Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-08-07 05:52:29 -04:00
Code Issues Projects Releases Packages Wiki Activity

Commit graph

  • 352cef5c91 update python dependencies main Daniel Micay 2025-08-06 10:04:21 -04:00
  • 785ad04bbf rename update servers Daniel Micay 2025-08-03 21:45:34 -04:00
  • 4599ed0b06 reuse standard temporary file name Daniel Micay 2025-08-01 21:25:30 -04:00
  • 04100dca2c use no-split-gso for CAKE across the board Daniel Micay 2025-07-31 12:18:52 -04:00
  • 01bb6a5504 set CAKE flow isolation mode to dual-dsthost Daniel Micay 2025-07-30 18:38:17 -04:00
  • b669c4ce61 relax PrivateUsers for certbot-renew.service Daniel Micay 2025-07-27 13:08:48 -04:00
  • 9b49a1966d unbound: update DMARC policy override for hotmail.com Daniel Micay 2025-07-24 20:31:20 -04:00
  • 227d5910fb add ethtool package on bare metal servers Daniel Micay 2025-07-24 14:19:56 -04:00
  • 86e765944f use more complete rsync command for dnsdist certificates Daniel Micay 2025-07-22 14:30:41 -04:00
  • 6b42334598 update python dependencies Daniel Micay 2025-07-21 00:43:05 -04:00
  • 2967eb02d7 remove obsolete nvim tmpfiles.d configuration Daniel Micay 2025-07-17 10:47:55 -04:00
  • ec35c062d1 extend rsync alias for deployment Daniel Micay 2025-07-17 10:29:55 -04:00
  • 86de34d069 remove temporary file Daniel Micay 2025-07-17 10:26:59 -04:00
  • 7debc5a0b5 add linux-firmware-intel to 4.releases.grapheneos.org Daniel Micay 2025-07-09 15:36:25 -04:00
  • a1336fba2f switch from CAKE to mq fq_codel for update servers Daniel Micay 2025-07-09 15:35:02 -04:00
  • dc464772c2 drop sudo as an explicit package for grapheneos.social Daniel Micay 2025-07-08 18:07:26 -04:00
  • e0af0efce6 preserve permissions for dnsdist certificate rsync Daniel Micay 2025-07-08 18:04:28 -04:00
  • 6a28dda6cd unbound: enable infra-keep-probing Daniel Micay 2025-07-01 14:34:46 -04:00
  • 54d41f25fa switch congestion control back to BBRv1 from CUBIC Daniel Micay 2025-06-30 14:07:09 -04:00
  • 58e107dd97 move zerotier-one to port 999 Daniel Micay 2025-06-27 14:11:44 -04:00
  • a948b7c244 move dnsdist control socket to port 55 Daniel Micay 2025-06-27 13:39:43 -04:00
  • 76b5b554ca nftables: simplify nameserver control socket rules Daniel Micay 2025-06-27 13:10:16 -04:00
  • e73d56241c gitignore: ignore /tmp Daniel Micay 2025-06-26 16:48:41 -04:00
  • bc79ecb3a0 remove unused firmware packages Daniel Micay 2025-06-26 15:24:03 -04:00
  • 7153fcbc8a scale synproxy threshold based on conntrack max Daniel Micay 2025-06-22 22:06:29 -04:00
  • 53ca057a9a adjust conntrack max based on available memory Daniel Micay 2025-06-22 14:22:28 -04:00
  • d14c4cccc6 use default conntrack UDP stream timeout Daniel Micay 2025-06-22 14:37:03 -04:00
  • 3ee28a720f update python dependencies Daniel Micay 2025-06-22 14:19:48 -04:00
  • b1452518fc certbot: switch to --required-profile Daniel Micay 2025-06-21 18:16:58 -04:00
  • 224bdfe93f count: add Pixel 9a Daniel Micay 2025-06-17 13:06:58 -04:00
  • b911d1c484 update python dependencies Daniel Micay 2025-06-16 18:20:03 -04:00
  • 23de1ec38b update python dependencies Daniel Micay 2025-06-10 11:53:01 -04:00
  • 808177956c sshd: reduce LoginGraceTime to 5s Daniel Micay 2025-06-06 11:01:01 -04:00
