Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-07-17 12:08:48 -04:00
Code Issues Projects Releases Packages Wiki Activity

Commit graph

  • 8ee3f62ffb remove obsolete nvim tmpfiles.d configuration main Daniel Micay 2025-07-17 10:47:55 -04:00
  • 71af62b030 extend rsync alias for deployment Daniel Micay 2025-07-17 10:29:55 -04:00
  • a95b3cf17a remove temporary file Daniel Micay 2025-07-17 10:26:59 -04:00
  • 9c49540915 add linux-firmware-intel to 4.releases.grapheneos.org Daniel Micay 2025-07-09 15:36:25 -04:00
  • b2cc89768a switch from CAKE to mq fq_codel for update servers Daniel Micay 2025-07-09 15:35:02 -04:00
  • affd70509b drop sudo as an explicit package for grapheneos.social Daniel Micay 2025-07-08 18:07:26 -04:00
  • 542d154362 preserve permissions for dnsdist certificate rsync Daniel Micay 2025-07-08 18:04:28 -04:00
  • e617cfe441 unbound: enable infra-keep-probing Daniel Micay 2025-07-01 14:34:46 -04:00
  • 45b8e80e31 switch congestion control back to BBRv1 from CUBIC Daniel Micay 2025-06-30 14:07:09 -04:00
  • dfa2f48ae1 move zerotier-one to port 999 Daniel Micay 2025-06-27 14:11:44 -04:00
  • ac0dc27596 move dnsdist control socket to port 55 Daniel Micay 2025-06-27 13:39:43 -04:00
  • 3b2f6d546c nftables: simplify nameserver control socket rules Daniel Micay 2025-06-27 13:10:16 -04:00
  • 719e1fcd35 gitignore: ignore /tmp Daniel Micay 2025-06-26 16:48:41 -04:00
  • e2b35814f7 remove unused firmware packages Daniel Micay 2025-06-26 15:24:03 -04:00
  • 8b87654075 scale synproxy threshold based on conntrack max Daniel Micay 2025-06-22 22:06:29 -04:00
  • bb797f412b adjust conntrack max based on available memory Daniel Micay 2025-06-22 14:22:28 -04:00
  • 5b9e9fe712 use default conntrack UDP stream timeout Daniel Micay 2025-06-22 14:37:03 -04:00
  • bf63af97d7 update python dependencies Daniel Micay 2025-06-22 14:19:48 -04:00
  • 01ef6a5187 certbot: switch to --required-profile Daniel Micay 2025-06-21 18:16:58 -04:00
  • 57ed4ac360 count: add Pixel 9a Daniel Micay 2025-06-17 13:06:58 -04:00
  • 805d7984be update python dependencies Daniel Micay 2025-06-16 18:20:03 -04:00
  • f98559218b update python dependencies Daniel Micay 2025-06-10 11:53:01 -04:00
  • 6b2e72e935 sshd: reduce LoginGraceTime to 5s Daniel Micay 2025-06-06 11:01:01 -04:00
  • 95ed9b1bef plocate-updatedb.timer is enabled by default now Daniel Micay 2025-06-04 14:24:38 -04:00
  • e56b061eb3 use rsync --preallocate for deployment Daniel Micay 2025-06-01 10:01:38 -04:00
  • 05bc9199b3 use default log size for 2.ns2.grapheneos.org Daniel Micay 2025-05-28 11:35:27 -04:00
  • 3f2e33e8df raise journal size for several servers Daniel Micay 2025-05-28 10:59:11 -04:00
  • 5ce289433b rotate-session-ticket-keys: split up code with newlines Daniel Micay 2025-05-27 15:23:48 -04:00
  • 57a5209d8b integrate dnsdist in session ticket keys management Daniel Micay 2025-05-27 14:46:25 -04:00
  • 6555042a88 add unified session ticket keys file for dnsdist Daniel Micay 2025-05-27 14:28:16 -04:00
  • 94a2567b15 add tls group for session ticket keys Daniel Micay 2025-05-27 14:21:58 -04:00
  • 72ffc14258 add dnsdist deploy-hook setup for ns1.staging.grapheneos.org Daniel Micay 2025-05-27 14:14:22 -04:00
