Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-11-15 13:01:50 -05:00
Code Issues Projects Releases Packages Wiki Activity
graphene-os-server-infrastr.../hosts.sh
Daniel Micay c6156ebed7 switch from shaped CAKE to FQ for BuyVM servers 
These servers originally only had the 1Gbps base bandwidth and shaping
it with CAKE worked well to make the most of it during traffic spikes
for the web servers. It has little value for the nameservers since the
only potentially high throughput service is non-interactive SSH.

These servers now have 10Gbps burst available but are heavily limited by
their single virtual core and unable to use all of it in practice. CAKE
can only provide significant value when it's the bottleneck which isn't
the case when the workload is CPU limited. We don't want to keep around
the artificially low 1Gbps limit and it can't do much more.

Unlike OVH, the practical bottleneck is the CPU and FQ has the lowest
CPU usage in practice due to being very performance-oriented with a FIFO
fast path and offloading TCP pacing from the TCP stack to itself. On the
DNS servers, the fast path is always used in practice. Our OVH servers
have a much lower enforced bandwidth limit and the way they implement it
ruins fairness across flows. We definitely want to stick with CAKE for
our VPS instances on OVH but it doesn't make sense on BuyVM anymore.
2025-09-18 01:26:39 -04:00

379 lines
11 KiB
Bash
Raw Blame History

declare -Ar hosts_hostname=(
[ns1.staging.grapheneos.org]=ns1-staging
[0.ns1.grapheneos.org]=0-ns1
[1.ns1.grapheneos.org]=1-ns1
[2.ns1.grapheneos.org]=2-ns1
[3.ns1.grapheneos.org]=3-ns1
[0.ns2.grapheneos.org]=0-ns2
[1.ns2.grapheneos.org]=1-ns2
[2.ns2.grapheneos.org]=2-ns2
[mail.grapheneos.org]=mail
[staging.grapheneos.org]=staging
[0.grapheneos.org]=0-grapheneos
[1.grapheneos.org]=1-grapheneos
[2.grapheneos.org]=2-grapheneos
[3.grapheneos.org]=3-grapheneos
[0.grapheneos.network]=0-network
[1.grapheneos.network]=1-network
[2.grapheneos.network]=2-network
[3.grapheneos.network]=3-network
[0.releases.grapheneos.org]=0-releases
[1.releases.grapheneos.org]=1-releases
[2.releases.grapheneos.org]=2-releases
[staging.attestation.app]=staging-attestation
[attestation.app]=attestation
[matrix.grapheneos.org]=matrix
[discuss.grapheneos.org]=discuss
[grapheneos.social]=social
)
declare -Ar hosts_uefi=(
[0.releases.grapheneos.org]=true
[1.releases.grapheneos.org]=true
[2.releases.grapheneos.org]=true
)
declare -Ar hosts_metal=(
[0.releases.grapheneos.org]=true
[1.releases.grapheneos.org]=true
[2.releases.grapheneos.org]=true
)
declare -Ar hosts_hardware_watchdog=(
[0.releases.grapheneos.org]=true
[1.releases.grapheneos.org]=true
[2.releases.grapheneos.org]=true
)
declare -Ar hosts_authorized_keys=(
[1.ns1.grapheneos.org]=authorized_keys-replica-ns1
[2.ns1.grapheneos.org]=authorized_keys-replica-ns1
[3.ns1.grapheneos.org]=authorized_keys-replica-ns1
