Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-06-21 05:04:32 -04:00
Code Issues Projects Releases Packages Wiki Activity
603 commits 1 branch 0 tags 2.3 MiB
Commit graph

125 commits

Author SHA1 Message Date
Daniel Micay
fd31471ae3 enable CAKE for the new update server 
This wasn't initially enabled because we were concerned about a
potential bottleneck due to CAKE being single threaded. We expect the
Ryzen 9950X will be more than powerful enough for CAKE at 25Gbps and it
does appear to help substantially compared to fq_codel with maintaining
high throughput across problematic connections especially when combined
with BBR which we'll likely switch to for congestion control across the
servers, especially with BBRv3 on the horizon.
 2025-04-03 17:08:49 -04:00
Daniel Micay
b7aab6e0da rename new update server 2025-04-03 17:08:45 -04:00
Daniel Micay
f32458e296 phase out old update server names 2025-04-03 15:36:37 -04:00
Daniel Micay
4dfae68196 add 8.releases.grapheneos.org server 2025-04-02 14:47:25 -04:00
Daniel Micay
86e6dd61e6 replace 0.releases.grapheneos.org server 2025-03-19 12:05:37 -04:00
Daniel Micay
6cce70a859 use CAKE no-split-gso for BuyVM servers 2025-02-16 04:32:21 -05:00
Daniel Micay
54dc10b79f set up systemd runtime watchdog support 
Services without a hardware watchdog will need to use softdog and won't
get most of the benefits but it's still useful.
 2025-02-12 08:23:11 -05:00
Daniel Micay
e40fb1bd4e add chronyd.service hardening based on not using sendmail 
This reverts the extra directives included in the standard
chronyd.service for supporting sendmail.
 2024-12-19 11:35:51 -05:00
Daniel Micay
8d59d143c1 update systemd sleep.conf 2024-12-12 10:24:25 -05:00
Daniel Micay
0151adf60e replace grapheneos.social server 2024-11-20 19:00:49 -05:00
Daniel Micay
c2ad59090e add missing configuration for systemd-oomd 2024-11-03 06:11:58 -05:00
Daniel Micay
9417513717 replace 3.releases.grapheneos.org server 2024-10-29 09:21:34 -04:00
Daniel Micay
5cc16bab0e use incrementing auto-restart delay for unbound 2024-10-21 07:25:41 -04:00
Daniel Micay
4a7919d736 add ManagedOOMPreference=avoid for sshd.service 2024-10-20 13:45:24 -04:00
Daniel Micay
3d80dc4eed add dependencies for session ticket rotation unit 2024-10-14 06:13:15 -04:00
Daniel Micay
2ddd98d485 cleanup session ticket key units 2024-10-14 06:11:32 -04:00
Daniel Micay
05d903ae3f move umask to systemd unit configuration 2024-10-14 06:11:32 -04:00
Daniel Micay
cbed8c0b42 use standard override.conf name for unit overrides 2024-10-13 21:27:51 -04:00
Daniel Micay
26bedef1a1 enable ManagedOOMSwap=kill for root slice 2024-10-13 05:26:08 -04:00
Daniel Micay
ea3d577ac6 use incrementing auto-restart delay 2024-09-15 00:20:45 -04:00
Daniel Micay
76c1ae3aaf enable auto-restart for unbound and chronyd 2024-09-14 22:27:40 -04:00
Daniel Micay
1f411314b5 enable indefinite service restarts 2024-09-14 20:16:10 -04:00
Daniel Micay
a787d6c446 use default RestartSec for nginx 2024-09-14 20:16:10 -04:00
Daniel Micay
b6d8ef1500 add intended CrashAction configuration 2024-08-18 19:49:51 -04:00
Daniel Micay
9638832f82 switch back to MaxRetentionSec now that it's fixed 
The fix for this causing excessive log rotation was backported to systemd 256.5.
 2024-08-18 19:41:04 -04:00
Daniel Micay
4dc70b8df7 update journald.conf 2024-08-18 19:28:57 -04:00
Tommy
6fc45525d9 Add NoNewPrivileges=true for certbot 2024-06-24 11:55:59 -04:00
Tommy
55221c8e44 Sort NGINX override alphabetically 
Everything is already sorted alphabetically, but for some reason NoNewPrivileges is above MemoryDenyWriteExecute
 2024-06-24 11:36:36 -04:00
Tommy
0e4d94e550 Remove redundant PrivateTmp=true 2024-06-24 11:18:11 -04:00
Daniel Micay
662a2d3522 update configuration for systemd 256 2024-06-18 13:16:03 -04:00
Daniel Micay
73a88e36ad replace 3.grapheneos.org and 3.grapheneos.network 2024-06-15 14:02:29 -04:00
Daniel Micay
66562272ac set preferred source for static IPv6 configuration 2024-03-26 21:50:12 -04:00
Daniel Micay
3de32072da consistently use short form IPv6 addresses 2024-03-26 21:24:50 -04:00
Daniel Micay
571644526d consistently list IPv4 routes before IPv6 routes 2024-03-26 21:24:50 -04:00
Daniel Micay
64e2e836d3 set preferred source for static IPv4 configuration 2024-03-26 21:24:48 -04:00
Daniel Micay
d8b70fce4f raise journal size for high log volume servers 2024-03-01 10:05:39 -05:00
Daniel Micay
23207e99bf replace 4.releases.grapheneos.org server 2024-02-24 10:34:52 -05:00
Daniel Micay
5b25870f96 enable reboot on systemd crash caught systemd 2024-02-13 13:07:51 -05:00
Daniel Micay
2e7058e9c4 replace certbot log rotation with logrotate 2024-02-13 12:38:14 -05:00
Daniel Micay
e81e9feef3 replace MaxRetentionSec to stop excessive rotation 2024-02-13 11:30:56 -05:00
Daniel Micay
0e3521564c replace mail.grapheneos.org server 2024-01-24 22:53:09 -05:00
Daniel Micay
da98484270 replace attestation.app server 2024-01-23 19:15:19 -05:00
Daniel Micay
7213c1745a replace 2.grapheneos.org and 2.grapheneos.network 2024-01-22 01:39:38 -05:00
Daniel Micay
4714b0bdb9 replace discuss.grapheneos.org server 2024-01-20 23:36:30 -05:00
Daniel Micay
6a0481714f replace 0.grapheneos.org and 0.grapheneos.network 2024-01-20 00:59:00 -05:00
Daniel Micay
a954a4a024 use clean syntax for IPv6 address 2024-01-18 08:44:19 -05:00
Daniel Micay
d22b380520 replace ns1.grapheneos.org server 2024-01-18 08:19:33 -05:00
Daniel Micay
e581aeafb5 use idle CPU scheduling mode for updatedb 2024-01-03 10:10:04 -05:00
Daniel Micay
dc4101f3de update systemd configuration files 2023-12-07 12:33:59 -05:00
Daniel Micay
15f1cbcd02 nginx: drop ExecStart override 2023-09-18 02:41:59 -04:00