Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-07-01 16:51:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
Shared server infrastructure - https://grapheneos.org/articles/grapheneos-servers
92 Commits 1 Branch 0 Tags 1.7 MiB
Shell 93.2%
Python 3.7%
Erlang 3.1%
afce4f2a51
Go to file
Daniel Micay afce4f2a51 limit nginx service capabilities 
Running nginx as non-root would be possible via CAP_NET_BIND_SERVICE as
an ambient capability but it would be inherited by workers. It's better
to leave the supervisor process as root for the time being unless nginx
was taught to use socket activation or drop capabilities for workers.
2022-08-10 11:12:20 -04:00
.github add GitHub funding metadata 2021-07-19 23:02:29 -04:00
logrotate.d add nginx logrotate configuration 2021-08-27 03:55:18 -04:00
modprobe.d rename modprobe.d configuration file 2022-07-24 20:07:57 -04:00
modules-load.d disable loose TCP connection tracking 2022-07-03 03:50:53 -04:00
pam.d update system-login 2021-11-21 22:38:36 -05:00
sysctl.d lower conntrack established tcp connection timeout 2022-07-03 05:28:54 -04:00
systemd limit nginx service capabilities 2022-08-10 11:12:20 -04:00
tmpfiles.d directory for nginx unix domain sockets in /run 2022-07-02 13:10:42 -04:00
.gitignore add packages, modules and logs to gitignore 2022-07-27 02:16:04 -04:00
certbot-ocsp-fetcher add subset of shared configuration files 2021-07-28 08:23:04 -04:00
chrony.conf disable unused chrony command port 2022-06-30 03:08:28 -04:00
grub set preempt=none for PREEMPT_DYNAMIC kernels 2022-08-07 19:26:29 -04:00
hosts add subset of shared configuration files 2021-07-28 08:23:04 -04:00
locale.conf add locale configuration 2022-02-15 01:03:56 -05:00
locale.gen add locale configuration 2022-02-15 01:03:56 -05:00
mirrorlist update mirrorlist 2022-07-25 04:09:58 -04:00
mkinitcpio.conf Revert "hard-wire ext4 as the only initramfs filesystem" 2022-07-27 02:47:20 -04:00
nftables-attestation.conf nftables: implement loopback access control 2022-07-25 20:47:29 -04:00
nftables-discuss.conf nftables: implement loopback access control 2022-07-25 20:47:29 -04:00
nftables-dns.conf use dedicated geoipupdate user 2022-07-26 23:09:06 -04:00
nftables-mail.conf nftables: implement loopback access control 2022-07-25 20:47:29 -04:00
nftables-matrix.conf allow synapse to connect to nginx via loopback 2022-07-26 19:30:33 -04:00
nftables-web.conf nftables: implement loopback access control 2022-07-25 20:47:29 -04:00
pacman.conf add subset of shared configuration files 2021-07-28 08:23:04 -04:00
pacreport.conf add pacreport.conf 2022-07-24 20:55:47 -04:00
README.md Fix readme 2021-12-16 12:43:34 -05:00
resolv.conf add resolv.conf 2022-07-03 09:05:41 -04:00
sshd_config sshd: reduce MaxAuthTries to 1 2022-07-22 20:00:52 -04:00
unbound.conf unbound: disable unnecessary id/version queries 2022-07-27 02:38:34 -04:00

README.md

Information about GrapheneOS servers is available in the GrapheneOS servers article on grapheneos.org.