Git-Mirrors
/
graphene-os-server-infrastructure
mirror of https://github.com/GrapheneOS/infrastructure.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 38dc2fb4d2 add samsung.psds.grapheneos.org subdomain main Daniel Micay 2024-05-15 14:36:26 -0400
  • 3b1c43d29f update requirements.txt Daniel Micay 2024-04-30 12:32:40 -0400
  • f9425e3ebd reduce conntrack UDP timeouts Daniel Micay 2024-04-30 12:13:02 -0400
  • 6dbc014f4b set conntrack expectation table to minimum size Daniel Micay 2024-04-27 12:48:21 -0400
  • a067120a49 downgrade to supported nodejs LTS branch for mjolnir Daniel Micay 2024-04-27 09:48:06 -0400
  • ba79d80b52 raise burst value for synproxy threshold Daniel Micay 2024-04-26 16:30:49 -0400
  • c99b8d0b47 nftables: use default drop in prerouting-raw table Daniel Micay 2024-04-26 10:42:45 -0400
  • bab3f0c14a disable IPv4-mapped IPv6 addresses by default Daniel Micay 2024-04-25 10:33:11 -0400
  • 2c2943cc3e override default conntrack table size Daniel Micay 2024-04-25 01:58:44 -0400
  • fb40773157 reduce conntrack TCP TIME-WAIT timeout to match TCP stack Daniel Micay 2024-04-24 21:12:12 -0400
  • 82cc1beccb remove unused SYN backlog configuration Daniel Micay 2024-04-24 18:58:41 -0400
  • f3ae109eac reduce conntrack SYN timeouts to match TCP/IP stack Daniel Micay 2024-04-24 10:45:02 -0400
  • ee62868a7b nftables: use standard order for verdict map Daniel Micay 2024-04-23 03:29:52 -0400
  • 965bc4f951 nftables: add invalid case to ct state vmap Daniel Micay 2024-04-23 02:14:07 -0400
  • 5ba6cbd3d1 nftables: simplify rules via untracked state Daniel Micay 2024-04-23 02:08:57 -0400
  • d369f159a9 add nmap package across servers mainly for nping Daniel Micay 2024-04-22 10:40:30 -0400
  • 9f99e9c3a5 drop whois package from discuss.grapheneos.org Daniel Micay 2024-04-22 10:38:05 -0400
  • 398acc6fe8 nftables: drop instead of reject for unused ports Daniel Micay 2024-04-19 13:25:42 -0400
  • b17b2f3fd3 nftables: add define for ns2.grapheneos.org anycast IP Daniel Micay 2024-04-18 10:40:29 -0400
  • 741ea728ea nftables: move output skuid checks to raw phase Daniel Micay 2024-04-17 15:03:13 -0400
  • 7782c861cb nftables: reorder rule for rejecting SSH via anycast Daniel Micay 2024-04-15 23:54:17 -0400
  • 8caa777e11 add connection limit allowlist for mail server Daniel Micay 2024-04-15 23:20:05 -0400
  • dade50c832 nftables: drop unnecessary ssh localhost allowlist Daniel Micay 2024-04-15 22:38:15 -0400
  • 9f84c50869 force DMARC enforcement for gmail.com Daniel Micay 2024-04-15 11:42:03 -0400
  • 8278883a84 add grapheneos.foundation domain Daniel Micay 2024-04-13 19:15:02 -0400
  • 8a4e4f334f reorder configuration Daniel Micay 2024-04-13 18:00:18 -0400
  • 56f169cbba increase max TCP send buffer size for matrix server Daniel Micay 2024-04-13 16:26:32 -0400
  • 35e776f867 increase max TCP send buffer size for update servers Daniel Micay 2024-04-13 14:27:31 -0400
  • 711e432a67 remove unnecessary local-reserved-ports.conf template Daniel Micay 2024-04-13 14:17:23 -0400
  • f9bce64060 enable TCP window shrinking Daniel Micay 2024-04-13 11:04:42 -0400
  • 6a325f8798 update python dependencies Daniel Micay 2024-04-12 10:23:57 -0400
  • bd6f127acf move nftables configuration to a directory Daniel Micay 2024-04-12 10:23:29 -0400
