graphene-os-server-infrastructure

Git-Mirrors/graphene-os-server-infrastructure

mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-11-24 00:33:09 -05:00

Author	SHA1	Message	Date
Daniel Micay	e66ad005be	drop zerotier-one from ns1.staging.grapheneos.org We aren't currently using this for testing and it's going to be phased out for the ns1 servers as soon as we get a second IPv4 /24. This also switches over to using the nftables ruleset for ns2 instead of ns1 since it doesn't need the zerotier nftables configuration anymore.	2025-11-21 11:31:48 -05:00
Daniel Micay	029ec73c3c	networkd: set PreferredLifetime=0 for anycast IPs This avoids these being used for outbound connections.	2025-11-21 11:31:48 -05:00
Daniel Micay	a0ba527f9d	remove gra1.grapheneos.org and las0.grapheneos.org	2025-11-21 11:31:48 -05:00
Daniel Micay	1fad7ca6cd	add fra.grapheneos.org and hio.grapheneos.org servers These were previously 2 of our 4 OVH ns1.grapheneos.org instances. Our ns1.grapheneos.network network has been entirely moved to Vultr for BGP support so we're reusing these 2 instances as replacements for 2 of the existing grapheneos.org servers.	2025-11-21 11:31:48 -05:00
Daniel Micay	79d4fc2b9c	deploy-web: improve error checking	2025-11-21 11:31:48 -05:00
Daniel Micay	5a17e4ba8c	make /var/log/nginx permissions match log files	2025-11-21 11:31:48 -05:00
Daniel Micay	2682ce9439	pacreport: add syslog-ng configuration sub-directory	2025-11-21 11:31:48 -05:00
Daniel Micay	c7276bdc2d	reboot: add BGP integration	2025-11-21 11:31:48 -05:00
Daniel Micay	209b1b5def	add lon.ns1.grapheneos.org	2025-11-21 11:31:48 -05:00
Daniel Micay	9d9dbb906b	switch to geolocation-based pkgbuild.com mirror	2025-11-21 11:31:48 -05:00
Daniel Micay	1883a539d0	nftables: include our own anycast addresses	2025-11-21 11:31:48 -05:00
Daniel Micay	d2dcec7e02	ns2: add IPv4 address from our anycast /24	2025-11-21 11:31:48 -05:00
Daniel Micay	0dfb05852f	networkd: add comments for anycast addresses	2025-11-21 11:31:48 -05:00
Daniel Micay	bb86e16179	networkd: remove unnecessary [Address] sections	2025-11-21 11:31:48 -05:00
Daniel Micay	5adb170069	add mia.ns2.grapheneos.org server	2025-11-21 11:31:48 -05:00
Daniel Micay	649e2b53c4	replace remaining OVH ns1 servers with Vultr	2025-11-21 11:31:48 -05:00
Daniel Micay	066fdd0d09	add IPv6 address from our /48 announced from BuyVM	2025-11-21 11:31:48 -05:00
Daniel Micay	68ac3a8726	add bird to ns2.grapheneos.org to use our IP space	2025-11-21 11:31:48 -05:00
Daniel Micay	60b879deb7	hosts: add list of Vultr instances	2025-11-21 11:31:48 -05:00
Daniel Micay	fe999c541a	add IPv6 address from our /48 announced from Vultr	2025-11-21 11:31:48 -05:00
Daniel Micay	5b82f11b25	nftables: ns1: add fq priority configuration	2025-11-21 11:31:48 -05:00
Daniel Micay	5256f2e4a4	replace 1.ns1.grapheneos.org server with sea.ns1.grapheneos.org	2025-11-21 11:31:48 -05:00
Daniel Micay	f95fa51821	add lax.ns1.grapheneos.org server	2025-11-21 11:31:48 -05:00
Daniel Micay	951662aeca	replace 0.ns1.grapheneos.org server with nyc.ns1.grapheneos.org	2025-11-21 11:31:48 -05:00
