Commit Graph

322 Commits

Author SHA1 Message Date
Daniel Micay
e5f576c062 sshd: reduce MaxAuthTries to 1 2022-07-22 20:00:52 -04:00
Daniel Micay
84ca6bfa27 sshd: sntrup761x25519-sha512@openssh.com kex only 2022-07-22 19:55:59 -04:00
Daniel Micay
d7c23eac02 disable unused AES-GCM cipher suites 2022-07-22 19:11:28 -04:00
Daniel Micay
ad6e998ec2 nftables: filter input service traffic by dst addr 2022-07-21 19:32:43 -04:00
Daniel Micay
fdf21af1ae nftables: use notrack accept instead of notrack 2022-07-21 17:31:16 -04:00
Daniel Micay
f7da683012 nftables: simplify ICMP handling 2022-07-18 22:14:35 -04:00
Daniel Micay
494247747c add flarum-admin user 2022-07-12 17:36:13 -04:00
Daniel Micay
1a195570c8 sshd: disable unused agent forwarding feature
This is a misguided feature and while this doesn't meaningfully reduce
attack surface, it makes sense not to enable it.
2022-07-11 19:57:42 -04:00
Daniel Micay
1d9d5df54c unbound: only listen on IPv6 2022-07-10 15:41:10 -04:00
Daniel Micay
710d487e78 qname-minimisation is enabled by default now 2022-07-03 09:30:44 -04:00
Daniel Micay
f957d83855 add resolv.conf 2022-07-03 09:05:41 -04:00
Daniel Micay
829ea23e8d lower conntrack established tcp connection timeout 2022-07-03 05:28:54 -04:00
Daniel Micay
1c47cd88ab disable loose TCP connection tracking 2022-07-03 03:50:53 -04:00
Daniel Micay
9dbc7347b5 directory for nginx unix domain sockets in /run 2022-07-02 13:10:42 -04:00
Daniel Micay
765704b07f style fix 2022-06-30 07:05:13 -04:00
Daniel Micay
32074453eb nftables: use numeric port format 2022-06-30 07:02:34 -04:00
Daniel Micay
01f9274fc4 nftables: implement output filtering for loopback 2022-06-30 06:41:52 -04:00
Daniel Micay
fea9197ace disable unused chrony command port 2022-06-30 03:08:28 -04:00
Daniel Micay
e0ab41c4f4 nftables: friendlier output traffic filtering 2022-06-29 21:27:01 -04:00
Daniel Micay
3ca0c347c6 add baseline nftables configurations 2022-06-29 10:53:07 -04:00
Daniel Micay
52d67a3085 add chrony configuration 2022-06-29 10:51:41 -04:00
Daniel Micay
f6435cae74 reduce tcp retransmission attempts 2022-06-29 03:58:53 -04:00
Daniel Micay
905ff4d433 update mirrorlist 2022-06-06 12:18:19 -04:00
Daniel Micay
e73dab2375 update systemd/system.conf 2022-05-22 15:57:02 -04:00
Daniel Micay
8c81a44d6d update mirrorlist and switch to NA pkgbuild.com 2022-05-02 00:56:41 -04:00
Daniel Micay
4a732879f3 update grub configuration 2022-03-16 22:56:06 -04:00
Daniel Micay
962270c183 update system.conf 2022-03-14 15:08:14 -04:00
Daniel Micay
adb1ab92b3 update mirrorlist 2022-03-12 12:06:17 -05:00
Daniel Micay
72937c922f add new file limit configuration for sshd 2022-02-25 19:31:35 -05:00
Daniel Micay
8ad991e8c5 add locale configuration 2022-02-15 01:03:56 -05:00
Void
151a761d2b Fix readme 2021-12-16 12:43:34 -05:00
Daniel Micay
ed3824208d update mirrorlist 2021-12-12 18:57:48 -05:00
Daniel Micay
19d0e86112 add sshd_config.tmp to gitignore 2021-11-30 13:02:57 -05:00
Daniel Micay
f1005cf339 user-based whitelist for ssh access 2021-11-27 20:33:48 -05:00
Daniel Micay
9f82fe54bd use double brace for templates 2021-11-27 20:25:47 -05:00
Daniel Micay
693655f5bc blacklist unused intel_agp driver 2021-11-27 18:45:10 -05:00
Daniel Micay
6bbe5bc95a blacklist unused mouse/joystick drivers 2021-11-27 18:16:13 -05:00
Daniel Micay
47a765066c blacklist unused virtio_balloon driver 2021-11-27 18:16:09 -05:00
Daniel Micay
73a78746f1 hard-wire ext4 as the only initramfs filesystem 2021-11-27 17:11:38 -05:00
Daniel Micay
00c21469df add mkinitcpio.conf 2021-11-27 17:09:26 -05:00
Daniel Micay
7671f6b795 switch to a more consistent mirror 2021-11-26 18:08:17 -05:00
Daniel Micay
91c9fd275e update system-login 2021-11-21 22:38:36 -05:00
Daniel Micay
932b117824 blacklist useless floppy module too 2021-11-17 14:34:19 -05:00
Daniel Micay
96c77bf78a update mirrorlist 2021-11-14 09:43:30 -05:00
Daniel Micay
4a6474cb56 128k tcp_notsent_lowat to improve fairness/latency 2021-10-02 15:45:21 -04:00
Daniel Micay
35f539f237 only permit native system call architecture 2021-09-16 03:57:53 -04:00
Daniel Micay
87e8cdd144 blacklist useless pcspkr module 2021-09-15 00:33:38 -04:00
Daniel Micay
f5e61e0ca7 unbound: enable prefetch and prefetch-key 2021-09-14 23:58:14 -04:00
Daniel Micay
e4872fb5bb enable IP and IO accounting by default 2021-09-09 08:44:11 -04:00
Daniel Micay
64b3a1031d move units to systemd directory 2021-09-08 17:57:50 -04:00