Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-03-06 13:45:59 -05:00
Code Issues Packages Projects Releases Wiki Activity
306 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Daniel Micay d44a316624 disable 32-bit support via kernel line 
This is now supported in mainline and will be available in Linux 6.7. It
will be a while before we have it in production due to using the latest
LTS branch, but it might as well be set up in advance.

We currently have SystemCallArchitectures=native in the systemd
configuration to disallow 32-bit system calls via seccomp-bpf.
2024-01-03 11:10:07 -05:00
.github
add GitHub funding metadata
2021-07-19 23:02:29 -04:00
certbot
add widevineprovisioning.grapheneos.org
2023-12-02 02:16:42 -05:00
guide
add nftables dscp counter config to guide
2023-08-19 00:46:21 -04:00
modprobe.d
blacklist virtio_console module
2023-07-17 02:21:12 -04:00
modules-load.d
disable loose TCP connection tracking
2022-07-03 03:50:53 -04:00
packages
switch to nodejs 20 LTS branch
2023-12-21 20:12:55 -05:00
pacman.d
add directory structure for mirrorlist
2023-07-11 11:38:53 -04:00
ssh
raise ssh background traffic priority to af11
2023-08-14 23:32:00 -04:00
sysconfig
enable chronyd seccomp filter
2023-05-07 00:02:51 -04:00
sysctl.d
disable unused multipath TCP
2024-01-03 10:52:27 -05:00
systemd
use idle CPU scheduling mode for updatedb
2024-01-03 10:10:04 -05:00
.gitignore
add ovh-mitigation.txt to gitignore
2023-07-11 11:59:04 -04:00
certbot-ocsp-fetcher
update certbot-ocsp-fetcher
2023-07-09 18:16:59 -04:00
chrony.conf
chrony: mark traffic as EF
2023-08-04 17:20:25 -04:00
connection-stats
clean up stats scripts
2023-07-16 01:25:27 -04:00
count
simplify log fetching
2023-12-24 20:21:06 -05:00
crypttab
enable discard support for swapfile dm-crypt
2023-07-18 16:41:35 -04:00
dns-stats
add dns-stats script
2023-07-16 02:18:17 -04:00
environment
disable less history by default for login sessions
2022-10-26 04:35:23 -04:00
fetch-info
filter irrelevant module output
2024-01-03 10:18:15 -05:00
fstab
only discard swapfile at mount time
2023-07-18 16:41:39 -04:00
grub
disable 32-bit support via kernel line
2024-01-03 11:10:07 -05:00
hosts
add subset of shared configuration files
2021-07-28 08:23:04 -04:00
hosts.sh
add authenticated DNS-over-TLS to nameservers
2023-11-05 00:51:33 -04:00
LICENSE
add certbot-ocsp-fetcher copyright notice
2023-07-09 19:19:29 -04:00
locale.conf
switch to C.UTF-8 locale
2023-01-10 14:09:06 -05:00
locale.gen
add locale configuration
2022-02-15 01:03:56 -05:00
nftables-attestation.conf
reorder network allowlists for consistency
2022-08-10 11:13:31 -04:00
nftables-discuss.conf
disable services on IPv6 for discussion forum
2023-12-22 17:47:49 -05:00
nftables-mail.conf
prepare to move MTA-STS web server to mail server
2023-06-21 13:12:04 -04:00
nftables-matrix.conf
fix matrix.grapheneos.org loopback nftables rules
2022-12-25 19:03:41 -05:00
nftables-network.conf
nftables: drop unnecessary semicolons
2023-06-10 22:14:54 -04:00
nftables-ns1.conf
add authenticated DNS-over-TLS to nameservers
2023-11-05 00:51:33 -04:00
nftables-ns2.conf
add authenticated DNS-over-TLS to nameservers
2023-11-05 00:51:33 -04:00
nftables-social.conf
switch to unix domain sockets for mastodon
2023-02-17 16:24:35 -05:00
nftables-web.conf
baseline web server config doesn't use DNS
2023-02-11 03:26:25 -05:00
nginx-create-session-ticket-keys
add session ticket key management scripts
2023-07-09 18:04:17 -04:00
nginx-rotate-session-ticket-keys
add session ticket key management scripts
2023-07-09 18:04:17 -04:00
nginx-stats
clean up stats scripts
2023-07-16 01:25:27 -04:00
ovh-mitigation
rename OVH mitigation script
2023-07-03 18:35:43 -04:00
ovh-mitigation.py
rename OVH mitigation script
2023-07-03 18:35:43 -04:00
pacman.conf
disable unused multilib repository
2023-07-18 16:58:34 -04:00
pacreport.conf
add ephemeral-trees directory to pacreport
2023-10-01 09:04:41 -04:00
README.md
Fix readme
2021-12-16 12:43:34 -05:00
requirements.in
add OVH mitigation control script
2023-02-22 16:22:47 -05:00
requirements.txt
update python dependencies
2023-12-03 23:52:09 -05:00
resolv.conf
add resolv.conf
2022-07-03 09:05:41 -04:00
setup
specify python3 in setup script
2023-07-06 22:12:26 -04:00
unbound.conf
unbound: block dns rebinding
2023-10-04 10:26:16 -04:00

README.md

Information about GrapheneOS servers is available in the GrapheneOS servers article on grapheneos.org.

Description
Shared server infrastructure - https://grapheneos.org/articles/grapheneos-servers
grapheneos
Readme MIT 2 MiB
Languages
Shell 52.3%
Vim Script 43.9%
Python 2.4%
Erlang 1.4%