Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-12-22 05:35:00 -05:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 5bbaecfce9 disable redundant random sleep for certbot renewal Daniel Micay 2022-08-10 11:14:47 -0400
  • 07dca7919d reorder network allowlists for consistency Daniel Micay 2022-08-10 11:13:31 -0400
  • afce4f2a51 limit nginx service capabilities Daniel Micay 2022-08-10 09:07:25 -0400
  • ca7c036e8c sort nginx hardening.conf options Daniel Micay 2022-08-10 08:27:43 -0400
  • 7332d93575 update base systemd/sleep.conf Daniel Micay 2022-08-10 05:31:31 -0400
  • 316561389c extend nginx service hardening Daniel Micay 2022-08-09 04:43:51 -0400
  • 74933df9cc set preempt=none for PREEMPT_DYNAMIC kernels Daniel Micay 2022-08-07 19:26:29 -0400
  • d7323bacba set lockdown to confidentiality mode Daniel Micay 2022-08-01 01:47:22 -0400
  • 01791fdcd3 configure CAKE via systemd-networkd Daniel Micay 2022-07-27 15:49:35 -0400
  • 2ff883f37f add systemd-network configurations Daniel Micay 2022-07-27 15:12:11 -0400
  • 953420e7a3 disable systemd sleep support Daniel Micay 2022-07-27 14:47:48 -0400
  • 45f6f63cc0 Revert "hard-wire ext4 as the only initramfs filesystem" Daniel Micay 2022-07-27 02:47:20 -0400
  • 97ad3e7810 unbound: disable unnecessary id/version queries Daniel Micay 2022-07-27 02:38:34 -0400
  • 16b58ea6e4 enable strict QNAME minimisation Daniel Micay 2022-07-27 02:30:53 -0400
  • 91de1aea2f add packages, modules and logs to gitignore Daniel Micay 2022-07-27 02:15:38 -0400
  • e90ae84627 ignore all tmp files in gitignore Daniel Micay 2022-07-27 02:15:14 -0400
  • 54b52a3655 use dedicated geoipupdate user Daniel Micay 2022-07-26 23:09:06 -0400
  • 6081f9fa73 allow synapse to connect to nginx via loopback Daniel Micay 2022-07-26 19:28:37 -0400
  • 984d0f200f nftables: implement loopback access control Daniel Micay 2022-07-25 20:03:09 -0400
  • a68a456778 update mirrorlist Daniel Micay 2022-07-25 04:09:58 -0400
  • f38929f9b4 add pacreport.conf Daniel Micay 2022-07-24 20:50:45 -0400
  • c0266f6a16 rename modprobe.d configuration file Daniel Micay 2022-07-24 20:07:57 -0400
  • e5f576c062 sshd: reduce MaxAuthTries to 1 Daniel Micay 2022-07-22 20:00:52 -0400
  • 84ca6bfa27 sshd: sntrup761x25519-sha512@openssh.com kex only Daniel Micay 2022-07-22 19:55:59 -0400
  • d7c23eac02 disable unused AES-GCM cipher suites Daniel Micay 2022-07-22 19:11:28 -0400
  • ad6e998ec2 nftables: filter input service traffic by dst addr Daniel Micay 2022-07-21 19:30:45 -0400
  • fdf21af1ae nftables: use notrack accept instead of notrack Daniel Micay 2022-07-21 17:31:16 -0400
  • f7da683012 nftables: simplify ICMP handling Daniel Micay 2022-07-18 22:14:35 -0400
  • 494247747c add flarum-admin user Daniel Micay 2022-07-12 17:36:13 -0400
  • 1a195570c8 sshd: disable unused agent forwarding feature Daniel Micay 2022-07-11 19:57:42 -0400
  • 1d9d5df54c unbound: only listen on IPv6 Daniel Micay 2022-07-10 15:41:10 -0400
  • 710d487e78 qname-minimisation is enabled by default now Daniel Micay 2022-07-03 09:22:18 -0400
  • f957d83855 add resolv.conf Daniel Micay 2022-07-03 09:05:41 -0400
  • 829ea23e8d lower conntrack established tcp connection timeout Daniel Micay 2022-07-03 05:28:54 -0400
  • 1c47cd88ab disable loose TCP connection tracking Daniel Micay 2022-07-03 03:50:53 -0400
  • 9dbc7347b5 directory for nginx unix domain sockets in /run Daniel Micay 2022-07-02 11:38:51 -0400
  • 765704b07f style fix Daniel Micay 2022-06-30 07:05:13 -0400
  • 32074453eb nftables: use numeric port format Daniel Micay 2022-06-30 06:58:20 -0400
  • 01f9274fc4 nftables: implement output filtering for loopback Daniel Micay 2022-06-30 06:41:52 -0400
  • fea9197ace disable unused chrony command port Daniel Micay 2022-06-30 03:08:28 -0400
  • e0ab41c4f4 nftables: friendlier output traffic filtering Daniel Micay 2022-06-29 20:18:51 -0400
  • 3ca0c347c6 add baseline nftables configurations Daniel Micay 2022-06-29 10:53:07 -0400
  • 52d67a3085 add chrony configuration Daniel Micay 2022-06-29 10:51:41 -0400
  • f6435cae74 reduce tcp retransmission attempts Daniel Micay 2022-06-27 23:28:45 -0400
  • 905ff4d433 update mirrorlist Daniel Micay 2022-06-06 12:18:19 -0400
  • e73dab2375 update systemd/system.conf Daniel Micay 2022-05-22 15:57:02 -0400
