Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-12-22 05:35:00 -05:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 254e628a79 move staging.ns1.grapheneos.org to ns1.staging.grapheneos.org Daniel Micay 2023-06-22 00:27:08 -0400
  • f1d9c0693e disable link-local addressing Daniel Micay 2023-06-21 23:10:09 -0400
  • 384c29bd5e simplify route metric configuration Daniel Micay 2023-06-21 22:56:50 -0400
  • d128124200 move website server mta-sts to mail server Daniel Micay 2023-06-21 14:53:07 -0400
  • 4abeaf06f5 move network server mta-sts to mail server Daniel Micay 2023-06-21 14:43:06 -0400
  • 884906f160 move mta-sts.seamlessupdate.app to mail server Daniel Micay 2023-06-21 14:37:46 -0400
  • 5c6f540cf3 move mta-sts.matrix.grapheneos.org to mail server Daniel Micay 2023-06-21 14:31:49 -0400
  • dc840b7925 move mta-sts.grapheneos.social to mail server Daniel Micay 2023-06-21 14:20:43 -0400
  • aa89e675d6 move mta-sts.discuss.grapheneos.org to mail server Daniel Micay 2023-06-21 14:20:21 -0400
  • 95e0c68cb0 move mta-sts.attestation.app to mail server Daniel Micay 2023-06-21 13:59:46 -0400
  • 3034c845c9 move mta-sts.mail.grapheneos.org to mail server Daniel Micay 2023-06-21 13:48:41 -0400
  • a07fa271e3 fix domain for mail.grapheneos.org certbot init Daniel Micay 2023-06-21 13:40:43 -0400
  • fdf3839571 prepare to move MTA-STS web server to mail server Daniel Micay 2023-06-21 13:11:36 -0400
  • 3d869bcac7 split out anycast DNS nftables configuration Daniel Micay 2023-06-19 03:26:06 -0400
  • d0d72994e2 replace ns2.grapheneos.org network configuration Daniel Micay 2023-06-16 20:21:59 -0400
  • 341861f886 add xfsprogs package Daniel Micay 2023-06-16 13:54:06 -0400
  • f9bd265028 nftables: drop unnecessary semicolons Daniel Micay 2023-06-10 22:14:54 -0400
  • 27aca7474c drop no-op RemoveIPC Daniel Micay 2023-06-10 20:42:37 -0400
  • 6223daec3f document DANE TLSA commands Daniel Micay 2023-06-09 01:09:47 -0400
  • dcb50a9085 add /etc/sysctl.d/local-reserved-ports.conf Daniel Micay 2023-06-06 21:55:11 -0400
  • 48f855cf83 exclude /etc/sysconfig in pacreport.conf Daniel Micay 2023-06-06 17:05:58 -0400
  • 39ec27f421 move ssh configuration to subdirectory Daniel Micay 2023-06-06 15:18:19 -0400
  • 4e12323e27 regenerate requirements.txt Daniel Micay 2023-05-31 19:04:12 -0400
  • 36876296cd update pacman.conf to match standard one Daniel Micay 2023-05-22 19:26:15 -0400
  • 593701cd63 add certbot commands Daniel Micay 2023-05-22 18:31:22 -0400
  • 6f6b8ceb54 enable chronyd seccomp filter Daniel Micay 2023-05-07 00:02:51 -0400
  • a74812ca6e allow NTP requests to network servers Daniel Micay 2023-05-05 09:55:11 -0400
  • 04e7114468 more precise gitignore rules Daniel Micay 2023-04-16 16:09:20 -0400
  • 6c0201a9f7 add venv to gitignore Daniel Micay 2023-04-16 16:08:49 -0400
  • 9b4d547dc1 mark php explicitly installed for forum Daniel Micay 2023-04-10 02:22:20 -0400
  • 06d672d7f8 add credstore to pacreport configuration Daniel Micay 2023-04-05 22:44:35 -0400
  • 19a7b5b9c9 add explicitly installed packages to repository Daniel Micay 2023-03-30 03:53:02 -0400
