Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-01-31 07:33:20 -05:00
Code Issues Packages Projects Releases Wiki Activity
368 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Daniel Micay cd59960e7b move IP-based SSH connection limits to nftables 
We use synproxy for establishing all new connections to the SSH port and
enforce a connection limit between synproxy and the standard network
stack. Once the connection limit is reached, it's also enforced for new
connections at the synproxy layer. This avoids creating conntrack and
connection limit set entries until connections are already established
to avoid packets with spoofed source addresses exhausting these limited
size tables. Primary servers using SSH to mirror TLS certificates to
their replicas are allowlisted.
2024-03-28 11:38:03 -04:00
.github
add GitHub funding metadata
2021-07-19 23:02:29 -04:00
certbot
switch main domain for ECDSA mail server cert
2024-01-25 12:55:57 -05:00
guide
add nftables dscp counter config to guide
2023-08-19 00:46:21 -04:00
logrotate.d
replace certbot log rotation with logrotate
2024-02-13 12:38:14 -05:00
mkinitcpio.d
disable mkinitcpio fallback image
2024-03-04 13:13:58 -05:00
modprobe.d
blacklist virtio_console module
2023-07-17 02:21:12 -04:00
modules-load.d
disable loose TCP connection tracking
2022-07-03 03:50:53 -04:00
packages
add sqlite-analyzer to attestation servers
2024-03-08 11:54:02 -05:00
pacman.d
add directory structure for mirrorlist
2023-07-11 11:38:53 -04:00
ssh
move IP-based SSH connection limits to nftables
2024-03-28 11:38:03 -04:00
sysconfig
enable chronyd seccomp filter
2023-05-07 00:02:51 -04:00
sysctl.d
reorganize sysctl configuration
2024-03-24 11:03:31 -04:00
systemd
set preferred source for static IPv6 configuration
2024-03-26 21:50:12 -04:00
.gitignore
add authorized_keys to gitignore
2024-02-03 17:48:56 -05:00
certbot-ocsp-fetcher
update certbot-ocsp-fetcher
2024-01-25 01:23:49 -05:00
chrony.conf
disable chrony client log
2024-03-20 23:24:57 -04:00
connection-stats
clean up stats scripts
2023-07-16 01:25:27 -04:00
count
count: drop 3rd gen Pixels
2024-02-24 19:19:59 -05:00
crypttab
enable discard support for swapfile dm-crypt
2023-07-18 16:41:35 -04:00
deploy-initial
lsof replaced with lsfd
2024-03-06 16:53:42 -05:00
deploy.sh
explicit set XFS allocation group count
2024-02-24 10:28:10 -05:00
dns-stats
add uptime to dns stats
2024-02-03 17:30:22 -05:00
environment
disable less history by default for login sessions
2022-10-26 04:35:23 -04:00
fetch-info
filter irrelevant module output
2024-01-03 10:18:15 -05:00
fstab
only discard swapfile at mount time
2023-07-18 16:41:39 -04:00
grub
disable sending console output to unused ttyS0
2024-02-01 16:39:33 -05:00
hosts
add subset of shared configuration files
2021-07-28 08:23:04 -04:00
hosts.sh
split grapheneos.org hosts array
2024-03-18 21:10:47 -04:00
inputrc
add basic inputrc
2024-03-14 15:48:53 -04:00
LICENSE
update copyright notice
2024-01-25 01:57:18 -05:00
locale.conf
switch to C.UTF-8 locale
2023-01-10 14:09:06 -05:00
logrotate.conf
use standard log rotation approach for wtmp/btmp
2024-03-20 23:43:48 -04:00
nftables-attestation.conf
move IP-based SSH connection limits to nftables
2024-03-28 11:38:03 -04:00
nftables-discuss.conf
move IP-based SSH connection limits to nftables
2024-03-28 11:38:03 -04:00
nftables-mail.conf
move IP-based SSH connection limits to nftables
2024-03-28 11:38:03 -04:00
nftables-matrix.conf
move IP-based SSH connection limits to nftables
2024-03-28 11:38:03 -04:00
nftables-network.conf
move IP-based SSH connection limits to nftables
2024-03-28 11:38:03 -04:00
nftables-ns1.conf
move IP-based SSH connection limits to nftables
2024-03-28 11:38:03 -04:00
nftables-ns2.conf
move IP-based SSH connection limits to nftables
2024-03-28 11:38:03 -04:00
nftables-social.conf
move IP-based SSH connection limits to nftables
2024-03-28 11:38:03 -04:00
nftables-web.conf
move IP-based SSH connection limits to nftables
2024-03-28 11:38:03 -04:00
nginx-create-session-ticket-keys
clean up session ticket rotation scripts
2024-03-20 22:55:40 -04:00
nginx-rotate-session-ticket-keys
clean up session ticket rotation scripts
2024-03-20 22:55:40 -04:00
nginx-stats
clean up stats scripts
2023-07-16 01:25:27 -04:00
ovh-mitigation
rename OVH mitigation script
2023-07-03 18:35:43 -04:00
ovh-mitigation.py
rename OVH mitigation script
2023-07-03 18:35:43 -04:00
pacman.conf
disable unused multilib repository
2023-07-18 16:58:34 -04:00
pacreport.conf
add updatedb drop-in unit to pacreport exclusions
2024-02-01 18:01:06 -05:00
README.md
Fix readme
2021-12-16 12:43:34 -05:00
requirements.in
add OVH mitigation control script
2023-02-22 16:22:47 -05:00
requirements.txt
update python dependencies
2024-02-23 13:04:36 -05:00
resolv.conf
add resolv.conf
2022-07-03 09:05:41 -04:00
setup
specify python3 in setup script
2023-07-06 22:12:26 -04:00
unbound.conf
unbound: block dns rebinding
2023-10-04 10:26:16 -04:00

README.md

Information about GrapheneOS servers is available in the GrapheneOS servers article on grapheneos.org.

Description
Shared server infrastructure - https://grapheneos.org/articles/grapheneos-servers
grapheneos
Readme MIT 1.9 MiB
Languages
Shell 52.3%
Vim Script 43.9%
Python 2.4%
Erlang 1.4%