  • 0dcd593d7f plocate-updatedb.timer is enabled by default now Daniel Micay 2025-06-04 14:24:38 -04:00
  • 7836022d46 use rsync --preallocate for deployment Daniel Micay 2025-06-01 10:01:38 -04:00
  • 05bc9199b3 use default log size for 2.ns2.grapheneos.org Daniel Micay 2025-05-28 11:35:27 -04:00
  • 3f2e33e8df raise journal size for several servers Daniel Micay 2025-05-28 10:59:11 -04:00
  • 5ce289433b rotate-session-ticket-keys: split up code with newlines Daniel Micay 2025-05-27 15:23:48 -04:00
  • 57a5209d8b integrate dnsdist in session ticket keys management Daniel Micay 2025-05-27 14:46:25 -04:00
  • 6555042a88 add unified session ticket keys file for dnsdist Daniel Micay 2025-05-27 14:28:16 -04:00
  • 94a2567b15 add tls group for session ticket keys Daniel Micay 2025-05-27 14:21:58 -04:00
  • 72ffc14258 add dnsdist deploy-hook setup for ns1.staging.grapheneos.org Daniel Micay 2025-05-27 14:14:22 -04:00
  • c140d98366 clean up old files for dnsdist Daniel Micay 2025-05-27 14:13:39 -04:00
  • 44f6e6021a make session ticket management more generic Daniel Micay 2025-05-27 13:36:27 -04:00
  • 3e407eac80 certbot: add dnsdist support Daniel Micay 2025-05-24 15:47:55 -04:00
  • ee7270f7c4 disable timeout for systemd-boot by default Daniel Micay 2025-05-21 21:48:23 -04:00
  • 7cb75131dc drop executable bit for regular files in FAT32 ESP Daniel Micay 2025-05-21 19:58:20 -04:00
  • 5c41418606 nftables: add support for dnsdist control socket Daniel Micay 2025-05-16 13:19:38 -04:00
  • e75172d57c replace nginx with dnsdist for DNS-over-TLS Daniel Micay 2025-05-13 19:37:34 -04:00
  • 27fe524af6 update python dependencies Daniel Micay 2025-05-13 10:43:51 -04:00
  • 32f5653e80 gitignore: add /authorized_keys-replica-ns1 Daniel Micay 2025-05-13 00:17:55 -04:00
  • a3ca986940 merge mail.grapheneos.org certbot command files Daniel Micay 2025-05-08 22:30:04 -04:00
  • c9d7aa52a6 remove duplicate domain Daniel Micay 2025-05-08 22:21:48 -04:00
  • e9cbaebe22 split supl.grapheneos.org certificate for non-SNI Daniel Micay 2025-05-08 22:11:06 -04:00
  • f9f3cdab05 add 1.ns1.grapheneos.org server Daniel Micay 2025-05-07 23:11:33 -04:00
  • 7095105832 add 3.ns1.grapheneos.org server Daniel Micay 2025-05-05 17:43:17 -04:00
  • 30128d2654 update releases.grapheneos.org authorized_keys configuration Daniel Micay 2025-05-05 17:31:48 -04:00
  • e29998ff7d deploy-initial: use server-specific authorized_keys Daniel Micay 2025-05-05 17:23:44 -04:00
  • 90a7780b5e migrate to new tlsserver Let's Encrypt profile Daniel Micay 2025-05-04 20:46:54 -04:00
  • a6d1e00d07 drop SSH connections to new anycast IPs Daniel Micay 2025-05-03 23:19:02 -04:00
  • 029882f051 set up certificate replication for ns1 replicas Daniel Micay 2025-05-03 22:13:13 -04:00
  • 4a9deb48ab add bird and zerotier-one packages to ns1 servers Daniel Micay 2025-05-03 22:01:06 -04:00
  • c64bddb5c6 update Arch ISO for VPS deployment to 2025.05.01 Daniel Micay 2025-05-03 21:43:22 -04:00
  • c7cb5d025e add 2.ns1.grapheneos.org server Daniel Micay 2025-05-03 21:34:31 -04:00
  • 2784008a65 nftables: add support for rage4 anycast for ns1 Daniel Micay 2025-05-03 17:44:05 -04:00
  • 566f1a10d2 rename ns1.grapheneos.org to 0.ns1.grapheneos.org Daniel Micay 2025-05-03 17:38:12 -04:00
