Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-12-03 04:44:47 -05:00
Code Issues Projects Releases Packages Wiki Activity

Commit graph

  • 09529aec2d systemd: fix ordering nginx after syslog-ng main Daniel Micay 2025-12-01 22:02:30 -05:00
  • 4261d61fa4 nftables: rename network and web rulesets Daniel Micay 2025-12-01 18:21:48 -05:00
  • 13da7aec26 nftables: remove unused rulesets Daniel Micay 2025-12-01 18:04:20 -05:00
  • 054a309f64 certbot-replicate: add dnsdist support Daniel Micay 2025-11-30 23:09:36 -05:00
  • 72950717af switch to arbitrary system gid for tls group Daniel Micay 2025-11-30 23:45:58 -05:00
  • bf96962c90 move session-ticket-keys directory into /etc/tls Daniel Micay 2025-11-30 22:55:14 -05:00
  • 1840eecbb8 nftables: update network SSH allowlist Daniel Micay 2025-11-30 16:25:30 -05:00
  • c677e729ec add sao.ns1.grapheneos.org server Daniel Micay 2025-11-29 20:35:40 -05:00
  • 2afc488760 set BuyVM static IPv6 prefix length to 48 Daniel Micay 2025-11-29 18:51:35 -05:00
  • 8c9bb5d038 remove networkd configuration for retired servers Daniel Micay 2025-11-29 18:44:18 -05:00
  • 9a991b5238 add alias for certbot with log rotation disabled Daniel Micay 2025-11-29 06:43:42 -05:00
  • 3338d6e041 certbot: disable log rotation for setup commands Daniel Micay 2025-11-28 22:15:10 -05:00
  • ed1f869841 use more consistent journald max use and max file size Daniel Micay 2025-11-26 13:59:14 -05:00
  • f0e24df323 set a default value for hosts_conntrack_size Daniel Micay 2025-11-26 10:40:37 -05:00
  • 253113acc8 replace OVH website/network servers with BuyVM Daniel Micay 2025-11-24 21:37:01 -05:00
  • 20a42021aa deploy-certbot: fix typo Daniel Micay 2025-11-24 19:49:05 -05:00
  • 0f4ab49cae remove gra.grapheneos.org server Daniel Micay 2025-11-24 12:20:10 -05:00
  • 831ed3b096 replace hio.grapheneos.org with sea.grapheneos.org Daniel Micay 2025-11-23 22:56:05 -05:00
  • 7a13f1b31e remove secondary Beauharnois web/network server Daniel Micay 2025-11-23 14:55:53 -05:00
  • 9bb6a4ee36 add syd.grapheneos.org server Daniel Micay 2025-11-23 05:02:40 -05:00
  • 535e8dfa65 replace OVH Singapore servers with a Vultr server Daniel Micay 2025-11-22 08:15:44 -05:00
  • 79cb9a5b3a nftables: remove obsolete ns1 Rage4 IPv6 address Daniel Micay 2025-11-22 00:27:38 -05:00
  • fd8644bc06 add bom.ns1.grapheneos.org and syd.ns1.grapheneos.org servers Daniel Micay 2025-11-19 01:27:07 -05:00
  • 19d902bde8 note BuyVM anycast address is only a fallback Daniel Micay 2025-11-17 03:01:16 -05:00
  • b75ea9ca9b add tyo.ns1.grapheneos.org server Daniel Micay 2025-11-16 23:48:19 -05:00
  • c122f3f782 dns-stats: add IPv4 vs. IPv6 query stats Daniel Micay 2025-11-16 23:13:51 -05:00
  • 372553255a dns-stats: use simpler pdns_control command Daniel Micay 2025-11-16 09:54:18 -05:00
  • e66ad005be drop zerotier-one from ns1.staging.grapheneos.org Daniel Micay 2025-11-16 00:20:17 -05:00
  • 029ec73c3c networkd: set PreferredLifetime=0 for anycast IPs Daniel Micay 2025-11-15 20:49:10 -05:00
  • a0ba527f9d remove gra1.grapheneos.org and las0.grapheneos.org Daniel Micay 2025-11-15 18:23:30 -05:00
  • 1fad7ca6cd add fra.grapheneos.org and hio.grapheneos.org servers Daniel Micay 2025-11-15 17:17:02 -05:00
  • 79d4fc2b9c deploy-web: improve error checking Daniel Micay 2025-11-15 15:31:23 -05:00