  • ac23681718 update systemd/system.conf Daniel Micay 2023-03-30 03:17:00 -0400
  • 7ffac9ab5a raise max journald files Daniel Micay 2023-03-29 00:15:04 -0400
  • c573091af4 use per-host journald SystemMaxUse Daniel Micay 2023-03-25 07:04:46 -0400
  • 581b590be0 update python dependencies Daniel Micay 2023-03-24 18:47:48 -0400
  • 83877cb983 add OVH mitigation control script Daniel Micay 2023-02-22 16:22:47 -0500
  • d550ccbc73 update sleep.conf Daniel Micay 2023-02-17 17:51:41 -0500
  • 68a73e798a update system.conf Daniel Micay 2023-02-17 17:51:24 -0500
  • 7fc42a25c4 remove Arch Linux nginx error_log configuration Daniel Micay 2023-02-17 16:37:57 -0500
  • 312b1a027b switch to unix domain sockets for mastodon Daniel Micay 2023-02-15 03:08:06 -0500
  • 53b2431f6b switch to unix socket socket for redis Daniel Micay 2023-02-15 02:44:38 -0500
  • f8d62478cf drop old nginx tmpfiles.d conf from pacreport.conf Daniel Micay 2023-02-14 01:41:32 -0500
  • c9dcf479fc allow PowerDNS webserver on loopback for root Daniel Micay 2023-02-14 01:19:19 -0500
  • 7871fa2d51 add comments for unbound avoid port configuration Daniel Micay 2023-02-11 20:29:33 -0500
  • edbb9158a4 avoid port 7275 (supl) for unbound Daniel Micay 2023-02-11 20:23:22 -0500
  • 34d0f7fc3b baseline web server config doesn't use DNS Daniel Micay 2023-02-11 03:18:02 -0500
  • 8b96ee620c split out network nftables rules for SUPL proxy Daniel Micay 2023-02-11 03:11:47 -0500
  • f0f6b9d993 sshd: switch to SSH protocol keep alive Daniel Micay 2023-02-10 11:19:56 -0500
  • d47d1569e5 update sshd_config Daniel Micay 2023-02-02 13:48:35 -0500
  • 1ba011b865 update pacreport.conf Daniel Micay 2023-01-31 20:12:01 -0500
  • cffcaa36f7
         Additional unbound hardening Tommy 2023-01-24 08:57:22 -0500
  • 3dfbd4e777 add init_on_free=1 for non-hardened kernels Daniel Micay 2023-01-23 21:34:33 -0500
  • 67de376313 add slab_nomerge for non-hardened kernels Daniel Micay 2023-01-15 14:34:24 -0500
  • 3c6aeeab3d add Mastodon ports to unbound avoid list Daniel Micay 2023-01-10 14:08:26 -0500
  • 4fd4aa40ee switch to C.UTF-8 locale Daniel Micay 2023-01-09 14:50:26 -0500
  • 6530e1a583 reboot immediately on kernel panic Daniel Micay 2023-01-09 14:18:30 -0500
  • 13a3a4ece0 use optimized dm-crypt configuration for swap Daniel Micay 2023-01-03 02:27:23 -0500
  • cea56c8acd fix matrix.grapheneos.org loopback nftables rules Daniel Micay 2022-12-25 18:55:53 -0500
  • 88692df381 dd nftables rules for grapheneos.social Daniel Micay 2022-12-25 18:53:04 -0500
  • 34627b993a switch to default mkinitcpio.conf Daniel Micay 2022-12-14 05:10:06 -0500
  • 01f0b498cf add additional gitignore entries Daniel Micay 2022-12-13 13:12:00 -0500
  • 3ea5a14b2f drop floating IPs for DNS servers Daniel Micay 2022-11-30 19:23:18 -0500
  • 91e36044ca drop floating IPs for release servers Daniel Micay 2022-11-29 02:26:51 -0500
  • 9f1ba5f2a5 drop floating IPs for website servers Daniel Micay 2022-11-29 02:07:56 -0500
  • 3354bcb34d drop floating IPs for network servers Daniel Micay 2022-11-29 02:07:05 -0500
  • ace45c7d5c drop floating IP for attestation server Daniel Micay 2022-11-29 01:39:15 -0500
