Commit Graph

556 Commits

Author SHA1 Message Date
Daniel Micay
2ddd98d485 cleanup session ticket key units 2024-10-14 06:11:32 -04:00
Daniel Micay
05d903ae3f move umask to systemd unit configuration 2024-10-14 06:11:32 -04:00
Daniel Micay
9ec62a0b79 move session ticket mount to fstab 2024-10-14 06:00:42 -04:00
Daniel Micay
cbed8c0b42 use standard override.conf name for unit overrides 2024-10-13 21:27:51 -04:00
Daniel Micay
26bedef1a1 enable ManagedOOMSwap=kill for root slice 2024-10-13 05:26:08 -04:00
Daniel Micay
e0fa670834 update python dependencies 2024-10-11 02:44:17 -04:00
Daniel Micay
b91653c696 enable systemd-oomd.service during initial deployment 2024-10-10 23:48:01 -04:00
Daniel Micay
a410e5aac6 enable sysstat.service during initial deployment 2024-10-10 23:47:40 -04:00
Daniel Micay
ce3ab7802c certbot: add gs-loc.apple.grapheneos.org 2024-09-26 14:55:04 -04:00
Daniel Micay
051a8bddf7 add disconnect script 2024-09-25 17:44:13 -04:00
Daniel Micay
858a99a534 raise discuss.grapheneos.org journal size 2024-09-23 13:22:14 -04:00
Daniel Micay
3578236a7d force DMARC enforcement for hotmail.com and live.com 2024-09-15 01:31:08 -04:00
Daniel Micay
167618930b update for pacman 7.0.0 download sandbox 2024-09-15 01:14:01 -04:00
Daniel Micay
ea3d577ac6 use incrementing auto-restart delay 2024-09-15 00:20:45 -04:00
Daniel Micay
76c1ae3aaf enable auto-restart for unbound and chronyd 2024-09-14 22:27:40 -04:00
Daniel Micay
b04898594a add valkey to discuss.grapheneos.org 2024-09-14 20:43:30 -04:00
Daniel Micay
1f411314b5 enable indefinite service restarts 2024-09-14 20:16:10 -04:00
Daniel Micay
a787d6c446 use default RestartSec for nginx 2024-09-14 20:16:10 -04:00
Daniel Micay
b268bd4e59 raise journal size for EU website server 2024-09-13 06:32:39 -04:00
Daniel Micay
bdc6ee4a95 raise journal size for NA network servers 2024-09-12 18:59:55 -04:00
Daniel Micay
0e3b64f259 update python dependencies 2024-09-05 20:58:00 -04:00
Daniel Micay
ae774a4661 drop base-devel from grapheneos.social
The package is now working around this issue.
2024-09-05 20:56:58 -04:00
Daniel Micay
b6d8ef1500 add intended CrashAction configuration 2024-08-18 19:49:51 -04:00
Daniel Micay
9638832f82 switch back to MaxRetentionSec now that it's fixed
The fix for this causing excessive log rotation was backported to systemd 256.5.
2024-08-18 19:41:04 -04:00
Daniel Micay
4dc70b8df7 update journald.conf 2024-08-18 19:28:57 -04:00
Daniel Micay
0dfe08d66e add stress package to all servers
This is useful for regularly done testing and doesn't pull in a huge
number of dependencies like stress-ng.
2024-08-11 18:30:34 -04:00
Daniel Micay
37842e4d17 temporarily add base-devel to grapheneos.social
Needed to work around a Ruby dependency issue.
2024-08-11 17:51:10 -04:00
Daniel Micay
27bd153454 nftables: use allowlist for ICMP types 2024-07-25 23:13:29 -04:00
Daniel Micay
437c5a5f3d raise journal file size for grapheneos.social 2024-07-25 11:59:56 -04:00
Daniel Micay
edfe1fae10 extend info fetching to sysctl values 2024-07-24 16:58:11 -04:00
Daniel Micay
80d15552dd add mutt to mail.grapheneos.org for inspecting service accounts 2024-07-13 19:39:31 -04:00
Daniel Micay
c6cd78e707 force DMARC enforcement for outlook.com 2024-07-08 10:38:42 -04:00
Daniel Micay
e3c2c1565d ovh-mitigation: add checking/toggling firewall 2024-07-05 00:40:20 -04:00
Daniel Micay
e8403c3098 update python dependencies 2024-07-05 00:32:25 -04:00
Daniel Micay
66c512b65f reduce SSH liveness check timeout to ~2 minutes 2024-07-02 18:06:47 -04:00
Daniel Micay
01201c0ece disable io_uring without CAP_SYS_ADMIN or io_uring group 2024-07-01 23:15:38 -04:00
Tommy
6e6957876e Update certbot-ocsp-fetcher to match upstream 2024-07-01 21:37:10 -04:00
Daniel Micay
84b2193808 switch to noswap tmpfs from ramfs for session ticket keys 2024-06-28 12:44:31 -04:00
Daniel Micay
ba2540c3fe add directory for home directory files 2024-06-27 10:13:15 -04:00
Tommy
6fc45525d9 Add NoNewPrivileges=true for certbot 2024-06-24 11:55:59 -04:00
Tommy
55221c8e44 Sort NGINX override alphabetically
Everything is already sorted alphabetically, but for some reason NoNewPrivileges is above MemoryDenyWriteExecute
2024-06-24 11:36:36 -04:00
Tommy
0e4d94e550 Remove redundant PrivateTmp=true 2024-06-24 11:18:11 -04:00
Daniel Micay
4382120e37 set umask for encrypted swapfile creation 2024-06-21 22:36:27 -04:00
Daniel Micay
597f534d63 increase journal file size for 3.grapheneos.network 2024-06-21 16:51:36 -04:00
Daniel Micay
f7643fa8b7 reorder initial deployment 2024-06-19 11:54:08 -04:00
Daniel Micay
4c52595bfd drop unmodified hosts file 2024-06-19 11:49:13 -04:00
Daniel Micay
54181d3031 increase journal size for update servers 2024-06-19 11:42:42 -04:00
Daniel Micay
65e2b8b109 increase journal size for network servers 2024-06-19 11:38:22 -04:00
Daniel Micay
1dc26ba006 add VerifyHostKeyDNS ask to ssh_config 2024-06-18 14:25:16 -04:00
Daniel Micay
4475df98a4 deploy nftables rules in deploy-initial 2024-06-18 14:15:19 -04:00