From 19994e328682431ba49af8815ea358d9ade3aa0c Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Tue, 21 Feb 2023 17:54:39 +0200 Subject: [PATCH] run prettier --- CITATION.cff | 2 +- README.md | 15 +++-- Windows/10to11/README.md | 14 ++--- Windows/DoH/README.md | 24 ++++---- Windows/IPv6.reg.markdown | 8 +-- Windows/Windows.reg.markdown | 40 +++++++------- Windows/time/README.md | 35 ++++++------ conf/sway/README.md | 32 +++++------ conf/sway/config.d/README.md | 30 +++++----- conf/waybar/config.json | 46 ++++++++++------ conf/waybar/style.css | 76 +++++++++++++------------- etc/chrony/README.md | 17 +++--- etc/dnscrypt-proxy/README.md | 6 +- etc/nginx/README.md | 27 +++++---- etc/pipewire/media-session.d/README.md | 14 ++--- etc/pkcs11/modules/README.md | 4 +- etc/ssh/sshd_config.d/README.md | 2 +- etc/systemd/resolved.conf.d/README.md | 22 ++++---- etc/systemd/system/README.md | 10 ++-- etc/systemd/system/ipv6/README.md | 5 +- etc/systemd/system/sailfish/README.md | 2 +- etc/xdg/autostart/README.md | 15 +++-- etc/yum.repos.d/README.md | 10 ++-- var/lib/iwd/README.md | 14 ++--- 24 files changed, 238 insertions(+), 232 deletions(-) diff --git a/CITATION.cff b/CITATION.cff index c9171c48..ec677ca8 100644 --- a/CITATION.cff +++ b/CITATION.cff @@ -12,6 +12,6 @@ authors: family-names: Suomalainen email: suomalainen+git@mikaela.info - given-names: git shortlog -sne -repository-code: 'https://gitea.blesmrt.net/Mikaela/shell-things' +repository-code: "https://gitea.blesmrt.net/Mikaela/shell-things" abstract: dotfiles license: BSD-3-Clause diff --git a/README.md b/README.md index a424468e..c5ef707d 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,12 @@ Config files that I wish to have everywhere. You could probably call this repository as dotfiles, but historical reasons... -Directories explained -===================== +# Directories explained -* .mikaela — files that most likely aren't suitable for places where other +- .mikaela — files that most likely aren't suitable for places where other people than me have access too -* Windows — files releated to Windows -* conf — config files like .tmux.conf -* etc — /etc/ -* gpg — GNU Privacy Guard config files, ~/.gnupg/ -* rc — bashrc, zshrc, vimrc and apparently \*init files… +- Windows — files releated to Windows +- conf — config files like .tmux.conf +- etc — /etc/ +- gpg — GNU Privacy Guard config files, ~/.gnupg/ +- rc — bashrc, zshrc, vimrc and apparently \*init files… diff --git a/Windows/10to11/README.md b/Windows/10to11/README.md index 9e5649e3..b2f0e7a2 100644 --- a/Windows/10to11/README.md +++ b/Windows/10to11/README.md @@ -2,7 +2,7 @@ ## WARNING -* READ FIRST: [Microsoft: Installing Windows 11 on devices that don't meet minimum system requirements](https://support.microsoft.com/windows/installing-windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1) +- READ FIRST: [Microsoft: Installing Windows 11 on devices that don't meet minimum system requirements](https://support.microsoft.com/windows/installing-windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1) This is not supported by Microsoft, most of the methods listed here didn't work for me on the first system I updated, Windows is not my primary operating @@ -14,19 +14,19 @@ affect me. Sedric, Tassu and Zaldaryn have no TPM or currently supported CPU, while the health check app says they are only two to six years old. -* https://github.com/AveYo/MediaCreationTool.bat +- https://github.com/AveYo/MediaCreationTool.bat ## Registry files here I think the first method is likely the best, but I cannot rule these working on another system out yet. They didn't work on my first system tried. -* `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft +- `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft recommendation and the only one that should be used. If after reboot nothing happens, maybe try the rest rebooting every failure. - * https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e -* `01-LabConfig.reg` - widely reported to work -* `01-Setup.reg` - ^ -* `02-DevRing.reg` - after joining the Insider program, this should enforce + - https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e +- `01-LabConfig.reg` - widely reported to work +- `01-Setup.reg` - ^ +- `02-DevRing.reg` - after joining the Insider program, this should enforce joining to Dev ring which should offer Windows 11 instantly. It may be advisable to leave after successful update. diff --git a/Windows/DoH/README.md b/Windows/DoH/README.md index f68cc1cb..afd759bb 100644 --- a/Windows/DoH/README.md +++ b/Windows/DoH/README.md @@ -2,25 +2,25 @@ Requires Windows 11. -* `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it +- `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it didn't seem to work for me or it allowed me to set