Daniel Micay
cbed8c0b42
use standard override.conf name for unit overrides
2024-10-13 21:27:51 -04:00
Daniel Micay
26bedef1a1
enable ManagedOOMSwap=kill for root slice
2024-10-13 05:26:08 -04:00
Daniel Micay
ea3d577ac6
use incrementing auto-restart delay
2024-09-15 00:20:45 -04:00
Daniel Micay
76c1ae3aaf
enable auto-restart for unbound and chronyd
2024-09-14 22:27:40 -04:00
Daniel Micay
1f411314b5
enable indefinite service restarts
2024-09-14 20:16:10 -04:00
Daniel Micay
a787d6c446
use default RestartSec for nginx
2024-09-14 20:16:10 -04:00
Daniel Micay
b6d8ef1500
add intended CrashAction configuration
2024-08-18 19:49:51 -04:00
Daniel Micay
9638832f82
switch back to MaxRetentionSec now that it's fixed
...
The fix for this causing excessive log rotation was backported to systemd 256.5.
2024-08-18 19:41:04 -04:00
Daniel Micay
4dc70b8df7
update journald.conf
2024-08-18 19:28:57 -04:00
Tommy
6fc45525d9
Add NoNewPrivileges=true for certbot
2024-06-24 11:55:59 -04:00
Tommy
55221c8e44
Sort NGINX override alphabetically
...
Everything is already sorted alphabetically, but for some reason NoNewPrivileges is above MemoryDenyWriteExecute
2024-06-24 11:36:36 -04:00
Tommy
0e4d94e550
Remove redundant PrivateTmp=true
2024-06-24 11:18:11 -04:00
Daniel Micay
662a2d3522
update configuration for systemd 256
2024-06-18 13:16:03 -04:00
Daniel Micay
73a88e36ad
replace 3.grapheneos.org and 3.grapheneos.network
2024-06-15 14:02:29 -04:00
Daniel Micay
66562272ac
set preferred source for static IPv6 configuration
2024-03-26 21:50:12 -04:00
Daniel Micay
3de32072da
consistently use short form IPv6 addresses
2024-03-26 21:24:50 -04:00
Daniel Micay
571644526d
consistently list IPv4 routes before IPv6 routes
2024-03-26 21:24:50 -04:00
Daniel Micay
64e2e836d3
set preferred source for static IPv4 configuration
2024-03-26 21:24:48 -04:00
Daniel Micay
d8b70fce4f
raise journal size for high log volume servers
2024-03-01 10:05:39 -05:00
Daniel Micay
23207e99bf
replace 4.releases.grapheneos.org server
2024-02-24 10:34:52 -05:00
Daniel Micay
5b25870f96
enable reboot on systemd crash caught systemd
2024-02-13 13:07:51 -05:00
Daniel Micay
2e7058e9c4
replace certbot log rotation with logrotate
2024-02-13 12:38:14 -05:00
Daniel Micay
e81e9feef3
replace MaxRetentionSec to stop excessive rotation
2024-02-13 11:30:56 -05:00
Daniel Micay
0e3521564c
replace mail.grapheneos.org server
2024-01-24 22:53:09 -05:00
Daniel Micay
da98484270
replace attestation.app server
2024-01-23 19:15:19 -05:00
Daniel Micay
7213c1745a
replace 2.grapheneos.org and 2.grapheneos.network
2024-01-22 01:39:38 -05:00
Daniel Micay
4714b0bdb9
replace discuss.grapheneos.org server
2024-01-20 23:36:30 -05:00
Daniel Micay
6a0481714f
replace 0.grapheneos.org and 0.grapheneos.network
2024-01-20 00:59:00 -05:00
Daniel Micay
a954a4a024
use clean syntax for IPv6 address
2024-01-18 08:44:19 -05:00
Daniel Micay
d22b380520
replace ns1.grapheneos.org server
2024-01-18 08:19:33 -05:00
Daniel Micay
e581aeafb5
use idle CPU scheduling mode for updatedb
2024-01-03 10:10:04 -05:00
Daniel Micay
dc4101f3de
update systemd configuration files
2023-12-07 12:33:59 -05:00
Daniel Micay
15f1cbcd02
nginx: drop ExecStart override
2023-09-18 02:41:59 -04:00
Daniel Micay
90411f367c
update OCSP cache path for certbot-renew.service
2023-09-02 15:07:28 -04:00
Daniel Micay
e1af23a478
add attestation service config for email
2023-08-18 23:57:44 -04:00
Daniel Micay
894f150a62
use CAKE no-split-gso for release servers
2023-08-06 23:18:53 -04:00
Daniel Micay
2f56bae4a5
use consistent naming for system drop-in configs
2023-08-04 14:45:15 -04:00
Daniel Micay
e56add4330
run fstrim daily instead of weekly
2023-08-04 14:38:41 -04:00
Daniel Micay
b67d037a5e
add xfs_fsr service run before fstrim service
2023-08-03 16:35:53 -04:00
Daniel Micay
124897ccba
update systemd/system.conf
2023-08-01 18:06:28 -04:00
Daniel Micay
7a95f6bfb4
update systemd/networkd.conf
2023-08-01 18:05:17 -04:00
Daniel Micay
53b46f6166
set correct subnet mask for BuyVM main IP
2023-07-28 00:12:05 -04:00
Daniel Micay
5e07ae005b
use idle scheduling for fstrim.service
2023-07-26 13:21:24 -04:00
Daniel Micay
6595a2b05f
rename eth0 to public
...
This resolves a warning from systemd-networkd about using one of the
names reserved by the kernel.
2023-07-15 00:33:35 -04:00
Daniel Micay
b245498612
disable unused DHCP IPv4 address for mail server
2023-07-13 21:39:12 -04:00
Daniel Micay
6736cdc36f
use highest accuracy for sysstat-collect.timer
2023-07-13 18:51:39 -04:00
Daniel Micay
6567335b31
run sysstat-collect.service every minute
2023-07-13 18:51:28 -04:00
Daniel Micay
5f339efb2d
update certbot-ocsp-fetcher
2023-07-09 18:16:59 -04:00
Daniel Micay
462bdc8599
add session ticket key management scripts
2023-07-09 18:04:17 -04:00
Daniel Micay
8ac489c9aa
allow nginx master process to use CAP_CHOWN
...
This is required for it to create the /var directories it uses when the
master process is running as root. It would be possible to run the nginx
master process as non-root but it doesn't drop ambient capabilities when
it spawns the workers so running the master process as non-root will end
up giving the workers higher privileges due to them ending up getting
the CAP_NET_BIND_SERVICE capability passed through.
2023-07-06 05:30:35 -04:00