  • c412fec336 simplify rate limited synproxy bypass Daniel Micay 2024-04-11 23:02:43 -0400
  • ca35fcc648 add python-pydantic package for matrix.grapheneos.org Daniel Micay 2024-04-11 22:45:55 -0400
  • b928b197b0 nftables: add comments explaining adding to connlimit sets Daniel Micay 2024-04-11 15:59:07 -0400
  • edbf50a3da nftables: rename tcp service chains Daniel Micay 2024-04-11 11:59:19 -0400
  • 3d886dea43 nftables: split out TCP service chain Daniel Micay 2024-04-11 11:49:22 -0400
  • b152574da8 nftables: avoid unnecessary connection marking Daniel Micay 2024-04-11 11:30:58 -0400
  • 832a430954 nftables: handle non-TCP case in input-new chain Daniel Micay 2024-04-11 10:34:00 -0400
  • 8f047de0c3 nftables: explain synproxy untracked/invalid cases Daniel Micay 2024-04-11 10:19:39 -0400
  • 26a58b2492 nftables: explain synproxy bypass rate limit Daniel Micay 2024-04-11 09:56:30 -0400
  • ecd14bddff nftables: explain ordering of strong host model check Daniel Micay 2024-04-11 09:49:50 -0400
  • b21ea0a23f raise synproxy bypass burst to 128 packets from 5 Daniel Micay 2024-04-10 15:02:25 -0400
  • b38736ca74 enable nftables-based DDoS protection for all TCP services Daniel Micay 2024-04-10 12:54:58 -0400
  • 14c0128910 add rate limited synproxy bypass Daniel Micay 2024-04-10 09:29:56 -0400
  • ef63ff82d2 use consistent name for main connlimit Daniel Micay 2024-04-09 20:29:11 -0400
  • 275d63e8b3 certbot: add ns2 variant of staging authoritative DNS Daniel Micay 2024-04-08 17:06:19 -0400
  • 5106ec7f4a remove redundant vm.max_map_count configuration Daniel Micay 2024-04-07 14:59:36 -0400
  • a6b9fa782b reorganize nftables rules Daniel Micay 2024-04-05 19:14:05 -0400
  • cf274f34d7 simplify synproxy-based connection limit rules Daniel Micay 2024-04-05 13:36:09 -0400
  • c1756f5809 add synproxy/connlimit for ACME/redirect use of HTTP Daniel Micay 2024-04-03 13:13:52 -0400
  • 3e23b80e9c move mail server HTTP(S) connection limit to nftables Daniel Micay 2024-04-01 19:40:46 -0400
  • 83bcc0b327 merge synproxy rules Daniel Micay 2024-03-31 22:25:38 -0400
  • 9fcac6b105 use DNS connlimit for HTTP/HTTPS on DNS servers Daniel Micay 2024-03-31 22:07:58 -0400
  • 079997d4b5 chrony: raise minsources to 3 Daniel Micay 2024-03-31 14:03:16 -0400
  • 0edcc3514e chrony: add time.cifelli.xyz as source Daniel Micay 2024-03-31 14:01:41 -0400
  • be63011a31 chrony: add time.dfm.dk as source Daniel Micay 2024-03-31 13:28:33 -0400
  • 0fab969de7 enforce IPv6 SUPL connection limit for /64 blocks Daniel Micay 2024-03-30 20:40:38 -0400
  • 457f0bf7e8 move IP-based SUPL connection limits to nftables Daniel Micay 2024-03-30 20:40:11 -0400
  • e655732304 drop unnecessary nftables udp condition Daniel Micay 2024-03-30 11:51:33 -0400
  • 39b7e1f479 add counter to connection limit reject rules Daniel Micay 2024-03-28 23:28:34 -0400
  • b40988122c switch to Java 21 LTS package since Java 22 is out Daniel Micay 2024-03-28 22:14:12 -0400
  • 280eb51c8d rename loopback chains for clarity Daniel Micay 2024-03-28 14:32:44 -0400
  • 9b40bb90b8 split out input chain for loopback Daniel Micay 2024-03-28 13:23:13 -0400
  • 811fcf593e enforce IPv6 DNS connection limit for /64 blocks Daniel Micay 2024-03-28 12:35:29 -0400