the DNS server to not use DoH. -* `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses +- `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses that Windows 11 isn't shipping by default, currently: - * Adguard - * Cloudflare antimalware - * DNS0 (& Zero) - * Mullvad - * Mullvad Adblock - * Quad9 ECS (Windows 11 defaults include Quad9 default) + - Adguard + - Cloudflare antimalware + - DNS0 (& Zero) + - Mullvad + - Mullvad Adblock + - Quad9 ECS (Windows 11 defaults include Quad9 default) ## Configuration Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over HTTPS can be enabled for: -* All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit` - * Same place for Ethernet etc. -* Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit` - * Note: if the all networks one is configured, there is a warning about it not being used. +- All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit` + - Same place for Ethernet etc. +- Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit` + - Note: if the all networks one is configured, there is a warning about it not being used. diff --git a/Windows/IPv6.reg.markdown b/Windows/IPv6.reg.markdown index ad8c3956..0e72122a 100644 --- a/Windows/IPv6.reg.markdown +++ b/Windows/IPv6.reg.markdown @@ -1,8 +1,8 @@ Some kind of explaining for [IPv6.reg](IPv6.reg) like [Windows.reg](Windows.reg) which includes this file has. -* Resolve IPv6 even without native connectivity. -* Enable Teredo - * As EnterpriseClient so it also works when joined into domain. -* Use `teredo.trex.fi` as Teredo server. This should be replaced with +- Resolve IPv6 even without native connectivity. +- Enable Teredo + - As EnterpriseClient so it also works when joined into domain. +- Use `teredo.trex.fi` as Teredo server. This should be replaced with something that is as near as possible. diff --git a/Windows/Windows.reg.markdown b/Windows/Windows.reg.markdown index cde4620d..9a2d10b7 100644 --- a/Windows/Windows.reg.markdown +++ b/Windows/Windows.reg.markdown @@ -7,11 +7,11 @@ Windows Registry Editor Version 5.00 "ConsentPromptBehaviorUser"=dword:00000001 ``` -* Make the file Windows Registry Editor script -* Ask admins for password/PIN in UAC - * 2 would ask for yes or no, 0 disable entirely (don't do that). -* prompt standard users for username and password. 2021-12-19: I don't understand this or the line below. - * The other option (1) doesn't even give them UAC prompt so you must +- Make the file Windows Registry Editor script +- Ask admins for password/PIN in UAC + - 2 would ask for yes or no, 0 disable entirely (don't do that). +- prompt standard users for username and password. 2021-12-19: I don't understand this or the line below. + - The other option (1) doesn't even give them UAC prompt so you must always login as admin to do anything. ``` @@ -24,13 +24,13 @@ Windows Registry Editor Version 5.00 "EnableFirstLogonAnimation"=dword:00000000 ``` -* Display the user list. -* Allows shutdown without being logged in -* Allows undocking without logging in -* Shows verbose information on login (starting service...) -* Shows output of startup scripts -* Shows output of shutdown scripts -* Disables the first logon animation on Windows 8 and newer +- Display the user list. +- Allows shutdown without being logged in +- Allows undocking without logging in +- Shows verbose information on login (starting service...) +- Shows output of startup scripts +- Shows output of shutdown scripts +- Disables the first logon animation on Windows 8 and newer ``` [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation] @@ -38,16 +38,16 @@ Windows Registry Editor Version 5.00 "RealTimeIsUniversal"=qword:00000001 ``` -* Sets hardware clock to UTC time (doesn't affect system clock!) - * qword for 64-bit, dword for 32-bit systems. The actual reg file has - only qword as I haven't seen 32-bit Windowses lately. +- Sets hardware clock to UTC time (doesn't affect system clock!) + - qword for 64-bit, dword for 32-bit systems. The actual reg file has + only qword as I haven't seen 32-bit Windowses lately. ``` [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters] "AddrConfigControl"=dword:00000000 ``` -* be able to resolve IPv6 even when connection isn't native. +- be able to resolve IPv6 even when connection isn't native. ``` [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition] @@ -56,13 +56,13 @@ Windows Registry Editor Version 5.00 "Teredo_ServerName"="teredo.trex.fi" ``` -* Enable Teredo -* Enable Teredo even when joined to domain. -* Use `teredo.trex.fi` as Teredo server as it's in Finland where I am. +- Enable Teredo +- Enable Teredo even when joined to domain. +- Use `teredo.trex.fi` as Teredo server as it's in Finland where I am. ``` [HKEY_USERS\.DEFAULT\Control Panel\Keyboard] "InitialKeyboardIndicators"="2147483650" ``` -* Enable