Daniel Micay
384c29bd5e
simplify route metric configuration
2023-06-21 22:56:50 -04:00
Daniel Micay
d128124200
move website server mta-sts to mail server
2023-06-21 14:53:07 -04:00
Daniel Micay
4abeaf06f5
move network server mta-sts to mail server
2023-06-21 14:43:06 -04:00
Daniel Micay
884906f160
move mta-sts.seamlessupdate.app to mail server
2023-06-21 14:37:46 -04:00
Daniel Micay
5c6f540cf3
move mta-sts.matrix.grapheneos.org to mail server
2023-06-21 14:31:49 -04:00
Daniel Micay
dc840b7925
move mta-sts.grapheneos.social to mail server
2023-06-21 14:20:43 -04:00
Daniel Micay
aa89e675d6
move mta-sts.discuss.grapheneos.org to mail server
2023-06-21 14:20:21 -04:00
Daniel Micay
95e0c68cb0
move mta-sts.attestation.app to mail server
2023-06-21 13:59:46 -04:00
Daniel Micay
3034c845c9
move mta-sts.mail.grapheneos.org to mail server
2023-06-21 13:51:09 -04:00
Daniel Micay
a07fa271e3
fix domain for mail.grapheneos.org certbot init
2023-06-21 13:40:43 -04:00
Daniel Micay
fdf3839571
prepare to move MTA-STS web server to mail server
2023-06-21 13:12:04 -04:00
Daniel Micay
3d869bcac7
split out anycast DNS nftables configuration
2023-06-19 03:28:59 -04:00
Daniel Micay
d0d72994e2
replace ns2.grapheneos.org network configuration
2023-06-16 20:30:29 -04:00
Daniel Micay
341861f886
add xfsprogs package
2023-06-16 13:54:06 -04:00
Daniel Micay
f9bd265028
nftables: drop unnecessary semicolons
2023-06-10 22:14:54 -04:00
Daniel Micay
27aca7474c
drop no-op RemoveIPC
2023-06-10 20:42:37 -04:00
Daniel Micay
6223daec3f
document DANE TLSA commands
2023-06-09 01:09:47 -04:00
Daniel Micay
dcb50a9085
add /etc/sysctl.d/local-reserved-ports.conf
2023-06-06 21:55:11 -04:00
Daniel Micay
48f855cf83
exclude /etc/sysconfig in pacreport.conf
2023-06-06 17:05:58 -04:00
Daniel Micay
39ec27f421
move ssh configuration to subdirectory
2023-06-06 15:18:19 -04:00
Daniel Micay
4e12323e27
regenerate requirements.txt
2023-05-31 19:04:12 -04:00
Daniel Micay
36876296cd
update pacman.conf to match standard one
2023-05-22 19:26:21 -04:00
Daniel Micay
593701cd63
add certbot commands
2023-05-22 18:44:50 -04:00
Daniel Micay
6f6b8ceb54
enable chronyd seccomp filter
2023-05-07 00:02:51 -04:00
Daniel Micay
a74812ca6e
allow NTP requests to network servers
2023-05-05 10:44:43 -04:00
Daniel Micay
04e7114468
more precise gitignore rules
2023-04-16 16:09:20 -04:00
Daniel Micay
6c0201a9f7
add venv to gitignore
2023-04-16 16:08:58 -04:00
Daniel Micay
9b4d547dc1
mark php explicitly installed for forum
2023-04-10 02:22:20 -04:00
Daniel Micay
06d672d7f8
add credstore to pacreport configuration
2023-04-05 22:44:35 -04:00
Daniel Micay
19a7b5b9c9
add explicitly installed packages to repository
2023-04-04 14:43:57 -04:00
Daniel Micay
ac23681718
update systemd/system.conf
2023-03-30 03:17:00 -04:00
Daniel Micay
7ffac9ab5a
raise max journald files
2023-03-29 00:15:04 -04:00
Daniel Micay
c573091af4
use per-host journald SystemMaxUse
2023-03-25 07:04:46 -04:00
Daniel Micay
581b590be0
update python dependencies
2023-03-24 18:47:48 -04:00
Daniel Micay
83877cb983
add OVH mitigation control script
2023-02-22 16:22:47 -05:00
Daniel Micay
d550ccbc73
update sleep.conf
2023-02-17 17:51:41 -05:00
Daniel Micay
68a73e798a
update system.conf
2023-02-17 17:51:24 -05:00
Daniel Micay
7fc42a25c4
remove Arch Linux nginx error_log configuration
...
error_log works the same way as add_header where defining it again on
the same level is additive and logs to both places, meaning that there
are duplicated logs when defining a proper syslog error_log output at
the top level.
2023-02-17 17:31:00 -05:00
Daniel Micay
312b1a027b
switch to unix domain sockets for mastodon
2023-02-17 16:24:35 -05:00
Daniel Micay
53b2431f6b
switch to unix socket socket for redis
2023-02-15 02:45:52 -05:00
Daniel Micay
f8d62478cf
drop old nginx tmpfiles.d conf from pacreport.conf
2023-02-14 01:43:03 -05:00
Daniel Micay
c9dcf479fc
allow PowerDNS webserver on loopback for root
2023-02-14 01:19:19 -05:00
Daniel Micay
7871fa2d51
add comments for unbound avoid port configuration
2023-02-11 20:29:33 -05:00
Daniel Micay
edbb9158a4
avoid port 7275 (supl) for unbound
2023-02-11 20:23:22 -05:00
Daniel Micay
34d0f7fc3b
baseline web server config doesn't use DNS
2023-02-11 03:26:25 -05:00
Daniel Micay
8b96ee620c
split out network nftables rules for SUPL proxy
2023-02-11 03:11:47 -05:00
Daniel Micay
f0f6b9d993
sshd: switch to SSH protocol keep alive
2023-02-10 11:20:54 -05:00
Daniel Micay
d47d1569e5
update sshd_config
2023-02-02 13:48:35 -05:00
Daniel Micay
1ba011b865
update pacreport.conf
2023-01-31 20:22:36 -05:00
Daniel Micay
3dfbd4e777
add init_on_free=1 for non-hardened kernels
2023-01-23 21:34:33 -05:00