Daniel Micay	4aba8d355a	add mia.ns1.grapheneos.org server	2025-11-21 11:31:48 -05:00
Daniel Micay	f0682a9aa2	deploy-initial-vps: handle mkinitcpio.conf split	2025-11-21 11:31:48 -05:00
Daniel Micay	cc83000202	deploy-initial-vps: update Arch ISO image version	2025-11-21 11:31:48 -05:00
Daniel Micay	e78433dbf8	certbot: add nominatim.staging.grapheneos.org	2025-11-21 11:31:48 -05:00
Daniel Micay	d0751e07c6	certbot: rename 0.grapheneos.org to bhs0.grapheneos.org	2025-11-21 11:31:48 -05:00
Daniel Micay	b80f10f396	syslog-ng: add receive timestamps to nginx logs Since nginx only uses 1 second precision for the error logs and syslog timestamps, we can use receive time on the syslog-ng side. We can switch to source time once nginx adds RFC 5424 support which is currently in an open pull request but will likely require changes to add a configuration option for it. Our approach to working around this within nginx doesn't work perfectly since $msec generates the time on-demand separately from the timestamp used by $time_iso8601.	2025-11-21 11:31:48 -05:00
Daniel Micay	a45b8ada72	syslog-ng: split nginx configuration into conf.d	2025-11-21 11:31:48 -05:00
Daniel Micay	7a5535973b	syslog-ng: raise frac-digits to 3	2025-11-21 11:31:48 -05:00
Daniel Micay	a511902b90	add syslog-ng include directory	2025-11-21 11:31:48 -05:00
Daniel Micay	ce4fe06d6a	add script for checking reverse DNS	2025-11-21 11:31:48 -05:00
Daniel Micay	f36aa981cd	update lax.releases.grapheneos.org IPv6 address	2025-11-21 11:31:48 -05:00
Daniel Micay	6e728a885c	use journald reload support added in systemd 258	2025-11-21 11:31:48 -05:00
Daniel Micay	51d23a1736	count: handle nginx logs being done with syslog-ng	2025-11-21 11:31:48 -05:00
Daniel Micay	5fe719250b	certbot: merge 0.grapheneos.network into 0.grapheneos.org	2025-11-21 11:31:48 -05:00
Daniel Micay	ebd44c9253	grapheneos.org: switch to location-based server names	2025-11-21 11:31:48 -05:00
Daniel Micay	3a720695c6	add missing reserved ports entries for unbound	2025-11-21 11:31:48 -05:00
Daniel Micay	5f5c590bbc	add deploy-hostname script	2025-11-21 11:31:48 -05:00
Daniel Micay	37809b12ad	new naming convention for staging server hostnames	2025-11-21 11:31:48 -05:00
Daniel Micay	e3bcb9e87f	ns2.grapheneos.org: switch to location-based server names	2025-11-21 11:31:48 -05:00
Daniel Micay	93e1d3866b	releases.grapheneos.org: switch to location-based server names	2025-11-21 11:31:48 -05:00
Daniel Micay	c354823e2e	grapheneos.social: switch to Node.js 24 LTS	2025-11-21 03:46:12 -05:00
Daniel Micay	89686dc1a0	nftables: style fix	2025-11-21 03:46:12 -05:00
Daniel Micay	f24f557736	deploy-bootloader: deploy systemd-boot-update.service.d	2025-11-21 03:46:12 -05:00
Daniel Micay	6c8ddbe012	drop unnecessary inclusion of / in fstab	2025-11-21 03:46:12 -05:00
Daniel Micay	1427e0c7c4	add mkinitcpio.conf for servers with mdraid	2025-11-21 03:46:12 -05:00
Daniel Micay	50729cadb9	split metal and mdraid server types	2025-11-21 03:46:07 -05:00

1 2 3 4 5 ...

859 commits