numlock on boot. +- Enable numlock on boot. diff --git a/Windows/time/README.md b/Windows/time/README.md index 439c7f98..d509fbff 100644 --- a/Windows/time/README.md +++ b/Windows/time/README.md @@ -6,33 +6,32 @@ w32tm /resync w32tm /query /peers ``` -* The list is space separated NTP servers, while I think Windows uses SNTP instead +- The list is space separated NTP servers, while I think Windows uses SNTP instead of NTP. -* `/resync` may sync current time, but is also required for the GUI +- `/resync` may sync current time, but is also required for the GUI (Windows + I, Date & time) and following command to get aware of peers. -* Shows where time is synced from and statistics. - * There is also `net time` to sync, I am unsure of the differences while +- Shows where time is synced from and statistics. + - There is also `net time` to sync, I am unsure of the differences while that may be blocked while the second keeps working. It may also not show all the peers, just the primary one, while `w32tm` is more verbose and has all of them. -* As Windows doesn't support NTS and probably won't in near future, there is +- As Windows doesn't support NTS and probably won't in near future, there is no point in listing distant foreign servers. - ## Variations Variations of the timeserver setting command to be kept at hand ### DNA -*Including Moi* +_Including Moi_ ``` w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp.dnainternet.fi time.mikes.fi time1.mikes.fi time2.mikes.fi time3.mikes.fi pool.ntp.org" ``` -* https://www.dna.fi/liikennerajoitukset -* https://asiakaspalvelu.moi.fi/hc/fi/articles/360029789832-Mitk%C3%A4-ovat-Moin-palvelinosoitteet- +- https://www.dna.fi/liikennerajoitukset +- https://asiakaspalvelu.moi.fi/hc/fi/articles/360029789832-Mitk%C3%A4-ovat-Moin-palvelinosoitteet- ### Elisa @@ -40,22 +39,22 @@ w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp.dna w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp1.kolumbus.fi ntp2.kolumbus.fi ntp.saunalahti.fi time.mikes.fi time1.mikes.fi time2.mikes.fi time3.mikes.fi pool.ntp.org" ``` -* https://elisa.fi/asiakaspalvelu/ohje/tiedonsiirtoportit-porttiohjaukset-palvelimet/ +- https://elisa.fi/asiakaspalvelu/ohje/tiedonsiirtoportit-porttiohjaukset-palvelimet/ ## Information about servers -* https://www.cloudflare.com/time/ -* https://www.netnod.se/nts/network-time-security -* https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen -* https://www.ntppool.org/use.html - * Also mentions the syntax for multiple servers, but considering this Elisa +- https://www.cloudflare.com/time/ +- https://www.netnod.se/nts/network-time-security +- https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen +- https://www.ntppool.org/use.html + - Also mentions the syntax for multiple servers, but considering this Elisa list has so many servers I am only picking one pool address just in case the others somehow fail. ## Additional reading -* Above links -* https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/ - * this file might not exist without this post, while it doesn't mention +- Above links +- https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/ + - this file might not exist without this post, while it doesn't mention multiple servers, uses `time.windows.com` and I am yet to actually touch NTP on Windows Server environment. diff --git a/conf/sway/README.md b/conf/sway/README.md index b2692fb1..a07a3d48 100644 --- a/conf/sway/README.md +++ b/conf/sway/README.md @@ -6,11 +6,11 @@ but as I love include directives, a lot is in the config.d. ## Themes -My i3 config says that on Debian the packages are: +My i3 config says that on Debian the packages are: `sudo apt install lxappearance gtk-chtheme qt4-qtconfig qt5ct` The source for that is marked as https://askubuntu.com/a/600946 -Additionally apparently my `~/.xprofile` specifies `GTK_THEME` which +Additionally apparently my `~/.xprofile` specifies `GTK_THEME` which I have hoped to get get detected/understood by browsers etc, but I think I decided to not import that to Sway which naturally doesn't read xprofile. @@ -21,11 +21,11 @@ Apparently Adwaita must be set to dark theme in `gnome-control-center` Using the same apps and `gnome-tweaks` (as there are probably a lot of methods setting fonts): -* User-interface text: Noto Serif Regular 10 -* Document text: Noto Serif Regular 11 -* Monospace text: Noto Sans Mono Regular 10 -* Legacy window title text: Noto Serif Bold 11 - * Apparently this means "apps that don't use client-side decorations" +- User-interface text: Noto Serif Regular 10 +- Document text: Noto Serif Regular 11 +- Monospace text: Noto Sans Mono Regular 10 +- Legacy window title text: Noto Serif Bold 11 + - Apparently this means "apps that don't use client-side decorations" The number