Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-12-22 13:45:02 -05:00
Code Issues Packages Projects Releases Wiki Activity
579 Commits 1 Branch 0 Tags 1.9 MiB
e40fb1bd4e
Commit Graph

118 Commits

Author SHA1 Message Date
Daniel Micay
e40fb1bd4e add chronyd.service hardening based on not using sendmail 
This reverts the extra directives included in the standard
chronyd.service for supporting sendmail.
 2024-12-19 11:35:51 -05:00
Daniel Micay
8d59d143c1 update systemd sleep.conf 2024-12-12 10:24:25 -05:00
Daniel Micay
0151adf60e replace grapheneos.social server 2024-11-20 19:00:49 -05:00
Daniel Micay
c2ad59090e add missing configuration for systemd-oomd 2024-11-03 06:11:58 -05:00
Daniel Micay
9417513717 replace 3.releases.grapheneos.org server 2024-10-29 09:21:34 -04:00
Daniel Micay
5cc16bab0e use incrementing auto-restart delay for unbound 2024-10-21 07:25:41 -04:00
Daniel Micay
4a7919d736 add ManagedOOMPreference=avoid for sshd.service 2024-10-20 13:45:24 -04:00
Daniel Micay
3d80dc4eed add dependencies for session ticket rotation unit 2024-10-14 06:13:15 -04:00
Daniel Micay
2ddd98d485 cleanup session ticket key units 2024-10-14 06:11:32 -04:00
Daniel Micay
05d903ae3f move umask to systemd unit configuration 2024-10-14 06:11:32 -04:00
Daniel Micay
cbed8c0b42 use standard override.conf name for unit overrides 2024-10-13 21:27:51 -04:00
Daniel Micay
26bedef1a1 enable ManagedOOMSwap=kill for root slice 2024-10-13 05:26:08 -04:00
Daniel Micay
ea3d577ac6 use incrementing auto-restart delay 2024-09-15 00:20:45 -04:00
Daniel Micay
76c1ae3aaf enable auto-restart for unbound and chronyd 2024-09-14 22:27:40 -04:00
Daniel Micay
1f411314b5 enable indefinite service restarts 2024-09-14 20:16:10 -04:00
Daniel Micay
a787d6c446 use default RestartSec for nginx 2024-09-14 20:16:10 -04:00
Daniel Micay
b6d8ef1500 add intended CrashAction configuration 2024-08-18 19:49:51 -04:00
Daniel Micay
9638832f82 switch back to MaxRetentionSec now that it's fixed 
The fix for this causing excessive log rotation was backported to systemd 256.5.
 2024-08-18 19:41:04 -04:00
Daniel Micay
4dc70b8df7 update journald.conf 2024-08-18 19:28:57 -04:00
Tommy
6fc45525d9 Add NoNewPrivileges=true for certbot 2024-06-24 11:55:59 -04:00
Tommy
55221c8e44 Sort NGINX override alphabetically 
Everything is already sorted alphabetically, but for some reason NoNewPrivileges is above MemoryDenyWriteExecute
 2024-06-24 11:36:36 -04:00
Tommy
0e4d94e550 Remove redundant PrivateTmp=true 2024-06-24 11:18:11 -04:00
Daniel Micay
662a2d3522 update configuration for systemd 256 2024-06-18 13:16:03 -04:00
Daniel Micay
73a88e36ad replace 3.grapheneos.org and 3.grapheneos.network 2024-06-15 14:02:29 -04:00
Daniel Micay
66562272ac set preferred source for static IPv6 configuration 2024-03-26 21:50:12 -04:00
Daniel Micay
3de32072da consistently use short form IPv6 addresses 2024-03-26 21:24:50 -04:00
Daniel Micay
571644526d consistently list IPv4 routes before IPv6 routes 2024-03-26 21:24:50 -04:00
Daniel Micay
64e2e836d3 set preferred source for static IPv4 configuration 2024-03-26 21:24:48 -04:00
Daniel Micay
d8b70fce4f raise journal size for high log volume servers 2024-03-01 10:05:39 -05:00
Daniel Micay
23207e99bf replace 4.releases.grapheneos.org server 2024-02-24 10:34:52 -05:00
Daniel Micay
5b25870f96 enable reboot on systemd crash caught systemd 2024-02-13 13:07:51 -05:00
Daniel Micay
2e7058e9c4 replace certbot log rotation with logrotate 2024-02-13 12:38:14 -05:00
Daniel Micay
e81e9feef3 replace MaxRetentionSec to stop excessive rotation 2024-02-13 11:30:56 -05:00
Daniel Micay
0e3521564c replace mail.grapheneos.org server 2024-01-24 22:53:09 -05:00
Daniel Micay
da98484270 replace attestation.app server 2024-01-23 19:15:19 -05:00
Daniel Micay
7213c1745a replace 2.grapheneos.org and 2.grapheneos.network 2024-01-22 01:39:38 -05:00
Daniel Micay
4714b0bdb9 replace discuss.grapheneos.org server 2024-01-20 23:36:30 -05:00
Daniel Micay
6a0481714f replace 0.grapheneos.org and 0.grapheneos.network 2024-01-20 00:59:00 -05:00
Daniel Micay
a954a4a024 use clean syntax for IPv6 address 2024-01-18 08:44:19 -05:00
Daniel Micay
d22b380520 replace ns1.grapheneos.org server 2024-01-18 08:19:33 -05:00
Daniel Micay
e581aeafb5 use idle CPU scheduling mode for updatedb 2024-01-03 10:10:04 -05:00
Daniel Micay
dc4101f3de update systemd configuration files 2023-12-07 12:33:59 -05:00
Daniel Micay
15f1cbcd02 nginx: drop ExecStart override 2023-09-18 02:41:59 -04:00
Daniel Micay
90411f367c update OCSP cache path for certbot-renew.service 2023-09-02 15:07:28 -04:00
Daniel Micay
e1af23a478 add attestation service config for email 2023-08-18 23:57:44 -04:00
Daniel Micay
894f150a62 use CAKE no-split-gso for release servers 2023-08-06 23:18:53 -04:00
Daniel Micay
2f56bae4a5 use consistent naming for system drop-in configs 2023-08-04 14:45:15 -04:00
Daniel Micay
e56add4330 run fstrim daily instead of weekly 2023-08-04 14:38:41 -04:00
Daniel Micay
b67d037a5e add xfs_fsr service run before fstrim service 2023-08-03 16:35:53 -04:00
Daniel Micay
124897ccba update systemd/system.conf 2023-08-01 18:06:28 -04:00