  • 5a17e4ba8c make /var/log/nginx permissions match log files Daniel Micay 2025-11-15 15:25:52 -05:00
  • 2682ce9439 pacreport: add syslog-ng configuration sub-directory Daniel Micay 2025-11-15 06:21:45 -05:00
  • c7276bdc2d reboot: add BGP integration Daniel Micay 2025-11-14 21:20:15 -05:00
  • 209b1b5def add lon.ns1.grapheneos.org Daniel Micay 2025-11-14 17:17:09 -05:00
  • 9d9dbb906b switch to geolocation-based pkgbuild.com mirror Daniel Micay 2025-11-14 05:36:02 -05:00
  • 1883a539d0 nftables: include our own anycast addresses Daniel Micay 2025-11-13 23:26:56 -05:00
  • d2dcec7e02 ns2: add IPv4 address from our anycast /24 Daniel Micay 2025-11-13 05:09:25 -05:00
  • 0dfb05852f networkd: add comments for anycast addresses Daniel Micay 2025-11-13 05:01:24 -05:00
  • bb86e16179 networkd: remove unnecessary [Address] sections Daniel Micay 2025-11-13 04:26:11 -05:00
  • 5adb170069 add mia.ns2.grapheneos.org server Daniel Micay 2025-11-12 23:06:36 -05:00
  • 649e2b53c4 replace remaining OVH ns1 servers with Vultr Daniel Micay 2025-11-11 04:25:00 -05:00
  • 066fdd0d09 add IPv6 address from our /48 announced from BuyVM Daniel Micay 2025-11-11 00:30:59 -05:00
  • 68ac3a8726 add bird to ns2.grapheneos.org to use our IP space Daniel Micay 2025-11-11 00:19:27 -05:00
  • 60b879deb7 hosts: add list of Vultr instances Daniel Micay 2025-11-10 14:30:56 -05:00
  • fe999c541a add IPv6 address from our /48 announced from Vultr Daniel Micay 2025-11-10 14:23:59 -05:00
  • 5b82f11b25 nftables: ns1: add fq priority configuration Daniel Micay 2025-11-10 06:40:03 -05:00
  • 5256f2e4a4 replace 1.ns1.grapheneos.org server with sea.ns1.grapheneos.org Daniel Micay 2025-11-10 05:50:21 -05:00
  • f95fa51821 add lax.ns1.grapheneos.org server Daniel Micay 2025-11-10 04:04:21 -05:00
  • 951662aeca replace 0.ns1.grapheneos.org server with nyc.ns1.grapheneos.org Daniel Micay 2025-11-09 22:29:25 -05:00
  • 4aba8d355a add mia.ns1.grapheneos.org server Daniel Micay 2025-11-09 18:57:21 -05:00
  • f0682a9aa2 deploy-initial-vps: handle mkinitcpio.conf split Daniel Micay 2025-11-09 17:54:51 -05:00
  • cc83000202 deploy-initial-vps: update Arch ISO image version Daniel Micay 2025-11-09 17:29:50 -05:00
  • e78433dbf8 certbot: add nominatim.staging.grapheneos.org Daniel Micay 2025-11-08 23:28:40 -05:00
  • d0751e07c6 certbot: rename 0.grapheneos.org to bhs0.grapheneos.org Daniel Micay 2025-11-08 23:19:37 -05:00
  • b80f10f396 syslog-ng: add receive timestamps to nginx logs Daniel Micay 2025-11-08 14:43:41 -05:00
  • a45b8ada72 syslog-ng: split nginx configuration into conf.d Daniel Micay 2025-11-08 13:44:23 -05:00
  • 7a5535973b syslog-ng: raise frac-digits to 3 Daniel Micay 2025-11-08 02:41:26 -05:00
  • a511902b90 add syslog-ng include directory Daniel Micay 2025-11-08 01:41:31 -05:00
  • ce4fe06d6a add script for checking reverse DNS Daniel Micay 2025-11-07 23:51:33 -05:00
  • f36aa981cd update lax.releases.grapheneos.org IPv6 address Daniel Micay 2025-11-07 23:51:17 -05:00
  • 6e728a885c use journald reload support added in systemd 258 Daniel Micay 2025-11-07 23:23:09 -05:00
  • 51d23a1736 count: handle nginx logs being done with syslog-ng Daniel Micay 2025-11-07 21:55:42 -05:00
  • 5fe719250b certbot: merge 0.grapheneos.network into 0.grapheneos.org Daniel Micay 2025-11-06 22:44:58 -05:00
  • ebd44c9253 grapheneos.org: switch to location-based server names Daniel Micay 2025-11-06 22:16:52 -05:00