  • 9929542f43 drop floating IP for forum server Daniel Micay 2022-11-29 01:27:01 -0500
  • 38414a8313 drop floating IP for Matrix server Daniel Micay 2022-11-29 01:26:31 -0500
  • 0aff07f884 add grapheneos.social network configuration Daniel Micay 2022-11-27 01:41:42 -0500
  • 08da28f7b5 drop floating IPs for staging servers Daniel Micay 2022-11-27 00:08:29 -0500
  • 7b3111deb6 update grub configuration Daniel Micay 2022-11-16 22:49:10 -0500
  • b996f5586f update systemd/system.conf Daniel Micay 2022-11-10 17:09:19 -0500
  • 7a4ace53f7 disable less history by default for login sessions Daniel Micay 2022-10-26 04:34:33 -0400
  • 224b1ae5d3 pam configuration now matches the package defaults Daniel Micay 2022-10-21 21:48:35 -0400
  • b93695ecc4 add encrypted swapfile configuration Daniel Micay 2022-09-26 22:53:26 -0400
  • 36423fb2bc auto-restart nginx if master process is killed Daniel Micay 2022-09-26 16:03:12 -0400
  • 320ad2e3a8 replace tmpfiles.d with RuntimeDirectory for nginx Daniel Micay 2022-09-26 15:37:43 -0400
  • 88d8e37233 rename nginx service hardening.conf to local.conf Daniel Micay 2022-09-26 14:04:45 -0400
  • 62a71c7600 drop obsolete nginx logrotate configuration Daniel Micay 2022-09-25 14:23:01 -0400
  • 966100eb9f vm.max_map_count to 1048576 Daniel Micay 2022-09-25 07:48:50 -0400
  • 3d5f437ec7 allow unbound to use more outbound ports Daniel Micay 2022-09-22 13:41:47 -0400
  • f3fb90859a simplify mirrorlist Daniel Micay 2022-09-15 23:13:28 -0400
  • dfd3fc861b avoid disallowing chown syscall for certbot-renew Daniel Micay 2022-09-14 18:24:08 -0400
  • 6c58739dc8 remove PowerDNS for unbound nftables allowlist Daniel Micay 2022-09-10 18:11:58 -0400
  • 9a69263f6b switch to floating IPv4 addresses for staging Daniel Micay 2022-09-10 04:36:49 -0400
  • 5832d15505
         Update certbot-ocsp-fetcher Rohan Kumar 2022-09-07 10:15:24 -0700
  • bcd14b805b blacklist legacy ip_tables module Daniel Micay 2022-08-31 05:19:40 -0400
  • 337647c5a9 add cfg80211 to module blacklist to silence error Daniel Micay 2022-08-31 04:34:19 -0400
  • 9939dbc67b use production time.nl hostname Daniel Micay 2022-08-30 14:51:08 -0400
  • 9708449087 use anycast hostname for netnod.se Daniel Micay 2022-08-30 14:48:55 -0400
  • 5461b3f05b raise tcp_max_syn_backlog to 65536 Daniel Micay 2022-08-28 15:53:44 -0400
  • ef1a26b68c certbot-renew: make nginx ocsp-cache dir optional Daniel Micay 2022-08-28 15:46:33 -0400
  • 89064482ed update pacman mirrorlist Daniel Micay 2022-08-28 15:02:44 -0400
  • fd397326ec add chown to certbot syscall allowlist Daniel Micay 2022-08-28 14:58:21 -0400
  • 8482ac5144 give certbot access to /etc/nginx/ocsp-cache Daniel Micay 2022-08-27 17:22:23 -0400
  • 2cf0966847 properly override ExecStart Daniel Micay 2022-08-27 17:19:42 -0400
  • 256c3652cc disable unused binfmt_misc Daniel Micay 2022-08-14 13:46:00 -0400
  • f829e05134 raise discuss.grapheneos.org to 500M bandwidth cap Daniel Micay 2022-08-11 11:44:05 -0400
  • 2a33c3b962 initial certbot-renew service hardening Daniel Micay 2022-08-10 11:29:37 -0400