Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-12-22 05:35:00 -05:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 27bd153454 nftables: use allowlist for ICMP types Daniel Micay 2024-07-25 23:13:29 -0400
  • 437c5a5f3d raise journal file size for grapheneos.social Daniel Micay 2024-07-25 11:59:45 -0400
  • edfe1fae10 extend info fetching to sysctl values Daniel Micay 2024-07-24 16:58:00 -0400
  • 80d15552dd add mutt to mail.grapheneos.org for inspecting service accounts Daniel Micay 2024-07-13 19:39:10 -0400
  • c6cd78e707 force DMARC enforcement for outlook.com Daniel Micay 2024-07-08 10:38:42 -0400
  • e3c2c1565d ovh-mitigation: add checking/toggling firewall Daniel Micay 2024-07-05 00:35:51 -0400
  • e8403c3098 update python dependencies Daniel Micay 2024-07-05 00:32:25 -0400
  • 66c512b65f reduce SSH liveness check timeout to ~2 minutes Daniel Micay 2024-07-02 18:03:50 -0400
  • 01201c0ece disable io_uring without CAP_SYS_ADMIN or io_uring group Daniel Micay 2024-07-01 23:11:17 -0400
  • 6e6957876e Update certbot-ocsp-fetcher to match upstream Tommy 2024-07-01 18:27:21 -0700
  • af8972d0f7
         Update certbot-ocsp-fetcher to match upstream Tommy 2024-07-01 18:27:21 -0700
  • 84f8227279
         Restrict dmesg to CAP_SYS_LOG Tommy 2024-07-01 17:59:42 -0700
  • 4b41f66325
         Disable io_uring Tommy 2024-07-01 17:57:43 -0700
  • ace5bc2617
         add ObscureKeystrokeTiming yes to ssh_config Orazio 2024-07-01 13:04:38 +0200
  • 84b2193808 switch to noswap tmpfs from ramfs for session ticket keys Daniel Micay 2024-06-28 12:44:31 -0400
  • ba2540c3fe add directory for home directory files Daniel Micay 2024-06-27 10:10:59 -0400
  • 6fc45525d9 Add NoNewPrivileges=true for certbot Tommy 2024-06-24 08:51:14 -0700
  • d13169c79b
         Add NoNewPrivileges=true for certbot Tommy 2024-06-24 08:51:14 -0700
  • 55221c8e44 Sort NGINX override alphabetically Tommy 2024-06-24 08:34:48 -0700
  • 91f7d6c498
         Sort NGINX override alphabetically Tommy 2024-06-24 08:34:48 -0700
  • 0e4d94e550 Remove redundant PrivateTmp=true Tommy 2024-06-24 08:10:24 -0700
  • f9c8d14862
         Remove redundant PrivateTmp=true Tommy 2024-06-24 08:10:24 -0700
  • 772141a36b
         Change to PrivateDevices=true Tommy 2024-06-24 04:05:13 -0700
  • f767424264
         Add ProtectDevices=yes to NGINX Tommy 2024-06-24 03:52:38 -0700
  • 4382120e37 set umask for encrypted swapfile creation Daniel Micay 2024-06-21 22:36:27 -0400
  • 597f534d63 increase journal file size for 3.grapheneos.network Daniel Micay 2024-06-21 16:51:36 -0400
  • f7643fa8b7 reorder initial deployment Daniel Micay 2024-06-19 11:54:08 -0400
  • 4c52595bfd drop unmodified hosts file Daniel Micay 2024-06-19 11:49:13 -0400
  • 54181d3031 increase journal size for update servers Daniel Micay 2024-06-19 11:42:26 -0400
  • 65e2b8b109 increase journal size for network servers Daniel Micay 2024-06-19 11:36:34 -0400
  • 1dc26ba006 add VerifyHostKeyDNS ask to ssh_config Daniel Micay 2024-06-18 14:25:16 -0400
  • 4475df98a4 deploy nftables rules in deploy-initial Daniel Micay 2024-06-18 13:58:50 -0400
  • f40a017ec3 add nftables configuration mapping to hosts.sh Daniel Micay 2024-06-18 13:55:18 -0400
