Daniel Micay
|
5417e37062
|
require hashes and binary wheels for pip
|
2023-01-10 13:53:33 -05:00 |
|
Daniel Micay
|
7d9379972f
|
freeze hashes of python dependencies
|
2023-01-10 13:02:53 -05:00 |
|
Daniel Micay
|
0e574a4ee9
|
add postgresql.conf
|
2022-12-04 04:35:35 -05:00 |
|
Daniel Micay
|
5fe0978ef2
|
brotli keeps source files by default
|
2022-11-01 00:20:47 -04:00 |
|
Daniel Micay
|
d5ed786d2a
|
add minimal Permissions Policy as a starting point
|
2022-10-17 22:27:09 -04:00 |
|
Daniel Micay
|
4f1aa5bceb
|
increase resolver timeout
|
2022-10-12 16:30:25 -04:00 |
|
Daniel Micay
|
a1997d89c4
|
rename conn limit memory zone
|
2022-10-01 12:56:03 -04:00 |
|
Daniel Micay
|
9fbcc9587d
|
update Element web app configuration
|
2022-09-28 12:00:55 -04:00 |
|
Daniel Micay
|
06cd80873f
|
use custom format for access log again
|
2022-09-27 10:27:36 -04:00 |
|
Daniel Micay
|
0e16b5798b
|
reduce HTTP/2 chunk size to match TLS record size
|
2022-09-26 13:14:40 -04:00 |
|
Daniel Micay
|
9ed069073c
|
use syslog (journald) for nginx access log
|
2022-09-25 14:18:13 -04:00 |
|
Daniel Micay
|
7b8a505d17
|
reduce keepalive requests
|
2022-09-24 11:53:02 -04:00 |
|
Daniel Micay
|
9cdf30c08c
|
reduce connection limit to 128
|
2022-09-24 11:27:15 -04:00 |
|
Daniel Micay
|
0bcd3cdca3
|
reduce HTTP/2 concurrent streams to 16
|
2022-09-24 11:22:11 -04:00 |
|
Daniel Micay
|
46ca28258f
|
reduce max client header buffer size
|
2022-09-24 11:11:01 -04:00 |
|
Daniel Micay
|
913cde9ff2
|
send X-Robots-Tag on errors too
|
2022-08-18 18:11:08 -04:00 |
|
Daniel Micay
|
e7885e1b87
|
fix backup timestamps
|
2022-08-11 18:17:24 -04:00 |
|
Daniel Micay
|
a5c257d8a5
|
remove legacy Expect-CT header
|
2022-08-11 17:29:34 -04:00 |
|
Daniel Micay
|
ff010aa945
|
add initial hardening to remote backup service
|
2022-08-11 17:29:31 -04:00 |
|
Daniel Micay
|
db209e53b4
|
move systemd units to subdirectory
|
2022-08-11 17:29:24 -04:00 |
|
Daniel Micay
|
36d1b69e6b
|
move systemd units to subdirectory
|
2022-08-11 13:05:24 -04:00 |
|
Daniel Micay
|
5a4b71ed29
|
extend matterbridge service hardening
|
2022-08-09 07:42:11 -04:00 |
|
Daniel Micay
|
28c063bdc2
|
add RemoveIPC=true since systemd lints for it
This isn't useful due to PrivateIPC=true but there's no harm in
including it to satisfy the security linter.
|
2022-08-09 05:01:28 -04:00 |
|
Daniel Micay
|
84cfdcfe4d
|
strip path prefix from backup tarballs
|
2022-08-07 08:10:45 -04:00 |
|
Daniel Micay
|
be7a6c9187
|
use modern option style for tar
|
2022-08-07 08:09:46 -04:00 |
|
Daniel Micay
|
fa61606984
|
add Origin-Agent-Cluster header
|
2022-07-30 20:13:28 -04:00 |
|
Daniel Micay
|
53f0d30d1b
|
add cloud-archive-password.txt to gitignore
|
2022-07-22 17:05:18 -04:00 |
|
Daniel Micay
|
8a1b9cdb63
|
use batch CPU scheduling policy for backups
|
2022-07-22 02:16:36 -04:00 |
|
Daniel Micay
|
7054e7c09f
|
add backup scripts and systemd units
|
2022-07-22 00:40:20 -04:00 |
|
Daniel Micay
|
989ed9718c
|
add backup directory and keys to gitignore
|
2022-07-21 23:43:17 -04:00 |
|
Daniel Micay
|
7c45014149
|
drop unused PATH setup
|
2022-07-18 18:19:25 -04:00 |
|
Daniel Micay
|
bb45adb3f7
|
freeze python dependency versions
|
2022-07-18 17:26:47 -04:00 |
|
Daniel Micay
|
0a81e35a23
|
activate venv automatically
|
2022-07-18 17:24:00 -04:00 |
|
Daniel Micay
|
d724296a89
|
add venv to gitignore
|
2022-07-18 17:00:30 -04:00 |
|
Daniel Micay
|
90d542e2f4
|
stop setting CORP header for synapse API for now
|
2022-07-13 13:04:46 -04:00 |
|
Daniel Micay
|
9b19b811ac
|
only AF_INET6 is required for mjolnir
|
2022-07-11 19:50:21 -04:00 |
|
Daniel Micay
|
6835a0bffb
|
set NODE_ENV=production for mjolnir
|
2022-07-10 17:37:39 -04:00 |
|
Daniel Micay
|
69b0ff7bb3
|
move nginx status API to socket
|
2022-07-02 12:38:33 -04:00 |
|
Daniel Micay
|
bac4280478
|
add gixy to deploy script
|
2022-06-28 00:03:13 -04:00 |
|
Daniel Micay
|
11579e87ca
|
reduce proxy send timeout
|
2022-06-27 23:58:50 -04:00 |
|
Daniel Micay
|
12d81c7885
|
use standard GrapheneOS mime.types
|
2022-06-26 17:51:01 -04:00 |
|
Daniel Micay
|
30209020a7
|
raise expected nginx version
|
2022-06-10 19:40:32 -04:00 |
|
Daniel Micay
|
9feb6f9d14
|
enable pinning feature for Element
|
2022-06-10 19:39:40 -04:00 |
|
Daniel Micay
|
0c46ce2027
|
deploy nginx snippets
|
2022-06-09 18:50:24 -04:00 |
|
dependabot[bot]
|
cd8acd3b69
|
Bump actions/setup-python from 3 to 4
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v3...v4)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-06-09 03:32:41 -04:00 |
|
Daniel Micay
|
3ff1fe54a9
|
add mjolnir systemd unit
|
2022-05-14 16:11:11 -04:00 |
|
Daniel Micay
|
c7f189ba29
|
add nginx mime.types configuration to deployment
|
2022-05-12 17:16:07 -04:00 |
|
Daniel Micay
|
2120e77103
|
improve flock error message
|
2022-05-08 05:45:52 -04:00 |
|
Daniel Micay
|
50570dc8a1
|
use new rsync fsync parameter
|
2022-05-05 02:22:36 -04:00 |
|
Daniel Micay
|
04fa0a2224
|
add file locking to deploy/process scripts
|
2022-05-05 00:26:23 -04:00 |
|