Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-12-22 05:35:00 -05:00
Code Issues Packages Projects Releases Wiki Activity
563 Commits 1 Branch 0 Tags 1.9 MiB
ed2aeeed88
Commit Graph

563 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
4a7919d736 add ManagedOOMPreference=avoid for sshd.service 2024-10-20 13:45:24 -04:00
Daniel Micay
5d28d1e87f switch to systemd-based initramfs 2024-10-19 13:54:54 -04:00
Daniel Micay
960d08b3e6 drop global environment configuration for less 
This is being handled per-user now.
 2024-10-18 12:44:37 -04:00
Daniel Micay
7eeddfcffd raise journal size for discuss.grapheneos.org 2024-10-14 06:30:16 -04:00
Daniel Micay
703e504928 raise journal size for matrix.grapheneos.org 2024-10-14 06:29:24 -04:00
Daniel Micay
652ca46ed9 raise journal size for 0.grapheneos.org 2024-10-14 06:28:03 -04:00
Daniel Micay
3d80dc4eed add dependencies for session ticket rotation unit 2024-10-14 06:13:15 -04:00
Daniel Micay
2ddd98d485 cleanup session ticket key units 2024-10-14 06:11:32 -04:00
Daniel Micay
05d903ae3f move umask to systemd unit configuration 2024-10-14 06:11:32 -04:00
Daniel Micay
9ec62a0b79 move session ticket mount to fstab 2024-10-14 06:00:42 -04:00
Daniel Micay
cbed8c0b42 use standard override.conf name for unit overrides 2024-10-13 21:27:51 -04:00
Daniel Micay
26bedef1a1 enable ManagedOOMSwap=kill for root slice 2024-10-13 05:26:08 -04:00
Daniel Micay
e0fa670834 update python dependencies 2024-10-11 02:44:17 -04:00
Daniel Micay
b91653c696 enable systemd-oomd.service during initial deployment 2024-10-10 23:48:01 -04:00
Daniel Micay
a410e5aac6 enable sysstat.service during initial deployment 2024-10-10 23:47:40 -04:00
Daniel Micay
ce3ab7802c certbot: add gs-loc.apple.grapheneos.org 2024-09-26 14:55:04 -04:00
Daniel Micay
051a8bddf7 add disconnect script 2024-09-25 17:44:13 -04:00
Daniel Micay
858a99a534 raise discuss.grapheneos.org journal size 2024-09-23 13:22:14 -04:00
Daniel Micay
3578236a7d force DMARC enforcement for hotmail.com and live.com 2024-09-15 01:31:08 -04:00
Daniel Micay
167618930b update for pacman 7.0.0 download sandbox 2024-09-15 01:14:01 -04:00
Daniel Micay
ea3d577ac6 use incrementing auto-restart delay 2024-09-15 00:20:45 -04:00
Daniel Micay
76c1ae3aaf enable auto-restart for unbound and chronyd 2024-09-14 22:27:40 -04:00
Daniel Micay
b04898594a add valkey to discuss.grapheneos.org 2024-09-14 20:43:30 -04:00
Daniel Micay
1f411314b5 enable indefinite service restarts 2024-09-14 20:16:10 -04:00
Daniel Micay
a787d6c446 use default RestartSec for nginx 2024-09-14 20:16:10 -04:00
Daniel Micay
b268bd4e59 raise journal size for EU website server 2024-09-13 06:32:39 -04:00
Daniel Micay
bdc6ee4a95 raise journal size for NA network servers 2024-09-12 18:59:55 -04:00
Daniel Micay
0e3b64f259 update python dependencies 2024-09-05 20:58:00 -04:00
Daniel Micay
ae774a4661 drop base-devel from grapheneos.social 
The package is now working around this issue.
 2024-09-05 20:56:58 -04:00
Daniel Micay
b6d8ef1500 add intended CrashAction configuration 2024-08-18 19:49:51 -04:00
Daniel Micay
9638832f82 switch back to MaxRetentionSec now that it's fixed 
The fix for this causing excessive log rotation was backported to systemd 256.5.
 2024-08-18 19:41:04 -04:00
Daniel Micay
4dc70b8df7 update journald.conf 2024-08-18 19:28:57 -04:00
Daniel Micay
0dfe08d66e add stress package to all servers 
This is useful for regularly done testing and doesn't pull in a huge
number of dependencies like stress-ng.
 2024-08-11 18:30:34 -04:00
Daniel Micay
37842e4d17 temporarily add base-devel to grapheneos.social 
Needed to work around a Ruby dependency issue.
 2024-08-11 17:51:10 -04:00
Daniel Micay
27bd153454 nftables: use allowlist for ICMP types 2024-07-25 23:13:29 -04:00
Daniel Micay
437c5a5f3d raise journal file size for grapheneos.social 2024-07-25 11:59:56 -04:00
Daniel Micay
edfe1fae10 extend info fetching to sysctl values 2024-07-24 16:58:11 -04:00
Daniel Micay
80d15552dd add mutt to mail.grapheneos.org for inspecting service accounts 2024-07-13 19:39:31 -04:00
Daniel Micay
c6cd78e707 force DMARC enforcement for outlook.com 2024-07-08 10:38:42 -04:00
Daniel Micay
e3c2c1565d ovh-mitigation: add checking/toggling firewall 2024-07-05 00:40:20 -04:00
Daniel Micay
e8403c3098 update python dependencies 2024-07-05 00:32:25 -04:00
Daniel Micay
66c512b65f reduce SSH liveness check timeout to ~2 minutes 2024-07-02 18:06:47 -04:00
Daniel Micay
01201c0ece disable io_uring without CAP_SYS_ADMIN or io_uring group 2024-07-01 23:15:38 -04:00
Tommy
6e6957876e Update certbot-ocsp-fetcher to match upstream 2024-07-01 21:37:10 -04:00
Daniel Micay
84b2193808 switch to noswap tmpfs from ramfs for session ticket keys 2024-06-28 12:44:31 -04:00
Daniel Micay
ba2540c3fe add directory for home directory files 2024-06-27 10:13:15 -04:00
Tommy
6fc45525d9 Add NoNewPrivileges=true for certbot 2024-06-24 11:55:59 -04:00
Tommy
55221c8e44 Sort NGINX override alphabetically 
Everything is already sorted alphabetically, but for some reason NoNewPrivileges is above MemoryDenyWriteExecute
 2024-06-24 11:36:36 -04:00
Tommy
0e4d94e550 Remove redundant PrivateTmp=true 2024-06-24 11:18:11 -04:00
Daniel Micay
4382120e37 set umask for encrypted swapfile creation 2024-06-21 22:36:27 -04:00