  • 662a2d3522 update configuration for systemd 256 Daniel Micay 2024-06-18 13:16:03 -0400
  • 54490cf662 update python dependencies Daniel Micay 2024-06-17 23:52:00 -0400
  • d103f6cdf3 simplify deployment script usage Daniel Micay 2024-06-17 18:29:28 -0400
  • 750cd5e985 replace urandom with random Daniel Micay 2024-06-17 15:03:17 -0400
  • ce1fef8c0e use per-server package list for deploy-initial Daniel Micay 2024-06-17 15:00:36 -0400
  • 73a88e36ad replace 3.grapheneos.org and 3.grapheneos.network Daniel Micay 2024-06-15 14:02:29 -0400
  • 55e7cadc02 update deploy-initial image version Daniel Micay 2024-06-15 13:36:29 -0400
  • 7a78e3bd07 count: add akita Daniel Micay 2024-06-11 22:56:05 -0400
  • aefa91830e update python dependencies Daniel Micay 2024-06-08 14:34:08 -0400
  • 8e9fe48605 update python dependencies Daniel Micay 2024-06-06 00:26:45 -0400
  • 1ed92eb04c short ISRG Root X1 chain is now the default Daniel Micay 2024-06-04 13:26:50 -0400
  • aacde289bf add postfix-pcre package to mail.grapheneos.org Daniel Micay 2024-05-30 12:12:05 -0400
  • 59e15db025 update python dependencies Daniel Micay 2024-05-30 10:32:19 -0400
  • f837b81bbd replace obsolete python-postfix-policyd-spf with python-spf-engine Daniel Micay 2024-05-29 22:32:33 -0400
  • d77a7b2cff drop python-pydantic workaround Daniel Micay 2024-05-24 15:42:36 -0400
  • e1f968617b replace sshpass with swiftclient for backups Daniel Micay 2024-05-24 15:34:42 -0400
  • f1d388e5c9 add list of hosts using automated backups Daniel Micay 2024-05-24 15:34:16 -0400
  • a2758fe665 update python dependencies Daniel Micay 2024-05-24 15:33:27 -0400
  • 39a48e6585 update python dependencies Daniel Micay 2024-05-21 13:38:50 -0400
  • 38dc2fb4d2 add samsung.psds.grapheneos.org subdomain Daniel Micay 2024-05-15 14:36:26 -0400
  • 3b1c43d29f update requirements.txt Daniel Micay 2024-04-30 12:32:40 -0400
  • f9425e3ebd reduce conntrack UDP timeouts Daniel Micay 2024-04-30 12:13:02 -0400
  • 6dbc014f4b set conntrack expectation table to minimum size Daniel Micay 2024-04-27 12:48:21 -0400
  • a067120a49 downgrade to supported nodejs LTS branch for mjolnir Daniel Micay 2024-04-27 09:48:06 -0400
  • ba79d80b52 raise burst value for synproxy threshold Daniel Micay 2024-04-26 16:30:49 -0400
  • c99b8d0b47 nftables: use default drop in prerouting-raw table Daniel Micay 2024-04-26 10:42:45 -0400
  • bab3f0c14a disable IPv4-mapped IPv6 addresses by default Daniel Micay 2024-04-25 10:33:11 -0400
  • 2c2943cc3e override default conntrack table size Daniel Micay 2024-04-25 01:58:44 -0400
  • fb40773157 reduce conntrack TCP TIME-WAIT timeout to match TCP stack Daniel Micay 2024-04-24 21:12:12 -0400
  • 82cc1beccb remove unused SYN backlog configuration Daniel Micay 2024-04-24 18:58:41 -0400
  • f3ae109eac reduce conntrack SYN timeouts to match TCP/IP stack Daniel Micay 2024-04-24 10:45:02 -0400
  • ee62868a7b nftables: use standard order for verdict map Daniel Micay 2024-04-23 03:29:52 -0400
  • 965bc4f951 nftables: add invalid case to ct state vmap Daniel Micay 2024-04-23 02:14:07 -0400
  • 5ba6cbd3d1 nftables: simplify rules via untracked state Daniel Micay 2024-04-23 02:08:57 -0400
  • d369f159a9 add nmap package across servers mainly for nping Daniel Micay 2024-04-22 10:40:30 -0400