  • 8c81a44d6d update mirrorlist and switch to NA pkgbuild.com Daniel Micay 2022-05-02 00:56:41 -0400
  • 4a732879f3 update grub configuration Daniel Micay 2022-03-16 22:56:06 -0400
  • 962270c183 update system.conf Daniel Micay 2022-03-14 15:08:14 -0400
  • adb1ab92b3 update mirrorlist Daniel Micay 2022-02-27 13:42:21 -0500
  • 72937c922f add new file limit configuration for sshd Daniel Micay 2022-02-25 19:31:35 -0500
  • 8ad991e8c5 add locale configuration Daniel Micay 2022-02-15 01:03:56 -0500
  • 151a761d2b Fix readme Void 2021-12-16 16:53:46 +0000
  • cae3914144 Fix readme Void 2021-12-16 16:53:46 +0000
  • ed3824208d update mirrorlist Daniel Micay 2021-12-12 06:16:55 -0500
  • 19d0e86112 add sshd_config.tmp to gitignore Daniel Micay 2021-11-30 13:02:57 -0500
  • f1005cf339 user-based whitelist for ssh access Daniel Micay 2021-11-27 20:31:30 -0500
  • 9f82fe54bd use double brace for templates Daniel Micay 2021-11-27 20:25:47 -0500
  • 693655f5bc blacklist unused intel_agp driver Daniel Micay 2021-11-27 18:45:10 -0500
  • 6bbe5bc95a blacklist unused mouse/joystick drivers Daniel Micay 2021-11-27 18:15:49 -0500
  • 47a765066c blacklist unused virtio_balloon driver Daniel Micay 2021-11-27 17:59:14 -0500
  • 73a78746f1 hard-wire ext4 as the only initramfs filesystem Daniel Micay 2021-11-27 17:11:38 -0500
  • 00c21469df add mkinitcpio.conf Daniel Micay 2021-11-27 17:09:26 -0500
  • 7671f6b795 switch to a more consistent mirror Daniel Micay 2021-11-26 18:08:17 -0500
  • 91c9fd275e update system-login Daniel Micay 2021-11-21 22:38:36 -0500
  • 932b117824 blacklist useless floppy module too Daniel Micay 2021-11-17 14:34:19 -0500
  • 96c77bf78a update mirrorlist Daniel Micay 2021-11-14 09:43:30 -0500
  • 4a6474cb56 128k tcp_notsent_lowat to improve fairness/latency Daniel Micay 2021-10-02 15:39:07 -0400
  • 35f539f237 only permit native system call architecture Daniel Micay 2021-09-16 03:57:53 -0400
  • 87e8cdd144 blacklist useless pcspkr module Daniel Micay 2021-09-15 00:33:38 -0400
  • f5e61e0ca7 unbound: enable prefetch and prefetch-key Daniel Micay 2021-09-14 23:58:14 -0400
  • e4872fb5bb enable IP and IO accounting by default Daniel Micay 2021-09-09 08:44:11 -0400
  • 64b3a1031d move units to systemd directory Daniel Micay 2021-09-08 17:57:50 -0400
  • fe9d4e0f5f add systemd directory Daniel Micay 2021-09-08 17:53:20 -0400
  • e5fdf74ce6 disable deprecated pam user_readenv feature Daniel Micay 2021-09-08 17:12:34 -0400
  • e8c34cb913 enable networkd speed meter Daniel Micay 2021-09-08 04:33:47 -0400
  • 964473b6c2 add IPv6 DNS resolvers Daniel Micay 2021-09-08 04:08:36 -0400
  • 98ca37290a grub configuration for legacy boot Daniel Micay 2021-09-08 03:30:41 -0400
  • 5eead0ad5a disable unprivileged userns for regular kernels Daniel Micay 2021-09-07 22:50:57 -0400
  • 87db85274a sshd: raise MaxStartups to 4096 Daniel Micay 2021-09-06 02:42:22 -0400
  • c315170cd6 sshd: reduce MaxAuthTries to 2 Daniel Micay 2021-09-06 02:38:16 -0400
  • f56f094c97 sshd: limit per-source max startups to 1 Daniel Micay 2021-09-06 02:36:44 -0400
  • 43681fa913 sshd: reduce LoginGraceTime to 15s Daniel Micay 2021-09-06 01:37:16 -0400
  • 48f1d5627e add nginx logrotate configuration Daniel Micay 2021-08-27 03:55:18 -0400
  • b022108cc9 add systemd-journald configuration Daniel Micay 2021-08-26 23:46:27 -0400
  • 50b8b50707 remove redundant service options Daniel Micay 2021-08-23 11:54:37 -0400
  • 613251176d explicitly disable all standalone MACs (AEAD only) Daniel Micay 2021-08-23 09:23:16 -0400
  • 566a7e2ccb update to OpenSSH 8.7 Daniel Micay 2021-08-23 02:37:28 -0400
  • 2064eb3bbd update mirrorlist Daniel Micay 2021-08-22 11:54:01 -0400
  • de1580294f drop redundant pid_max configuration Daniel Micay 2021-08-17 19:23:49 -0400
  • 69effda0bc add CAKE configuration unit Daniel Micay 2021-08-12 17:47:51 -0400
  • 03ebca7fda update mirrorlist Daniel Micay 2021-08-08 19:55:35 -0400
  • d24d24926a add subset of shared configuration files Daniel Micay 2021-07-28 08:18:33 -0400
  • 7d70f11b0c add README with link to GrapheneOS servers article Daniel Micay 2021-07-19 23:03:53 -0400
  • b4ea75a628 add GitHub funding metadata Daniel Micay 2021-07-19 23:02:29 -0400