Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-06-13 08:22:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Git-Mirrors:471a0d6ccc29ae59211e27b08efed94b958ce08e
Branches Tags
Git-Mirrors:main
...
compare: Git-Mirrors:cd3849d355a83d54cfdc9ca4c2ea1c656b3ca764
Branches Tags
Git-Mirrors:main

9 Commits
471a0d6ccc ... cd3849d355

Author SHA1 Message Date
Tommy
cd3849d355
Merge eeaaf12886 into ee62868a7b 2024-04-23 10:53:17 +02:00
Daniel Micay
ee62868a7b nftables: use standard order for verdict map 2024-04-23 03:30:15 -04:00
Daniel Micay
965bc4f951 nftables: add invalid case to ct state vmap 
This might as well be dropped by the verdict map instead of falling
through to the default drop policy.
 2024-04-23 02:38:40 -04:00
Daniel Micay
5ba6cbd3d1 nftables: simplify rules via untracked state 2024-04-23 02:34:17 -04:00
Daniel Micay
d369f159a9 add nmap package across servers mainly for nping 
It's extremely useful to have this around for debugging network issues,
testing firewall rules and other purposes. It's not particularly useful
having nmap itself, but nping and to a lesser extent ncat are great to
have available.
 2024-04-22 10:43:11 -04:00
Daniel Micay
9f99e9c3a5 drop whois package from discuss.grapheneos.org 
There's no particular reason to have this on the servers since it can be
done locally.
 2024-04-22 10:38:28 -04:00
Tommy
eeaaf12886
Typo fix 2023-09-07 19:57:24 -07:00
Tommy
4a985cbe29
Typo fix 2023-09-07 19:56:43 -07:00
Tommy
1bc32489f1
Use curve secp384r1 2023-09-07 19:51:41 -07:00
47 changed files with 55 additions and 50 deletions
Show Stats Expand all files Collapse all files

2
certbot/0.grapheneos.network
View File

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" \ --key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" --elliptic-curve secp384r1 \
--deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \ --deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \
--cert-name grapheneos.network \ --cert-name grapheneos.network \
-d grapheneos.network \ -d grapheneos.network \

2
certbot/0.grapheneos.org
View File

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" \ --key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" --elliptic-curve secp384r1 \
--deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \ --deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \
--cert-name grapheneos.org \ --cert-name grapheneos.org \
-d grapheneos.org \ -d grapheneos.org \

2
certbot/0.releases.grapheneos.org
View File

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" \ --key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" --elliptic-curve secp384r1 \
--deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \ --deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \
--cert-name releases.grapheneos.org \ --cert-name releases.grapheneos.org \
-d releases.grapheneos.org \ -d releases.grapheneos.org \

2
certbot/attestation.app
View File

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" \ --key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" --elliptic-curve secp384r1 \
--deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \ --deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \
--cert-name attestation.app \ --cert-name attestation.app \
-d attestation.app \ -d attestation.app \

2
certbot/discuss.grapheneos.org
View File

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" \ --key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" --elliptic-curve secp384r1 \
--deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \ --deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \
--cert-name discuss.grapheneos.org \ --cert-name discuss.grapheneos.org \
-d discuss.grapheneos.org -d discuss.grapheneos.org

2
certbot/grapheneos.social
View File

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" \ --key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" --elliptic-curve secp384r1 \
--deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \ --deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \
--cert-name grapheneos.social \ --cert-name grapheneos.social \
-d grapheneos.social \ -d grapheneos.social \

2
certbot/matrix.grapheneos.org
View File

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" \ --key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" --elliptic-curve secp384r1 \
--deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \ --deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \
--cert-name matrix.grapheneos.org \ --cert-name matrix.grapheneos.org \
-d matrix.grapheneos.org \ -d matrix.grapheneos.org \

2
certbot/mta-sts.mail.grapheneos.org
View File

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" \ --key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" --elliptic-curve secp384r1 \
--deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \ --deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \
--cert-name mta-sts.mail.grapheneos.org \ --cert-name mta-sts.mail.grapheneos.org \
-d mail.grapheneos.org \ -d mail.grapheneos.org \