[1.ns2.grapheneos.org]=authorized_keys-replica-ns2
[2.ns2.grapheneos.org]=authorized_keys-replica-ns2
[1.grapheneos.org]=authorized_keys-replica-grapheneos
[2.grapheneos.org]=authorized_keys-replica-grapheneos
[3.grapheneos.org]=authorized_keys-replica-grapheneos
[1.grapheneos.network]=authorized_keys-replica-network
[2.grapheneos.network]=authorized_keys-replica-network
[3.grapheneos.network]=authorized_keys-replica-network
[5.releases.grapheneos.org]=authorized_keys-replica-releases
[6.releases.grapheneos.org]=authorized_keys-replica-releases
[staging.attestation.app]=authorized_keys-staging-attestation
)
declare -Ar hosts_firewall=(
[ns1.staging.grapheneos.org]=ns1
[0.ns1.grapheneos.org]=ns1
[1.ns1.grapheneos.org]=ns1
[2.ns1.grapheneos.org]=ns1
[3.ns1.grapheneos.org]=ns1
[0.ns2.grapheneos.org]=ns2
[1.ns2.grapheneos.org]=ns2
[2.ns2.grapheneos.org]=ns2
[mail.grapheneos.org]=mail
[staging.grapheneos.org]=web-fq
[1.grapheneos.org]=web-fq
[0.grapheneos.network]=network
[1.grapheneos.network]=network-fq
[2.grapheneos.network]=network
[3.grapheneos.network]=network
[0.releases.grapheneos.org]=web-fq
[1.releases.grapheneos.org]=web-fq
[2.releases.grapheneos.org]=web-fq
[staging.attestation.app]=attestation-fq
[attestation.app]=attestation
[matrix.grapheneos.org]=matrix
[discuss.grapheneos.org]=discuss
[grapheneos.social]=social
)
declare -Ar hosts_swap=(
[0.releases.grapheneos.org]=32768
[1.releases.grapheneos.org]=32768
[2.releases.grapheneos.org]=32768
[attestation.app]=4096
[matrix.grapheneos.org]=8192
[discuss.grapheneos.org]=4096
[grapheneos.social]=4096
)
declare -Ar hosts_agcount=(
[0.releases.grapheneos.org]=32
[1.releases.grapheneos.org]=24
[2.releases.grapheneos.org]=24
)
declare -Ar hosts_reserved_ports=(
[0.grapheneos.network]=7275
[1.grapheneos.network]=7275
[2.grapheneos.network]=7275
[3.grapheneos.network]=7275
[staging.attestation.app]=8080
[attestation.app]=8080
)
declare -Ar hosts_tcp_wmem_max=(
[0.releases.grapheneos.org]=33554432
[1.releases.grapheneos.org]=33554432
[2.releases.grapheneos.org]=33554432
[matrix.grapheneos.org]=16777216
)
declare -Ar hosts_conntrack_size=(
[ns1.staging.grapheneos.org]=65536
[0.ns1.grapheneos.org]=131072
[1.ns1.grapheneos.org]=131072
[2.ns1.grapheneos.org]=131072
[3.ns1.grapheneos.org]=131072
[0.ns2.grapheneos.org]=65536
[1.ns2.grapheneos.org]=65536
[2.ns2.grapheneos.org]=65536
[mail.grapheneos.org]=131072
[staging.grapheneos.org]=65536
[0.grapheneos.org]=131072
[1.grapheneos.org]=65536
[2.grapheneos.org]=131072
[3.grapheneos.org]=131072
[0.grapheneos.network]=131072
[1.grapheneos.network]=65536
[2.grapheneos.network]=131072
[3.grapheneos.network]=131072
[0.releases.grapheneos.org]=8388608
[1.releases.grapheneos.org]=12582912
[2.releases.grapheneos.org]=12582912
[staging.attestation.app]=65536
[attestation.app]=131072
[matrix.grapheneos.org]=131072
[discuss.grapheneos.org]=131072
[grapheneos.social]=131072
)
declare -Ar hosts_ssh_users=(