  • c140d98366 clean up old files for dnsdist Daniel Micay 2025-05-27 14:13:39 -04:00
  • 44f6e6021a make session ticket management more generic Daniel Micay 2025-05-27 13:36:27 -04:00
  • 3e407eac80 certbot: add dnsdist support Daniel Micay 2025-05-24 15:47:55 -04:00
  • ee7270f7c4 disable timeout for systemd-boot by default Daniel Micay 2025-05-21 21:48:23 -04:00
  • 7cb75131dc drop executable bit for regular files in FAT32 ESP Daniel Micay 2025-05-21 19:58:20 -04:00
  • 5c41418606 nftables: add support for dnsdist control socket Daniel Micay 2025-05-16 13:19:38 -04:00
  • e75172d57c replace nginx with dnsdist for DNS-over-TLS Daniel Micay 2025-05-13 19:37:34 -04:00
  • 27fe524af6 update python dependencies Daniel Micay 2025-05-13 10:43:51 -04:00
  • 32f5653e80 gitignore: add /authorized_keys-replica-ns1 Daniel Micay 2025-05-13 00:17:55 -04:00
  • a3ca986940 merge mail.grapheneos.org certbot command files Daniel Micay 2025-05-08 22:30:04 -04:00
  • c9d7aa52a6 remove duplicate domain Daniel Micay 2025-05-08 22:21:48 -04:00
  • e9cbaebe22 split supl.grapheneos.org certificate for non-SNI Daniel Micay 2025-05-08 22:11:06 -04:00
  • f9f3cdab05 add 1.ns1.grapheneos.org server Daniel Micay 2025-05-07 23:11:33 -04:00
  • 7095105832 add 3.ns1.grapheneos.org server Daniel Micay 2025-05-05 17:43:17 -04:00
  • 30128d2654 update releases.grapheneos.org authorized_keys configuration Daniel Micay 2025-05-05 17:31:48 -04:00
  • e29998ff7d deploy-initial: use server-specific authorized_keys Daniel Micay 2025-05-05 17:23:44 -04:00
  • 90a7780b5e migrate to new tlsserver Let's Encrypt profile Daniel Micay 2025-05-04 20:46:54 -04:00
  • a6d1e00d07 drop SSH connections to new anycast IPs Daniel Micay 2025-05-03 23:19:02 -04:00
  • 029882f051 set up certificate replication for ns1 replicas Daniel Micay 2025-05-03 22:13:13 -04:00
  • 4a9deb48ab add bird and zerotier-one packages to ns1 servers Daniel Micay 2025-05-03 22:01:06 -04:00
  • c64bddb5c6 update Arch ISO for VPS deployment to 2025.05.01 Daniel Micay 2025-05-03 21:43:22 -04:00
  • c7cb5d025e add 2.ns1.grapheneos.org server Daniel Micay 2025-05-03 21:34:31 -04:00
  • 2784008a65 nftables: add support for rage4 anycast for ns1 Daniel Micay 2025-05-03 17:44:05 -04:00
  • 566f1a10d2 rename ns1.grapheneos.org to 0.ns1.grapheneos.org Daniel Micay 2025-05-03 17:38:12 -04:00
  • c41f579a51 raise journal file size for 2.grapheneos.org Daniel Micay 2025-05-03 09:21:18 -04:00
  • 476d7f4794 raise journal file size for 1.grapheneos.network Daniel Micay 2025-05-03 09:20:04 -04:00
  • 7cd1fcb8a3 temporarily rename releases certbot configuration Daniel Micay 2025-04-30 23:30:39 -04:00
  • 7861ef2c30 remove legacy OVH update servers Daniel Micay 2025-04-30 17:32:11 -04:00
  • 39b5148808 switch back to CUBIC from BBRv1 and keep ECN off Daniel Micay 2025-04-24 04:25:09 -04:00
  • 9556ca4b79 use 4.releases.grapheneos.org as primary instance Daniel Micay 2025-04-24 17:00:03 -04:00
  • 9290c1fd90 add new ReliableSite update servers Daniel Micay 2025-04-23 22:08:07 -04:00
  • e38b248b47 raise RAID resync limit for bare metal servers Daniel Micay 2025-04-23 21:10:49 -04:00
  • 0bbb137959 add new nginx-mod-stream package where required Daniel Micay 2025-04-23 18:49:51 -04:00
