57:18 -05:00
Daniel Micay
a5fa9f930f
update certbot-ocsp-fetcher
2024-01-25 01:23:49 -05:00
Daniel Micay
0e3521564c
replace mail.grapheneos.org server
2024-01-24 22:53:09 -05:00
Daniel Micay
da98484270
replace attestation.app server
2024-01-23 19:15:19 -05:00
Daniel Micay
7213c1745a
replace 2.grapheneos.org and 2.grapheneos.network
2024-01-22 01:39:38 -05:00
Daniel Micay
4714b0bdb9
replace discuss.grapheneos.org server
2024-01-20 23:36:30 -05:00
Daniel Micay
6a0481714f
replace 0.grapheneos.org and 0.grapheneos.network
2024-01-20 00:59:00 -05:00
Daniel Micay
8d1782161f
stop sending external ADoT queries through unbound
2024-01-19 13:44:47 -05:00
Daniel Micay
5ed0c02e99
nftables: extend notrack rules for ADoT changes
2024-01-19 12:51:52 -05:00
Daniel Micay
a954a4a024
use clean syntax for IPv6 address
2024-01-18 08:44:19 -05:00
Daniel Micay
d22b380520
replace ns1.grapheneos.org server
2024-01-18 08:19:33 -05:00
Daniel Micay
d44a316624
disable 32-bit support via kernel line
...
This is now supported in mainline and will be available in Linux 6.7. It
will be a while before we have it in production due to using the latest
LTS branch, but it might as well be set up in advance.
We currently have SystemCallArchitectures=native in the systemd
configuration to disallow 32-bit system calls via seccomp-bpf.
2024-01-03 11:10:07 -05:00
Daniel Micay
dd9d6ff2a5
disable unused multipath TCP
2024-01-03 10:52:27 -05:00
Daniel Micay
d0e6159220
filter irrelevant module output
2024-01-03 10:18:15 -05:00
Daniel Micay
e581aeafb5
use idle CPU scheduling mode for updatedb
2024-01-03 10:10:04 -05:00
Daniel Micay
ae0373cc38
simplify log fetching
2023-12-24 20:21:06 -05:00
Daniel Micay
15a2fa132f
disable services on IPv6 for discussion forum
2023-12-22 17:47:49 -05:00
Daniel Micay
8bfec062dc
switch to nodejs 20 LTS branch
2023-12-21 20:12:55 -05:00
Daniel Micay
99973b1ca2
add mmdblookup to servers using geoip2
2023-12-21 09:49:36 -05:00
Daniel Micay
5a7110bee4
add geoip2 packages for discuss.grapheneos.org
2023-12-21 09:46:53 -05:00
Daniel Micay
5cef4a2aa6
allow geoipupdate internet access for discuss
2023-12-21 09:44:05 -05:00
Daniel Micay
dc4101f3de
update systemd configuration files
2023-12-07 12:33:59 -05:00
Daniel Micay
8708b133e5
update python dependencies
2023-12-03 23:52:09 -05:00
Daniel Micay
c1a826278e
add widevineprovisioning.grapheneos.org
2023-12-02 02:16:42 -05:00
Daniel Micay
d99ca0a43f
switch to development release of matterbridge
2023-12-02 02:16:24 -05:00
Daniel Micay
bed640859d
update python dependencies
2023-11-20 22:43:56 -05:00
Daniel Micay
f9bd8e2476
switch domain order for nameserver certbot setup
2023-11-05 01:33:56 -05:00
Daniel Micay
ebd0c7d8d0
add staging nameserver certbot setup
2023-11-05 01:32:44 -05:00
Daniel Micay
38bb002a01
add authenticated DNS-over-TLS to nameservers
2023-11-05 00:51:33 -04:00
Daniel Micay
3a92693611
move PowerDNS webserver to localhost port 81
2023-11-05 00:31:54 -04:00
Daniel Micay
c959f8bc5b
drop jdk-openjdk from attestation servers
2023-11-04 16:31:03 -04:00
Daniel Micay
a10afab253
update Python dependencies
2023-10-24 14:16:54 -04:00
Orazio
9aba6192e7
unbound: block dns rebinding
...
Blocking RFC 1918 addresses too is unlikely to be useful on your setup, but may be in case you add something like a VPC in the future.
2023-10-04 10:26:16 -04:00
Daniel Micay
cb0007f816
update python dependencies
2023-10-03 11:39:02 -04:00
Daniel Micay
a4af9e2faf
add ephemeral-trees directory to pacreport
2023-10-01 09:04:41 -04:00
Daniel Micay
c29206dff6
update python dependencies
2023-10-01 08:41:06 -04:00
Daniel Micay
ffff417df9
mastodon package now declares proper dependencies
2023-09-24 22:21:09 -04:00
Daniel Micay
1f7ea042fe
expand host variable declarations
2023-09-18 03:29:23 -04:00
Daniel Micay
15f1cbcd02
nginx: drop ExecStart override
2023-09-18 02:41:59 -04:00
Daniel Micay
90411f367c
update OCSP cache path for certbot-renew.service
2023-09-02 15:07:28 -04:00
Daniel Micay
067b42213f
update ocsp cache path for certbot deploy hook
2023-08-21 03:20:50 -04:00
Daniel Micay
adec4b9bda
certbot: drop absolute path for deploy hook
2023-08-21 03:19:47 -04:00
Daniel Micay
a92156528a
add nftables dscp counter config to guide
2023-08-19 00:46:21 -04:00
Daniel Micay
104c1857d9
add vconsole.conf to pacreport.conf
2023-08-19 00:37:54 -04:00
Daniel Micay
14da5949f2
add fstrim/xfs_fsr configuration to pacreport.conf
2023-08-19 00:37:00 -04:00
Daniel Micay
5a86b91909
update pip-compile command
2023-08-19 00:27:56 -04:00
Daniel Micay
9419af1bd6
use af21 for unbound DoT traffic
2023-08-19 00:20:21 -04:00
Daniel Micay
e1af23a478
add attestation service config for email
2023-08-18 23:57:44 -04:00
Daniel Micay
343d1fdb2f
add mtr package
2023-08-16 22:55:53 -04:00