[staging.attestation.app]="root attestation"
[attestation.app]="root attestation"
[discuss.grapheneos.org]="root flarum-admin"
)
declare -Ar hosts_journald_system_max_use=(
[0.grapheneos.org]=16G
[1.grapheneos.org]=16G
[2.grapheneos.org]=16G
[3.grapheneos.org]=16G
[0.grapheneos.network]=24G
[1.grapheneos.network]=16G
[2.grapheneos.network]=24G
[3.grapheneos.network]=24G
[0.releases.grapheneos.org]=64G
[1.releases.grapheneos.org]=64G
[2.releases.grapheneos.org]=64G
)
declare -Ar hosts_journald_system_max_file_size=(
[0.grapheneos.org]=512M
[1.grapheneos.org]=512M
[2.grapheneos.org]=1G
[3.grapheneos.org]=512M
[0.grapheneos.network]=4G
[1.grapheneos.network]=4G
[2.grapheneos.network]=4G
[3.grapheneos.network]=2G
[0.releases.grapheneos.org]=4G
[1.releases.grapheneos.org]=4G
[2.releases.grapheneos.org]=4G
[matrix.grapheneos.org]=1G
[discuss.grapheneos.org]=1G
[grapheneos.social]=1G
)
declare -Ar hosts_journald_max_file_sec=(
[ns1.staging.grapheneos.org]=12hour
[0.ns1.grapheneos.org]=12hour
[1.ns1.grapheneos.org]=12hour
[2.ns1.grapheneos.org]=12hour
[3.ns1.grapheneos.org]=12hour
[0.ns2.grapheneos.org]=12hour
[1.ns2.grapheneos.org]=12hour
[2.ns2.grapheneos.org]=12hour
[0.grapheneos.network]=12hour
[1.grapheneos.network]=12hour
[2.grapheneos.network]=12hour
[3.grapheneos.network]=12hour
)
declare -Ar hosts_journald_max_retention_sec=(
[ns1.staging.grapheneos.org]=4day
[0.ns1.grapheneos.org]=4day
[1.ns1.grapheneos.org]=4day
[2.ns1.grapheneos.org]=4day
[3.ns1.grapheneos.org]=4day
[0.ns2.grapheneos.org]=4day
[1.ns2.grapheneos.org]=4day
[2.ns2.grapheneos.org]=4day
[0.grapheneos.network]=4day
[1.grapheneos.network]=4day
[2.grapheneos.network]=4day
[3.grapheneos.network]=4day
)
declare -Ar hosts_ipv4_address=(
[ns1.staging.grapheneos.org]=198.98.56.238
[0.ns1.grapheneos.org]=51.161.34.158
[1.ns1.grapheneos.org]=15.204.8.153
[2.ns1.grapheneos.org]=57.129.65.223
[3.ns1.grapheneos.org]=15.235.197.61
[0.ns2.grapheneos.org]=198.98.53.141
[1.ns2.grapheneos.org]=205.185.124.155
[2.ns2.grapheneos.org]=107.189.3.168
[mail.grapheneos.org]=192.99.98.22
[staging.grapheneos.org]=199.195.250.78
[0.grapheneos.org]=51.222.156.101
[1.grapheneos.org]=209.141.35.164
[2.grapheneos.org]=54.37.41.188
[3.grapheneos.org]=51.79.160.50
[0.grapheneos.network]=51.222.159.116
[1.grapheneos.network]=209.141.37.35
[2.grapheneos.network]=54.37.41.189
[3.grapheneos.network]=51.79.161.36
[0.releases.grapheneos.org]=45.90.185.33
[1.releases.grapheneos.org]=172.96.172.37
[2.releases.grapheneos.org]=104.194.8.203
[staging.attestation.app]=198.98.57.157
[attestation.app]=51.79.66.27
[matrix.grapheneos.org]=51.79.51.42
[discuss.grapheneos.org]=51.79.52.38
[grapheneos.social]=51.222.159.14
)
declare -Ar hosts_ipv6_address=(
[ns1.staging.grapheneos.org]=2605:6400:10:c41:de92:c534:326a:711a
[0.ns1.grapheneos.org]=2607:5300:205:200::eaa
[1.ns1.grapheneos.org]=2604:2dc0:202:300::23a6
[2.ns1.grapheneos.org]=2001:41d0:701:1100::245b