  • c41f579a51 raise journal file size for 2.grapheneos.org Daniel Micay 2025-05-03 09:21:18 -04:00
  • 476d7f4794 raise journal file size for 1.grapheneos.network Daniel Micay 2025-05-03 09:20:04 -04:00
  • 7cd1fcb8a3 temporarily rename releases certbot configuration Daniel Micay 2025-04-30 23:30:39 -04:00
  • 7861ef2c30 remove legacy OVH update servers Daniel Micay 2025-04-30 17:32:11 -04:00
  • 39b5148808 switch back to CUBIC from BBRv1 and keep ECN off Daniel Micay 2025-04-24 04:25:09 -04:00
  • 9556ca4b79 use 4.releases.grapheneos.org as primary instance Daniel Micay 2025-04-24 17:00:03 -04:00
  • 9290c1fd90 add new ReliableSite update servers Daniel Micay 2025-04-23 22:08:07 -04:00
  • e38b248b47 raise RAID resync limit for bare metal servers Daniel Micay 2025-04-23 21:10:49 -04:00
  • 0bbb137959 add new nginx-mod-stream package where required Daniel Micay 2025-04-23 18:49:51 -04:00
  • 687fd3ddc5 drop unused DHCP configuration for 4.releases.grapheneos.org Daniel Micay 2025-04-23 18:41:04 -04:00
  • 250d813c56 add IPv4 gateway route for 4.releases.grapheneos.org Daniel Micay 2025-04-23 18:35:14 -04:00
  • b20cf862a3 update python dependencies Daniel Micay 2025-04-17 10:32:32 -04:00
  • 1f4d7316b8 reorganize configurations into etc directory Daniel Micay 2025-04-15 12:32:52 -04:00
  • b5fd158374 add cpupower configuration for bare metal Daniel Micay 2025-04-15 12:30:33 -04:00
  • 0b6e5e017e sshd: use mlkem768x25519-sha256 for key exchange Daniel Micay 2025-04-12 11:28:02 -04:00
  • 397eac82b6 update sshd_config Daniel Micay 2025-04-12 11:05:54 -04:00
  • d7564c99c4 add systemd-boot configuration Daniel Micay 2025-04-11 13:44:25 -04:00
  • 8db0d61485 add authorized_keys configuration Daniel Micay 2025-04-10 15:08:07 -04:00
  • e6311abe40 drop legacy OVH EU update servers Daniel Micay 2025-04-07 10:20:46 -04:00
  • fff5e43b89 work around systemd-boot disliking ESP on RAID 1 Daniel Micay 2025-04-05 11:05:46 -04:00
  • 9254dead0d deploy-initial: handle fstab split Daniel Micay 2025-04-05 09:56:59 -04:00
  • 38db9327be switch to BBR for congestion control Daniel Micay 2025-04-03 16:02:16 -04:00
  • fd31471ae3 enable CAKE for the new update server Daniel Micay 2025-04-03 15:38:14 -04:00
  • 46395cc4e5 raise journald limits for new update server Daniel Micay 2025-04-03 01:30:08 -04:00
  • b7aab6e0da rename new update server Daniel Micay 2025-04-03 01:23:14 -04:00
  • f32458e296 phase out old update server names Daniel Micay 2025-04-03 01:21:10 -04:00
  • 4dfae68196 add 8.releases.grapheneos.org server Daniel Micay 2025-04-02 14:47:25 -04:00
  • 3746befc4e disable systemd-userdbd.socket in initial deployment Daniel Micay 2025-04-02 10:43:29 -04:00
  • 176fb30a4e drop kernel.sched_energy_aware sysctl Daniel Micay 2025-03-19 12:11:43 -04:00
  • 86e6dd61e6 replace 0.releases.grapheneos.org server Daniel Micay 2025-03-19 12:02:28 -04:00
  • 286045f90c update Arch Linux ISO to 2025.03.01 Daniel Micay 2025-03-19 11:32:23 -04:00
  • 2758a47f8a raise log file size for 2.ns2.grapheneos.org Daniel Micay 2025-03-17 19:51:58 -04:00
  • a374df4aa3 allow mjolnir to connect via nginx HTTPS Daniel Micay 2025-02-27 08:58:57 -05:00
  • bd4e51a18c switch to node.js 22 LTS for Mastodon Daniel Micay 2025-02-23 11:57:51 -05:00