mirror of
https://github.com/GrapheneOS/infrastructure.git
synced 2024-12-22 13:45:02 -05:00
Shared server infrastructure - https://grapheneos.org/articles/grapheneos-servers
afce4f2a51
Running nginx as non-root would be possible via CAP_NET_BIND_SERVICE as an ambient capability but it would be inherited by workers. It's better to leave the supervisor process as root for the time being unless nginx was taught to use socket activation or drop capabilities for workers. |
||
---|---|---|
.github | ||
logrotate.d | ||
modprobe.d | ||
modules-load.d | ||
pam.d | ||
sysctl.d | ||
systemd | ||
tmpfiles.d | ||
.gitignore | ||
certbot-ocsp-fetcher | ||
chrony.conf | ||
grub | ||
hosts | ||
locale.conf | ||
locale.gen | ||
mirrorlist | ||
mkinitcpio.conf | ||
nftables-attestation.conf | ||
nftables-discuss.conf | ||
nftables-dns.conf | ||
nftables-mail.conf | ||
nftables-matrix.conf | ||
nftables-web.conf | ||
pacman.conf | ||
pacreport.conf | ||
README.md | ||
resolv.conf | ||
sshd_config | ||
unbound.conf |
Information about GrapheneOS servers is available in the GrapheneOS servers article on grapheneos.org.