[3.ns1.grapheneos.org]=2402:1f00:8000:800::3966
[0.ns2.grapheneos.org]=2605:6400:10:102e:95bc:89ef:2e7f:49bb
[1.ns2.grapheneos.org]=2605:6400:20:1c8f:a0c9:372d:482e:945b
[2.ns2.grapheneos.org]=2605:6400:30:ec25:102c:af6d:5be:1eb8
[mail.grapheneos.org]=2607:5300:205:200::472f
[staging.grapheneos.org]=2605:6400:10:9d6:6d84:e183:acda:16d7
[0.grapheneos.org]=2607:5300:205:200::29c6
[1.grapheneos.org]=2605:6400:20:1131:8088:e08:84e6:632
[2.grapheneos.org]=2001:41d0:304:200::902f
[3.grapheneos.org]=2402:1f00:8000:800::16d6
[0.grapheneos.network]=2607:5300:205:200::2584
[1.grapheneos.network]=2605:6400:20:387:72d4:dab9:a369:f351
[2.grapheneos.network]=2001:41d0:304:200::b109
[3.grapheneos.network]=2402:1f00:8000:800::1949
[0.releases.grapheneos.org]=2a14:3f87:6920:250::100
[1.releases.grapheneos.org]=2605:9880:400:1100:15:1240:515:6e
[2.releases.grapheneos.org]=2605:9880:200:20::113
[staging.attestation.app]=2605:6400:10:aa9:1c0f:44d3:da15:c0ec
[attestation.app]=2607:5300:205:200::7e9
[matrix.grapheneos.org]=2607:5300:205:200::26e1
[discuss.grapheneos.org]=2607:5300:205:200::3c4
[grapheneos.social]=2607:5300:205:200::5e3f
)
readonly hosts_ns1=(
{0..3}.ns1.grapheneos.org
)
readonly hosts_ns2=(
{0..2}.ns2.grapheneos.org
)
readonly hosts_dns=(
ns1.staging.grapheneos.org
"${hosts_ns1[@]}"
"${hosts_ns2[@]}"
)
readonly hosts_staging=(
ns1.staging.grapheneos.org
staging.grapheneos.org
staging.attestation.app
)
readonly hosts_certbot=(
ns1.staging.grapheneos.org
0.ns1.grapheneos.org
0.ns2.grapheneos.org
mail.grapheneos.org
staging.grapheneos.org
0.grapheneos.org
0.grapheneos.network
0.releases.grapheneos.org
staging.attestation.app
attestation.app
matrix.grapheneos.org
discuss.grapheneos.org
grapheneos.social
)
readonly hosts_backup=(
mail.grapheneos.org
staging.attestation.app
attestation.app
matrix.grapheneos.org
discuss.grapheneos.org
grapheneos.social
)
readonly hosts_grapheneos=(
{0..3}.grapheneos.org
)
readonly hosts_grapheneos_all=(
staging.grapheneos.org
"${hosts_grapheneos[@]}"
)
readonly hosts_releases=(
{0..2}.releases.grapheneos.org
)
readonly hosts_network=(
{0..3}.grapheneos.network
)
readonly hosts_attestation=(
staging.attestation.app
attestation.app
)
readonly hosts_web=(
"${hosts_dns[@]}"
mail.grapheneos.org
"${hosts_grapheneos_all[@]}"
"${hosts_network[@]}"
"${hosts_releases[@]}"
"${hosts_attestation[@]}"
matrix.grapheneos.org
discuss.grapheneos.org
grapheneos.social
)
readonly hosts_all=(
"${hosts_web[@]}"
)
readonly hosts_buyvm=(
ns1.staging.grapheneos.org
{0..2}.ns2.grapheneos.org
staging.grapheneos.org
1.grapheneos.org
1.grapheneos.network
staging.attestation.app
)
readonly hosts_ovh=(
{0..3}.ns1.grapheneos.org
mail.grapheneos.org
{0,2,3}.grapheneos.org
{0,2,3}.grapheneos.network
{0..3}.releases.grapheneos.org
attestation.app
matrix.grapheneos.org
discuss.grapheneos.org
grapheneos.social
)
Reference in a new issue View git blame Copy permalink