Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-10-01 00:55:42 -04:00
Code Issues Packages Projects Releases Wiki Activity
284 Commits 1 Branch 0 Tags 1.8 MiB
cb0007f816
Commit Graph

76 Commits

Author SHA1 Message Date
Daniel Micay
15f1cbcd02 nginx: drop ExecStart override 2023-09-18 02:41:59 -04:00
Daniel Micay
90411f367c update OCSP cache path for certbot-renew.service 2023-09-02 15:07:28 -04:00
Daniel Micay
e1af23a478 add attestation service config for email 2023-08-18 23:57:44 -04:00
Daniel Micay
894f150a62 use CAKE no-split-gso for release servers 2023-08-06 23:18:53 -04:00
Daniel Micay
2f56bae4a5 use consistent naming for system drop-in configs 2023-08-04 14:45:15 -04:00
Daniel Micay
e56add4330 run fstrim daily instead of weekly 2023-08-04 14:38:41 -04:00
Daniel Micay
b67d037a5e add xfs_fsr service run before fstrim service 2023-08-03 16:35:53 -04:00
Daniel Micay
124897ccba update systemd/system.conf 2023-08-01 18:06:28 -04:00
Daniel Micay
7a95f6bfb4 update systemd/networkd.conf 2023-08-01 18:05:17 -04:00
Daniel Micay
53b46f6166 set correct subnet mask for BuyVM main IP 2023-07-28 00:12:05 -04:00
Daniel Micay
5e07ae005b use idle scheduling for fstrim.service 2023-07-26 13:21:24 -04:00
Daniel Micay
6595a2b05f rename eth0 to public 
This resolves a warning from systemd-networkd about using one of the
names reserved by the kernel.
 2023-07-15 00:33:35 -04:00
Daniel Micay
b245498612 disable unused DHCP IPv4 address for mail server 2023-07-13 21:39:12 -04:00
Daniel Micay
6736cdc36f use highest accuracy for sysstat-collect.timer 2023-07-13 18:51:39 -04:00
Daniel Micay
6567335b31 run sysstat-collect.service every minute 2023-07-13 18:51:28 -04:00
Daniel Micay
5f339efb2d update certbot-ocsp-fetcher 2023-07-09 18:16:59 -04:00
Daniel Micay
462bdc8599 add session ticket key management scripts 2023-07-09 18:04:17 -04:00
Daniel Micay
8ac489c9aa allow nginx master process to use CAP_CHOWN 
This is required for it to create the /var directories it uses when the
master process is running as root. It would be possible to run the nginx
master process as non-root but it doesn't drop ambient capabilities when
it spawns the workers so running the master process as non-root will end
up giving the workers higher privileges due to them ending up getting
the CAP_NET_BIND_SERVICE capability passed through.
 2023-07-06 05:30:35 -04:00
Daniel Micay
2cf694017b silence systemd-networkd address prefix warning 
It does the right thing by default now but it still produces a warning,
so silence it.
 2023-07-06 04:39:16 -04:00
Daniel Micay
5777fa38ae add network configuration for 1.grapheneos.network 2023-07-06 04:30:23 -04:00
Daniel Micay
2f4e9f67c4 set log retention time per server 2023-07-06 00:17:05 -04:00
Daniel Micay
5ea36399d1 rename 1.grapheneos.network to 2.grapheneos.network 2023-07-05 17:31:48 -04:00
Daniel Micay
a97e039314 rename 2.grapheneos.network to 3.grapheneos.network 2023-07-05 17:31:30 -04:00
Daniel Micay
37bf4935f1 drop mail server specific certbot configuration 
The mail server is now using the webroot authentication method via nginx
due to moving the MTA-STS web service to the mail server.
 2023-06-30 15:47:33 -04:00
Daniel Micay
8114047b9b add new website server instance 2023-06-30 15:45:09 -04:00
Daniel Micay
2641d41169 move staging.attestation.app to BuyVM 2023-06-29 13:14:50 -04:00
Daniel Micay
f9bee29ab8 move staging.grapheneos.org to BuyVM 2023-06-23 14:41:01 -04:00
Daniel Micay
2f4218fc77 move ns1.staging.grapheneos.org to BuyVM 2023-06-22 12:41:26 -04:00
Daniel Micay
254e628a79 move staging.ns1.grapheneos.org to ns1.staging.grapheneos.org 2023-06-22 00:27:08 -04:00
Daniel Micay
f1d9c0693e disable link-local addressing 2023-06-21 23:10:09 -04:00
Daniel Micay
384c29bd5e simplify route metric configuration 2023-06-21 22:56:50 -04:00
Daniel Micay
d0d72994e2 replace ns2.grapheneos.org network configuration 2023-06-16 20:30:29 -04:00
Daniel Micay
27aca7474c drop no-op RemoveIPC 2023-06-10 20:42:37 -04:00
Daniel Micay
ac23681718 update systemd/system.conf 2023-03-30 03:17:00 -04:00
Daniel Micay
7ffac9ab5a raise max journald files 2023-03-29 00:15:04 -04:00
Daniel Micay
c573091af4 use per-host journald SystemMaxUse 2023-03-25 07:04:46 -04:00
Daniel Micay
d550ccbc73 update sleep.conf 2023-02-17 17:51:41 -05:00
Daniel Micay
68a73e798a update system.conf 2023-02-17 17:51:24 -05:00
Daniel Micay
7fc42a25c4 remove Arch Linux nginx error_log configuration 
error_log works the same way as add_header where defining it again on
the same level is additive and logs to both places, meaning that there
are duplicated logs when defining a proper syslog error_log output at
the top level.
 2023-02-17 17:31:00 -05:00
Daniel Micay
3ea5a14b2f drop floating IPs for DNS servers 2022-11-30 19:23:18 -05:00
Daniel Micay
91e36044ca drop floating IPs for release servers 2022-11-29 02:26:51 -05:00
Daniel Micay
9f1ba5f2a5 drop floating IPs for website servers 2022-11-29 02:07:56 -05:00
Daniel Micay
3354bcb34d drop floating IPs for network servers 2022-11-29 02:07:05 -05:00
Daniel Micay
ace45c7d5c drop floating IP for attestation server 2022-11-29 01:39:15 -05:00
Daniel Micay
9929542f43 drop floating IP for forum server 2022-11-29 01:27:01 -05:00
Daniel Micay
38414a8313 drop floating IP for Matrix server 2022-11-29 01:26:31 -05:00
Daniel Micay
0aff07f884 add grapheneos.social network configuration 2022-11-27 01:41:42 -05:00
Daniel Micay
08da28f7b5 drop floating IPs for staging servers 2022-11-27 00:08:29 -05:00
Daniel Micay
b996f5586f update systemd/system.conf 2022-11-10 17:09:19 -05:00
Daniel Micay
36423fb2bc auto-restart nginx if master process is killed 
nginx handles restarting workers automatically but the master process
is typically killed by the OOM killer too.
 2022-09-26 16:45:15 -04:00