Daniel Micay
d57ca21e06
add sqlite-analyzer to attestation servers
2024-03-08 11:54:02 -05:00
Daniel Micay
e9d90bf88b
lsof replaced with lsfd
2024-03-06 16:53:42 -05:00
Daniel Micay
c8d359af57
disable mkinitcpio fallback image
2024-03-04 13:13:58 -05:00
Daniel Micay
8591cb9354
raise 2.grapheneos.network journal size to 2G
2024-03-03 15:47:19 -05:00
Daniel Micay
14174e90f4
nginx-rotate-session-ticket-keys: drop unnecessary time sync
2024-03-03 09:57:30 -05:00
Daniel Micay
fb8775bb85
use checksum-based rsync
2024-03-03 09:55:02 -05:00
Daniel Micay
d8b70fce4f
raise journal size for high log volume servers
2024-03-01 10:05:39 -05:00
Daniel Micay
16e3df0c39
raise max log size for OVH network instances
2024-02-29 13:58:38 -05:00
Daniel Micay
67a71a5cd3
count: drop 3rd gen Pixels
2024-02-24 19:19:59 -05:00
Daniel Micay
23207e99bf
replace 4.releases.grapheneos.org server
2024-02-24 10:34:52 -05:00
Daniel Micay
c9cceb3bc0
explicit set XFS allocation group count
2024-02-24 10:28:10 -05:00
Daniel Micay
e0d5ff2fb2
enable deploy-initial script
2024-02-24 10:22:19 -05:00
Daniel Micay
b185e04a2c
update install image to 2024.02.01
2024-02-24 10:21:24 -05:00
Daniel Micay
0899b7e984
update python dependencies
2024-02-23 13:04:36 -05:00
Daniel Micay
827324d15d
stop generating unused en_US.UTF-8 locale
...
We only use the C.UTF-8 locale now.
2024-02-15 13:56:29 -05:00
Daniel Micay
5b25870f96
enable reboot on systemd crash caught systemd
2024-02-13 13:07:51 -05:00
Daniel Micay
2e7058e9c4
replace certbot log rotation with logrotate
2024-02-13 12:38:14 -05:00
Daniel Micay
e81e9feef3
replace MaxRetentionSec to stop excessive rotation
2024-02-13 11:30:56 -05:00
Daniel Micay
d39937fc6c
disable currently unused energy aware scheduling
2024-02-12 16:13:45 -05:00
Daniel Micay
bd9a3d97d7
update python dependencies
2024-02-08 15:08:27 -05:00
Daniel Micay
81307b3bb9
add authorized_keys to gitignore
2024-02-03 17:48:56 -05:00
Daniel Micay
86d582ba2b
add stripped down initial deployment script
2024-02-03 17:47:41 -05:00
Daniel Micay
154811ab1e
add uptime to dns stats
2024-02-03 17:30:22 -05:00
Daniel Micay
963921413e
add 8th generation Pixels to count script
2024-02-02 14:46:39 -05:00
Daniel Micay
a010e02c52
use leaner format for update log output
2024-02-02 07:26:36 -05:00
Daniel Micay
6989905361
add updatedb drop-in unit to pacreport exclusions
2024-02-01 18:01:06 -05:00
Daniel Micay
d583da0a65
disable sending console output to unused ttyS0
2024-02-01 16:39:33 -05:00
Daniel Micay
2fe25c5218
grub: remove extra space
2024-01-31 21:28:14 -05:00
Daniel Micay
69c7803b31
update python dependencies
2024-01-30 14:37:31 -05:00
Daniel Micay
4371062b71
add sshpass on mail.grapheneos.org
2024-01-26 00:41:51 -05:00
Daniel Micay
50de6d59c0
switch main domain for ECDSA mail server cert
2024-01-25 12:55:57 -05:00
Daniel Micay
88eba9a5fe
update copyright notice
2024-01-25 01:57:18 -05:00
Daniel Micay
a5fa9f930f
update certbot-ocsp-fetcher
2024-01-25 01:23:49 -05:00
Daniel Micay
0e3521564c
replace mail.grapheneos.org server
2024-01-24 22:53:09 -05:00
Daniel Micay
da98484270
replace attestation.app server
2024-01-23 19:15:19 -05:00
Daniel Micay
7213c1745a
replace 2.grapheneos.org and 2.grapheneos.network
2024-01-22 01:39:38 -05:00
Daniel Micay
4714b0bdb9
replace discuss.grapheneos.org server
2024-01-20 23:36:30 -05:00
Daniel Micay
6a0481714f
replace 0.grapheneos.org and 0.grapheneos.network
2024-01-20 00:59:00 -05:00
Daniel Micay
8d1782161f
stop sending external ADoT queries through unbound
2024-01-19 13:44:47 -05:00
Daniel Micay
5ed0c02e99
nftables: extend notrack rules for ADoT changes
2024-01-19 12:51:52 -05:00
Daniel Micay
a954a4a024
use clean syntax for IPv6 address
2024-01-18 08:44:19 -05:00
Daniel Micay
d22b380520
replace ns1.grapheneos.org server
2024-01-18 08:19:33 -05:00
Daniel Micay
d44a316624
disable 32-bit support via kernel line
...
This is now supported in mainline and will be available in Linux 6.7. It
will be a while before we have it in production due to using the latest
LTS branch, but it might as well be set up in advance.
We currently have SystemCallArchitectures=native in the systemd
configuration to disallow 32-bit system calls via seccomp-bpf.
2024-01-03 11:10:07 -05:00
Daniel Micay
dd9d6ff2a5
disable unused multipath TCP
2024-01-03 10:52:27 -05:00
Daniel Micay
d0e6159220
filter irrelevant module output
2024-01-03 10:18:15 -05:00
Daniel Micay
e581aeafb5
use idle CPU scheduling mode for updatedb
2024-01-03 10:10:04 -05:00
Daniel Micay
ae0373cc38
simplify log fetching
2023-12-24 20:21:06 -05:00
Daniel Micay
15a2fa132f
disable services on IPv6 for discussion forum
2023-12-22 17:47:49 -05:00
Daniel Micay
8bfec062dc
switch to nodejs 20 LTS branch
2023-12-21 20:12:55 -05:00
Daniel Micay
99973b1ca2
add mmdblookup to servers using geoip2
2023-12-21 09:49:36 -05:00