  • d95752bea6 move IP-based DNS connection limits to nftables Daniel Micay 2024-03-28 10:34:59 -0400
  • 6b573fe227 dns-stats: show total TCP and UDP queries Daniel Micay 2024-03-28 10:05:41 -0400
  • 8c929f02ac enforce IPv6 SSH connection limit for /48 blocks Daniel Micay 2024-03-27 15:31:46 -0400
  • cd59960e7b move IP-based SSH connection limits to nftables Daniel Micay 2024-03-27 03:08:21 -0400
  • 16ef317460 nftables: rename output-reject to graceful-reject Daniel Micay 2024-03-27 12:31:09 -0400
  • 66562272ac set preferred source for static IPv6 configuration Daniel Micay 2024-03-26 16:10:37 -0400
  • 3de32072da consistently use short form IPv6 addresses Daniel Micay 2024-03-25 21:54:20 -0400
  • 571644526d consistently list IPv4 routes before IPv6 routes Daniel Micay 2024-03-25 21:52:33 -0400
  • 64e2e836d3 set preferred source for static IPv4 configuration Daniel Micay 2024-03-25 21:47:55 -0400
  • 14e9cd5b76 use standard style for nftables sets Daniel Micay 2024-03-24 16:23:54 -0400
  • 0ac67c38c3 allow IPv6 SSH for discuss.grapheneos.org Daniel Micay 2024-03-24 15:41:13 -0400
  • 7b64ffd4cd simplify nftables based on strong host model Daniel Micay 2024-03-24 15:22:00 -0400
  • 59984a477c enforce strong host model via nftables Daniel Micay 2024-03-24 13:27:55 -0400
  • eb55afa3a8 reorganize sysctl configuration Daniel Micay 2024-03-24 10:53:27 -0400
  • 51a4f8ca7a extend disabling ICMP redirects Daniel Micay 2024-03-24 10:43:37 -0400
  • ec2cbbdb4e enforce strict reverse path filtering via nftables Daniel Micay 2024-03-23 11:18:02 -0400
  • 81fa5f8ebd use standard log rotation approach for wtmp/btmp Daniel Micay 2024-03-20 23:43:48 -0400
  • 455ef92c18 disable chrony client log Daniel Micay 2024-03-20 23:20:41 -0400
  • e1df22a68f clean up session ticket rotation scripts Daniel Micay 2024-03-20 22:43:26 -0400
  • f35dc08868 split grapheneos.org hosts array Daniel Micay 2024-03-18 21:10:47 -0400
  • f6d6b0584b use larger journal for matrix.grapheneos.org too Daniel Micay 2024-03-17 19:47:21 -0400
  • bcfa2aef63 add basic inputrc Daniel Micay 2024-03-14 15:48:53 -0400
  • d5653b25f2 increase 0.grapheneos.network journal size Daniel Micay 2024-03-12 11:40:26 -0400
  • d57ca21e06 add sqlite-analyzer to attestation servers Daniel Micay 2024-03-08 11:54:02 -0500
  • e9d90bf88b lsof replaced with lsfd Daniel Micay 2024-03-06 16:17:59 -0500
  • c8d359af57 disable mkinitcpio fallback image Daniel Micay 2024-03-04 13:13:58 -0500
  • 8591cb9354 raise 2.grapheneos.network journal size to 2G Daniel Micay 2024-03-03 15:45:04 -0500
  • 14174e90f4 nginx-rotate-session-ticket-keys: drop unnecessary time sync Daniel Micay 2024-03-03 09:57:30 -0500
  • fb8775bb85 use checksum-based rsync Daniel Micay 2024-03-03 09:53:39 -0500
  • d8b70fce4f raise journal size for high log volume servers Daniel Micay 2024-03-01 10:05:39 -0500
  • 16e3df0c39 raise max log size for OVH network instances Daniel Micay 2024-02-29 11:32:28 -0500
  • 67a71a5cd3 count: drop 3rd gen Pixels Daniel Micay 2024-02-24 19:19:41 -0500
  • 23207e99bf replace 4.releases.grapheneos.org server Daniel Micay 2024-02-24 10:34:52 -0500
  • c9cceb3bc0 explicit set XFS allocation group count Daniel Micay 2024-02-24 10:28:10 -0500
  • e0d5ff2fb2 enable deploy-initial script Daniel Micay 2024-02-24 10:22:19 -0500