2
certbot/staging.attestation.app
View File

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" \ --key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" --elliptic-curve secp384r1 \
--deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \ --deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \
--cert-name staging.attestation.app \ --cert-name staging.attestation.app \
-d staging.attestation.app -d staging.attestation.app

2
certbot/staging.grapheneos.org
View File

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" \ --key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" --elliptic-curve secp384r1 \
--deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \ --deploy-hook "certbot-ocsp-fetcher -o /var/cache/certbot-ocsp-fetcher" \
--cert-name staging.grapheneos.org \ --cert-name staging.grapheneos.org \
-d staging.grapheneos.org -d staging.grapheneos.org

6
nftables/nftables-attestation.conf
View File

@ -47,16 +47,14 @@ table inet filter {
policy drop policy drop
tcp dport { 22, 80, 443 } goto input-tcp-service tcp dport { 22, 80, 443 } goto input-tcp-service
iif lo accept ct state vmap { invalid : drop, established : accept, related : accept, new : drop, untracked: accept }
meta l4proto { icmp, ipv6-icmp } accept
ct state vmap { new : drop, established : accept, related : accept }
} }
chain input-tcp-service { chain input-tcp-service {
iif lo goto input-tcp-service-loopback iif lo goto input-tcp-service-loopback
# for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough # for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough
ct state vmap { new : goto input-tcp-service-new, established : goto input-tcp-service-established, related : accept } ct state vmap { established : goto input-tcp-service-established, related : accept, new : goto input-tcp-service-new }
tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset
tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset

6
nftables/nftables-discuss.conf
View File

@ -47,16 +47,14 @@ table inet filter {
policy drop policy drop
tcp dport { 22, 80, 443 } goto input-tcp-service tcp dport { 22, 80, 443 } goto input-tcp-service
iif lo accept ct state vmap { invalid : drop, established : accept, related : accept, new : drop, untracked: accept }
meta l4proto { icmp, ipv6-icmp } accept
ct state vmap { new : drop, established : accept, related : accept }
} }
chain input-tcp-service { chain input-tcp-service {
iif lo goto input-tcp-service-loopback iif lo goto input-tcp-service-loopback
# for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough # for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough
ct state vmap { new : goto input-tcp-service-new, established : goto input-tcp-service-established, related : accept } ct state vmap { established : goto input-tcp-service-established, related : accept, new : goto input-tcp-service-new }
tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset
tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset

6
nftables/nftables-mail.conf
View File

@ -59,16 +59,14 @@ table inet filter {
policy drop policy drop
tcp dport { 22, 25, 80, 443, 465, 993 } goto input-tcp-service tcp dport { 22, 25, 80, 443, 465, 993 } goto input-tcp-service
iif lo accept ct state vmap { invalid : drop, established : accept, related : accept, new : drop, untracked: accept }
meta l4proto { icmp, ipv6-icmp } accept
ct state vmap { new : drop, established : accept, related : accept }
} }
chain input-tcp-service { chain input-tcp-service {
iif lo goto input-tcp-service-loopback iif lo goto input-tcp-service-loopback
# for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough # for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough
ct state vmap { new : goto input-tcp-service-new, established : goto input-tcp-service-established, related : accept } ct state vmap { established : goto input-tcp-service-established, related : accept, new : goto input-tcp-service-new }
tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset
tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset

6
nftables/nftables-matrix.conf
View File

@ -47,16 +47,14 @@ table inet filter {
policy drop policy drop
tcp dport { 22, 80, 443 } goto input-tcp-service tcp dport { 22, 80, 443 } goto input-tcp-service
iif lo accept ct state vmap { invalid : drop, established : accept, related : accept, new : drop, untracked: accept }
meta l4proto { icmp, ipv6-icmp } accept
ct state vmap { new : drop, established : accept, related : accept }
} }
chain input-tcp-service { chain input-tcp-service {
iif lo goto input-tcp-service-loopback iif lo goto input-tcp-service-loopback
# for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough # for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough
ct state vmap { new : goto input-tcp-service-new, established : goto input-tcp-service-established, related : accept } ct state vmap { established : goto input-tcp-service-established, related : accept, new : goto input-tcp-service-new }
tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset
tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset

7
nftables/nftables-network.conf
View File

@ -56,17 +56,14 @@ table inet filter {
policy drop policy drop
tcp dport { 22, 80, 443, 7275 } goto input-tcp-service tcp dport { 22, 80, 443, 7275 } goto input-tcp-service
iif lo accept ct state vmap { invalid : drop, established : accept, related : accept, new : drop, untracked: accept }
udp dport 123 accept
meta l4proto { icmp, ipv6-icmp } accept
ct state vmap { new : drop, established : accept, related : accept }
} }
chain input-tcp-service { chain input-tcp-service {
iif lo goto input-tcp-service-loopback iif lo goto input-tcp-service-loopback
# for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough # for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough
ct state vmap { new : goto input-tcp-service-new, established : goto input-tcp-service-established, related : accept } ct state vmap { established : goto input-tcp-service-established, related : accept, new : goto input-tcp-service-new }
tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset
tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset

7
nftables/nftables-ns1.conf
View File

@ -49,17 +49,14 @@ table inet filter {
policy drop policy drop
tcp dport { 22, 53, 80, 443, 853 } goto input-tcp-service tcp dport { 22, 53, 80, 443, 853 } goto input-tcp-service
iif lo accept ct state vmap { invalid : drop, established : accept, related : accept, new : drop, untracked: accept }
udp dport 53 accept
meta l4proto { icmp, ipv6-icmp } accept
ct state vmap { new : drop, established : accept, related : accept }
} }
chain input-tcp-service { chain input-tcp-service {
iif lo goto input-tcp-service-loopback iif lo goto input-tcp-service-loopback
# for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough # for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough
ct state vmap { new : goto input-tcp-service-new, established : goto input-tcp-service-established, related : accept } ct state vmap { established : goto input-tcp-service-established, related : accept, new : goto input-tcp-service-new }
tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset
tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset

7
nftables/nftables-ns2.conf
View File

@ -61,17 +61,14 @@ table inet filter {
policy drop policy drop
tcp dport { 22, 53, 80, 443, 853 } goto input-tcp-service tcp dport { 22, 53, 80, 443, 853 } goto input-tcp-service
iif lo accept ct state vmap { invalid : drop, established : accept, related : accept, new : drop, untracked: accept }
udp dport 53 accept
meta l4proto { icmp, ipv6-icmp } accept
ct state vmap { new : drop, established : accept, related : accept }
} }
chain input-tcp-service { chain input-tcp-service {
iif lo goto input-tcp-service-loopback iif lo goto input-tcp-service-loopback
# for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough # for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough
ct state vmap { new : goto input-tcp-service-new, established : goto input-tcp-service-established, related : accept } ct state vmap { established : goto input-tcp-service-established, related : accept, new : goto input-tcp-service-new }
tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset
tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset

6
nftables/nftables-social.conf
View File

@ -47,16 +47,14 @@ table inet filter {
policy drop policy drop
tcp dport { 22, 80, 443 } goto input-tcp-service tcp dport { 22, 80, 443 } goto input-tcp-service
iif lo accept ct state vmap { invalid : drop, established : accept, related : accept, new : drop, untracked: accept }
meta l4proto { icmp, ipv6-icmp } accept
ct state vmap { new : drop, established : accept, related : accept }
} }
chain input-tcp-service { chain input-tcp-service {
iif lo goto input-tcp-service-loopback iif lo goto input-tcp-service-loopback
# for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough # for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough
ct state vmap { new : goto input-tcp-service-new, established : goto input-tcp-service-established, related : accept } ct state vmap { established : goto input-tcp-service-established, related : accept, new : goto input-tcp-service-new }
tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset
tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset

6
nftables/nftables-web.conf
View File

@ -57,16 +57,14 @@ table inet filter {
policy drop policy drop
tcp dport { 22, 80, 443 } goto input-tcp-service tcp dport { 22, 80, 443 } goto input-tcp-service
iif lo accept ct state vmap { invalid : drop, established : accept, related : accept, new : drop, untracked: accept }
meta l4proto { icmp, ipv6-icmp } accept
ct state vmap { new : drop, established : accept, related : accept }
} }
chain input-tcp-service { chain input-tcp-service {
iif lo goto input-tcp-service-loopback iif lo goto input-tcp-service-loopback
# for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough # for synproxy, SYN is untracked and first ACK is invalid which are handled via fallthrough
ct state vmap { new : goto input-tcp-service-new, established : goto input-tcp-service-established, related : accept } ct state vmap { established : goto input-tcp-service-established, related : accept, new : goto input-tcp-service-new }
tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset tcp dport 22 ip saddr @ip-connlimit-ssh counter reject with tcp reset
tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset tcp dport 22 ip6 saddr and ffff:ffff:ffff:ffff:ffff:: @ip6-connlimit-ssh counter reject with tcp reset

1
packages/0.grapheneos.network
View File

@ -14,6 +14,7 @@ moreutils
mtr mtr
nftables nftables
nginx nginx
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/0.grapheneos.org
View File

@ -15,6 +15,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/0.ns2.grapheneos.org
View File

@ -18,6 +18,7 @@ moreutils
mtr mtr
nftables nftables
nginx nginx
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/0.releases.grapheneos.org
View File

@ -15,6 +15,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/1.grapheneos.network
View File

@ -13,6 +13,7 @@ moreutils
mtr mtr
nftables nftables
nginx nginx
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/1.grapheneos.org
View File

@ -14,6 +14,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/1.ns2.grapheneos.org
View File

@ -17,6 +17,7 @@ moreutils
mtr mtr
nftables nftables
nginx nginx
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/1.releases.grapheneos.org
View File

@ -14,6 +14,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/2.grapheneos.network
View File

@ -13,6 +13,7 @@ moreutils
mtr mtr
nftables nftables
nginx nginx
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/2.grapheneos.org
View File

@ -14,6 +14,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/2.ns2.grapheneos.org
View File

@ -17,6 +17,7 @@ moreutils
mtr mtr
nftables nftables
nginx nginx
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/2.releases.grapheneos.org
View File

@ -14,6 +14,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/3.grapheneos.network
View File

@ -13,6 +13,7 @@ moreutils
mtr mtr
nftables nftables
nginx nginx
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/3.grapheneos.org
View File

@ -14,6 +14,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/3.releases.grapheneos.org
View File

@ -14,6 +14,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/4.releases.grapheneos.org
View File

@ -14,6 +14,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/5.releases.grapheneos.org
View File

@ -14,6 +14,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/6.releases.grapheneos.org
View File

@ -14,6 +14,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/7.releases.grapheneos.org
View File

@ -14,6 +14,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/attestation.app
View File

@ -17,6 +17,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/discuss.grapheneos.org
View File

@ -41,6 +41,5 @@ sysstat
tree tree
unbound unbound
vim vim
whois
xfsprogs xfsprogs
zopfli zopfli

1
packages/grapheneos.social
View File

@ -17,6 +17,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
nodejs-lts-iron nodejs-lts-iron
openssh openssh
pacman-contrib pacman-contrib

1
packages/mail.grapheneos.org
View File

@ -16,6 +16,7 @@ moreutils
mtr mtr
nftables nftables
nginx nginx
nmap
opendkim opendkim
opendmarc opendmarc
openssh openssh

1
packages/matrix.grapheneos.org
View File

@ -21,6 +21,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
nodejs-lts-iron nodejs-lts-iron
openssh openssh
pacman-contrib pacman-contrib

1
packages/ns1.grapheneos.org
View File

@ -18,6 +18,7 @@ moreutils
mtr mtr
nftables nftables
nginx nginx
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/ns1.staging.grapheneos.org
View File

@ -18,6 +18,7 @@ moreutils
mtr mtr
nftables nftables
nginx nginx
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/staging.attestation.app
View File

@ -17,6 +17,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils

1
packages/staging.grapheneos.org
View File

@ -15,6 +15,7 @@ mtr
nftables nftables
nginx nginx
nginx-mod-brotli nginx-mod-brotli
nmap
openssh openssh
pacman-contrib pacman-contrib
pacutils pacutils