Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-12-22 13:45:02 -05:00
Code Issues Packages Projects Releases Wiki Activity
477 Commits 1 Branch 0 Tags 1.9 MiB
edfe1fae10
Commit Graph

477 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
edfe1fae10 extend info fetching to sysctl values 2024-07-24 16:58:11 -04:00
Daniel Micay
80d15552dd add mutt to mail.grapheneos.org for inspecting service accounts 2024-07-13 19:39:31 -04:00
Daniel Micay
c6cd78e707 force DMARC enforcement for outlook.com 2024-07-08 10:38:42 -04:00
Daniel Micay
e3c2c1565d ovh-mitigation: add checking/toggling firewall 2024-07-05 00:40:20 -04:00
Daniel Micay
e8403c3098 update python dependencies 2024-07-05 00:32:25 -04:00
Daniel Micay
66c512b65f reduce SSH liveness check timeout to ~2 minutes 2024-07-02 18:06:47 -04:00
Daniel Micay
01201c0ece disable io_uring without CAP_SYS_ADMIN or io_uring group 2024-07-01 23:15:38 -04:00
Tommy
6e6957876e Update certbot-ocsp-fetcher to match upstream 2024-07-01 21:37:10 -04:00
Daniel Micay
84b2193808 switch to noswap tmpfs from ramfs for session ticket keys 2024-06-28 12:44:31 -04:00
Daniel Micay
ba2540c3fe add directory for home directory files 2024-06-27 10:13:15 -04:00
Tommy
6fc45525d9 Add NoNewPrivileges=true for certbot 2024-06-24 11:55:59 -04:00
Tommy
55221c8e44 Sort NGINX override alphabetically 
Everything is already sorted alphabetically, but for some reason NoNewPrivileges is above MemoryDenyWriteExecute
 2024-06-24 11:36:36 -04:00
Tommy
0e4d94e550 Remove redundant PrivateTmp=true 2024-06-24 11:18:11 -04:00
Daniel Micay
4382120e37 set umask for encrypted swapfile creation 2024-06-21 22:36:27 -04:00
Daniel Micay
597f534d63 increase journal file size for 3.grapheneos.network 2024-06-21 16:51:36 -04:00
Daniel Micay
f7643fa8b7 reorder initial deployment 2024-06-19 11:54:08 -04:00
Daniel Micay
4c52595bfd drop unmodified hosts file 2024-06-19 11:49:13 -04:00
Daniel Micay
54181d3031 increase journal size for update servers 2024-06-19 11:42:42 -04:00
Daniel Micay
65e2b8b109 increase journal size for network servers 2024-06-19 11:38:22 -04:00
Daniel Micay
1dc26ba006 add VerifyHostKeyDNS ask to ssh_config 2024-06-18 14:25:16 -04:00
Daniel Micay
4475df98a4 deploy nftables rules in deploy-initial 2024-06-18 14:15:19 -04:00
Daniel Micay
f40a017ec3 add nftables configuration mapping to hosts.sh 2024-06-18 13:55:18 -04:00
Daniel Micay
662a2d3522 update configuration for systemd 256 2024-06-18 13:16:03 -04:00
Daniel Micay
54490cf662 update python dependencies 2024-06-17 23:52:00 -04:00
Daniel Micay
d103f6cdf3 simplify deployment script usage 2024-06-17 18:29:28 -04:00
Daniel Micay
750cd5e985 replace urandom with random 
These both use the same CSPRNG on modern kernels, but random waits for
CSPRNG initialization instead of only attempting to initialize it.
 2024-06-17 15:04:13 -04:00
Daniel Micay
ce1fef8c0e use per-server package list for deploy-initial 2024-06-17 15:00:36 -04:00
Daniel Micay
73a88e36ad replace 3.grapheneos.org and 3.grapheneos.network 2024-06-15 14:02:29 -04:00
Daniel Micay
55e7cadc02 update deploy-initial image version 2024-06-15 13:36:29 -04:00
Daniel Micay
7a78e3bd07 count: add akita 2024-06-11 22:56:05 -04:00
Daniel Micay
aefa91830e update python dependencies 2024-06-08 14:34:08 -04:00
Daniel Micay
8e9fe48605 update python dependencies 2024-06-06 00:26:45 -04:00
Daniel Micay
1ed92eb04c short ISRG Root X1 chain is now the default 2024-06-04 13:26:50 -04:00
Daniel Micay
aacde289bf add postfix-pcre package to mail.grapheneos.org 2024-05-30 12:12:05 -04:00
Daniel Micay
59e15db025 update python dependencies 2024-05-30 10:32:19 -04:00
Daniel Micay
f837b81bbd replace obsolete python-postfix-policyd-spf with python-spf-engine 2024-05-29 22:32:33 -04:00
Daniel Micay
d77a7b2cff drop python-pydantic workaround 
This was added as a dependency for matrix-synapse.
 2024-05-24 15:43:08 -04:00
Daniel Micay
e1f968617b replace sshpass with swiftclient for backups 2024-05-24 15:35:04 -04:00
Daniel Micay
f1d388e5c9 add list of hosts using automated backups 2024-05-24 15:34:16 -04:00
Daniel Micay
a2758fe665 update python dependencies 2024-05-24 15:33:27 -04:00
Daniel Micay
39a48e6585 update python dependencies 2024-05-21 13:38:50 -04:00
Daniel Micay
38dc2fb4d2 add samsung.psds.grapheneos.org subdomain 2024-05-15 14:36:26 -04:00
Daniel Micay
3b1c43d29f update requirements.txt 2024-04-30 12:32:40 -04:00
Daniel Micay
f9425e3ebd reduce conntrack UDP timeouts 
This only applies to outbound NTP requests since we use notrack for our
UDP services and DNS-over-TLS for our local resolver. We'd have no need
for longer timeouts even if that wasn't the case.
 2024-04-30 12:13:02 -04:00
Daniel Micay
6dbc014f4b set conntrack expectation table to minimum size 2024-04-27 12:48:21 -04:00
Daniel Micay
a067120a49 downgrade to supported nodejs LTS branch for mjolnir 2024-04-27 09:48:20 -04:00
Daniel Micay
ba79d80b52 raise burst value for synproxy threshold 2024-04-26 16:30:49 -04:00
Daniel Micay
c99b8d0b47 nftables: use default drop in prerouting-raw table 2024-04-26 10:42:45 -04:00
Daniel Micay
bab3f0c14a disable IPv4-mapped IPv6 addresses by default 2024-04-25 10:38:54 -04:00
Daniel Micay
2c2943cc3e override default conntrack table size 2024-04-25 01:59:35 -04:00