  • 9f99e9c3a5 drop whois package from discuss.grapheneos.org Daniel Micay 2024-04-22 10:38:05 -0400
  • 398acc6fe8 nftables: drop instead of reject for unused ports Daniel Micay 2024-04-19 13:25:42 -0400
  • b17b2f3fd3 nftables: add define for ns2.grapheneos.org anycast IP Daniel Micay 2024-04-18 10:40:29 -0400
  • 741ea728ea nftables: move output skuid checks to raw phase Daniel Micay 2024-04-17 15:03:13 -0400
  • 7782c861cb nftables: reorder rule for rejecting SSH via anycast Daniel Micay 2024-04-15 23:54:17 -0400
  • 8caa777e11 add connection limit allowlist for mail server Daniel Micay 2024-04-15 23:20:05 -0400
  • dade50c832 nftables: drop unnecessary ssh localhost allowlist Daniel Micay 2024-04-15 22:38:15 -0400
  • 9f84c50869 force DMARC enforcement for gmail.com Daniel Micay 2024-04-15 11:42:03 -0400
  • 8278883a84 add grapheneos.foundation domain Daniel Micay 2024-04-13 19:15:02 -0400
  • 8a4e4f334f reorder configuration Daniel Micay 2024-04-13 18:00:18 -0400
  • 56f169cbba increase max TCP send buffer size for matrix server Daniel Micay 2024-04-13 16:26:32 -0400
  • 35e776f867 increase max TCP send buffer size for update servers Daniel Micay 2024-04-13 14:27:31 -0400
  • 711e432a67 remove unnecessary local-reserved-ports.conf template Daniel Micay 2024-04-13 14:17:23 -0400
  • f9bce64060 enable TCP window shrinking Daniel Micay 2024-04-13 11:04:42 -0400
  • 6a325f8798 update python dependencies Daniel Micay 2024-04-12 10:23:57 -0400
  • bd6f127acf move nftables configuration to a directory Daniel Micay 2024-04-12 10:23:29 -0400
  • c412fec336 simplify rate limited synproxy bypass Daniel Micay 2024-04-11 23:02:43 -0400
  • ca35fcc648 add python-pydantic package for matrix.grapheneos.org Daniel Micay 2024-04-11 22:45:55 -0400
  • b928b197b0 nftables: add comments explaining adding to connlimit sets Daniel Micay 2024-04-11 15:59:07 -0400
  • edbf50a3da nftables: rename tcp service chains Daniel Micay 2024-04-11 11:59:19 -0400
  • 3d886dea43 nftables: split out TCP service chain Daniel Micay 2024-04-11 11:49:22 -0400
  • b152574da8 nftables: avoid unnecessary connection marking Daniel Micay 2024-04-11 11:30:58 -0400
  • 832a430954 nftables: handle non-TCP case in input-new chain Daniel Micay 2024-04-11 10:34:00 -0400
  • 8f047de0c3 nftables: explain synproxy untracked/invalid cases Daniel Micay 2024-04-11 10:19:39 -0400
  • 26a58b2492 nftables: explain synproxy bypass rate limit Daniel Micay 2024-04-11 09:56:30 -0400
  • ecd14bddff nftables: explain ordering of strong host model check Daniel Micay 2024-04-11 09:49:50 -0400
  • b21ea0a23f raise synproxy bypass burst to 128 packets from 5 Daniel Micay 2024-04-10 15:02:25 -0400
  • b38736ca74 enable nftables-based DDoS protection for all TCP services Daniel Micay 2024-04-10 12:54:58 -0400
  • 14c0128910 add rate limited synproxy bypass Daniel Micay 2024-04-10 09:29:56 -0400
  • ef63ff82d2 use consistent name for main connlimit Daniel Micay 2024-04-09 20:29:11 -0400
  • 275d63e8b3 certbot: add ns2 variant of staging authoritative DNS Daniel Micay 2024-04-08 17:06:19 -0400
  • 5106ec7f4a remove redundant vm.max_map_count configuration Daniel Micay 2024-04-07 14:59:36 -0400