  • 3a720695c6 add missing reserved ports entries for unbound Daniel Micay 2025-11-06 22:06:47 -05:00
  • 5f5c590bbc add deploy-hostname script Daniel Micay 2025-11-06 19:54:19 -05:00
  • 37809b12ad new naming convention for staging server hostnames Daniel Micay 2025-11-06 19:49:58 -05:00
  • e3bcb9e87f ns2.grapheneos.org: switch to location-based server names Daniel Micay 2025-11-06 19:27:39 -05:00
  • 93e1d3866b releases.grapheneos.org: switch to location-based server names Daniel Micay 2025-11-06 18:26:51 -05:00
  • c354823e2e grapheneos.social: switch to Node.js 24 LTS Daniel Micay 2025-11-06 10:11:58 -05:00
  • 89686dc1a0 nftables: style fix Daniel Micay 2025-11-06 02:07:49 -05:00
  • f24f557736 deploy-bootloader: deploy systemd-boot-update.service.d Daniel Micay 2025-11-06 01:24:48 -05:00
  • 6c8ddbe012 drop unnecessary inclusion of / in fstab Daniel Micay 2025-11-06 01:07:02 -05:00
  • 1427e0c7c4 add mkinitcpio.conf for servers with mdraid Daniel Micay 2025-11-06 00:32:10 -05:00
  • 50729cadb9 split metal and mdraid server types Daniel Micay 2025-11-06 01:20:55 -05:00
  • 76b88bbffa update mkinitcpio.conf Daniel Micay 2025-11-06 00:16:15 -05:00
  • c9b84fdb79 logrotate: use better size+time rotation approach Daniel Micay 2025-11-05 23:46:15 -05:00
  • 5f2e4a45c3 logrotate: preserve existing file owner/group/mode Daniel Micay 2025-11-05 23:33:29 -05:00
  • eeb00c5bda logrotate: default to delayed compression with opt-in to no delay Daniel Micay 2025-11-05 22:05:52 -05:00
  • 04722cdd95 Revert "remove obsolete nvim tmpfiles.d configuration" Daniel Micay 2025-11-05 20:24:57 -05:00
  • a0563b249b ssh: use AcceptEnv for COLORTERM Daniel Micay 2025-11-05 20:23:12 -05:00
  • 2b90bbc50a journald: reconfigure based on nginx logging split Daniel Micay 2025-11-04 14:04:44 -05:00
  • 9a864106d7 deploy-bootloader: no need to source ssh.sh Daniel Micay 2025-11-04 14:03:21 -05:00
  • 8af52e3498 journald: revert back to default SystemMaxFiles Daniel Micay 2025-11-04 13:45:16 -05:00
  • 7f0982f9d7 journald: disable ForwardToWall Daniel Micay 2025-11-04 11:51:00 -05:00
  • 2b9a6f4c59 disable TCP Fast Open for 3.releases.grapheneos.org Daniel Micay 2025-11-04 11:22:43 -05:00
  • f1ff8ac931 phase out 2.releases.grapheneos.org Daniel Micay 2025-11-04 10:49:32 -05:00
  • 8697cf2a2d switch back to unified journald rotation/retention Daniel Micay 2025-11-03 19:42:21 -05:00
  • 9d68a079db logrotate: use specific log file paths Daniel Micay 2025-11-03 12:45:36 -05:00
  • 39b6de58dd syslog-ng: add socket for nginx error logs Daniel Micay 2025-11-03 11:38:52 -05:00
  • 386d332aaf remove unused logrotate configurations Daniel Micay 2025-11-02 21:29:07 -05:00
  • ca20c421a5 deploy-certbot: avoid syncing replicate.conf Daniel Micay 2025-11-02 21:02:34 -05:00
  • 934c5dbd53 logrotate: remove notifempty for nginx Daniel Micay 2025-11-02 21:02:16 -05:00
  • b61c76c324 logrotate: remove nocreate for letsencrypt Daniel Micay 2025-11-02 20:38:31 -05:00
  • cee00863e3 update servers haven't been on OVH for a while Daniel Micay 2025-11-02 12:31:17 -05:00
  • 39e701e9fb update pacreport.conf Daniel Micay 2025-11-02 02:56:56 -05:00
  • 944b4679c1 merge website and network servers Daniel Micay 2025-11-02 02:25:08 -05:00
  • 2caa67529a set up syslog-ng for nginx access log Daniel Micay 2025-11-01 21:09:05 -04:00