  • 687fd3ddc5 drop unused DHCP configuration for 4.releases.grapheneos.org Daniel Micay 2025-04-23 18:41:04 -04:00
  • 250d813c56 add IPv4 gateway route for 4.releases.grapheneos.org Daniel Micay 2025-04-23 18:35:14 -04:00
  • b20cf862a3 update python dependencies Daniel Micay 2025-04-17 10:32:32 -04:00
  • 1f4d7316b8 reorganize configurations into etc directory Daniel Micay 2025-04-15 12:32:52 -04:00
  • b5fd158374 add cpupower configuration for bare metal Daniel Micay 2025-04-15 12:30:33 -04:00
  • 0b6e5e017e sshd: use mlkem768x25519-sha256 for key exchange Daniel Micay 2025-04-12 11:28:02 -04:00
  • 397eac82b6 update sshd_config Daniel Micay 2025-04-12 11:05:54 -04:00
  • d7564c99c4 add systemd-boot configuration Daniel Micay 2025-04-11 13:44:25 -04:00
  • 8db0d61485 add authorized_keys configuration Daniel Micay 2025-04-10 15:08:07 -04:00
  • e6311abe40 drop legacy OVH EU update servers Daniel Micay 2025-04-07 10:20:46 -04:00
  • fff5e43b89 work around systemd-boot disliking ESP on RAID 1 Daniel Micay 2025-04-05 11:05:46 -04:00
  • 9254dead0d deploy-initial: handle fstab split Daniel Micay 2025-04-05 09:56:59 -04:00
  • 38db9327be switch to BBR for congestion control Daniel Micay 2025-04-03 16:02:16 -04:00
  • fd31471ae3 enable CAKE for the new update server Daniel Micay 2025-04-03 15:38:14 -04:00
  • 46395cc4e5 raise journald limits for new update server Daniel Micay 2025-04-03 01:30:08 -04:00
  • b7aab6e0da rename new update server Daniel Micay 2025-04-03 01:23:14 -04:00
  • f32458e296 phase out old update server names Daniel Micay 2025-04-03 01:21:10 -04:00
  • 4dfae68196 add 8.releases.grapheneos.org server Daniel Micay 2025-04-02 14:47:25 -04:00
  • 3746befc4e disable systemd-userdbd.socket in initial deployment Daniel Micay 2025-04-02 10:43:29 -04:00
  • 176fb30a4e drop kernel.sched_energy_aware sysctl Daniel Micay 2025-03-19 12:11:43 -04:00
  • 86e6dd61e6 replace 0.releases.grapheneos.org server Daniel Micay 2025-03-19 12:02:28 -04:00
  • 286045f90c update Arch Linux ISO to 2025.03.01 Daniel Micay 2025-03-19 11:32:23 -04:00
  • 2758a47f8a raise log file size for 2.ns2.grapheneos.org Daniel Micay 2025-03-17 19:51:58 -04:00
  • a374df4aa3 allow mjolnir to connect via nginx HTTPS Daniel Micay 2025-02-27 08:58:57 -05:00
  • bd4e51a18c switch to node.js 22 LTS for Mastodon Daniel Micay 2025-02-23 11:57:51 -05:00
  • 1180ee2638 switch to node.js 22 LTS for mjolnir Daniel Micay 2025-02-23 11:38:47 -05:00
  • 532bc95715 add iperf package to each server Daniel Micay 2025-02-16 04:37:53 -05:00
  • 6cce70a859 use CAKE no-split-gso for BuyVM servers Daniel Micay 2025-02-15 19:31:59 -05:00
  • 54dc10b79f set up systemd runtime watchdog support Daniel Micay 2025-02-12 08:06:00 -05:00
  • 0dc18cdc27 update copyright notice Daniel Micay 2025-02-05 04:40:31 -05:00
  • 5bf4a87d90 raise grapheneos.social journal size Daniel Micay 2025-02-02 10:51:22 -05:00
  • 7a5080c232 update python dependencies GrapheneOS 2025-02-04 03:23:13 -05:00
  • 4f49c50ef6 raise 3.grapheneos.network journal size Daniel Micay 2025-01-03 10:13:59 -05:00
  • d817740941 count: handle optimized factory image downloads Daniel Micay 2025-01-02 23:38:45 -05:00
  • 03a5db3b63 count: fix counting 9th gen Pixel update downloads Daniel Micay 2025-01-02 23:37:13 -05:00