behind is obviously the number and it's based on what were the defaults before I touched them so I am hoping GNOME knows what they are @@ -41,10 +41,10 @@ have trouble handling it, e.g. mpv (makes Ä and Ö and Å all Å) and Firefox Other font settings in GNOME-Tweak: -* Hinting: *a bit* - * for no particular reason -* Antialiasing: *Subpixel (for LCD-displays)* - * I have no idea where there are "standard grayscale" displays that aren't +- Hinting: _a bit_ + - for no particular reason +- Antialiasing: _Subpixel (for LCD-displays)_ + - I have no idea where there are "standard grayscale" displays that aren't LCD. ### Screen mirroring @@ -53,9 +53,9 @@ Other font settings in GNOME-Tweak: Workarounds: -* Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash)) -* Do something weird with OBS -* Use a dedicated application that don't seem to be in Fedora repos, flatpak +- Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash)) +- Do something weird with OBS +- Use a dedicated application that don't seem to be in Fedora repos, flatpak or snap. - * [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror) - * [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror) + - [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror) + - [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror) diff --git a/conf/sway/config.d/README.md b/conf/sway/config.d/README.md index 143474a2..864c0a09 100644 --- a/conf/sway/config.d/README.md +++ b/conf/sway/config.d/README.md @@ -4,24 +4,24 @@ Thus this `README.md` is not read, even if I happened to carelessly copy-paste it in. -* `autostart-communication.conf` - chat/communication apps I am expected to have +- `autostart-communication.conf` - chat/communication apps I am expected to have open or at least check at times -* `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key -* `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc. -* `grimshot.conf` - screenshotting keybinds using `grimshot` -* `i3-selenized-dark.conf` - selenized dark colour scheme -* `keyboard.conf` - keyboard configuration -* `media.conf` - media key configuration and autostarts related to it -* `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration +- `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key +- `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc. +- `grimshot.conf` - screenshotting keybinds using `grimshot` +- `i3-selenized-dark.conf` - selenized dark colour scheme +- `keyboard.conf` - keyboard configuration +- `media.conf` - media key configuration and autostarts related to it +- `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration profile to `flat` -* `README.md` - you are currently reading this :wink: -* `sedric.conf` - configuration specific to my laptop hostnamed `sedric` -* `swaybar.conf` - `swaybar` configuration -* `swayidle.conf` - `swayidle` configuration/autostart -* `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when +- `README.md` - you are currently reading this :wink: +- `sedric.conf` - configuration specific to my laptop hostnamed `sedric` +- `swaybar.conf` - `swaybar` configuration +- `swayidle.conf` - `swayidle` configuration/autostart +- `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when I happen to visit for longer period of time -* `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood -* `zz-floating.conf` - configures windows that should float. For some reason +- `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood +- `zz-floating.conf` - configures windows that should float. For some reason that is inherited from my `i3` config, it tells to put float rules above the last line, so it should be read last and `z` is the last letter of English alphabet so it will hopefully be read last. diff --git a/conf/waybar/config.json b/conf/waybar/config.json index bdc10691..823aca6f 100644 --- a/conf/waybar/config.json +++ b/conf/waybar/config.json @@ -2,7 +2,17 @@ "layer": "top", "position": "left", "modules-left": ["sway/workspaces", "sway/mode"], - "modules-right": ["cpu", "memory", "battery", "pulseaudio", "sway/language", "network", "bluetooth", "tray", "clock"], + "modules-right": [ + "cpu", + "memory", + "battery", + "pulseaudio", + "sway/language", + "network", + "bluetooth", + "tray", + "clock" + ], "sway/window": { "max-length": 50 }, @@ -12,10 +22,10 @@ "memory": { "format": "RAM {percentage}%" }, -"bluetooth": { - "format": "BT {status}", - "format-connected": "BT {device_alias}", - "format-connected-battery": "BT {device_alias} {device_battery_percentage}%" + "bluetooth": { + "format": "BT {status}", + "format-connected": "BT {device_alias}", + "format-connected-battery": "BT {device_alias} {device_battery_percentage}%" }, "pulseaudio": { "format": "VOL {volume}%", @@ -26,25 +36,25 @@ "states": { "warning": 45, "critical": 20 - }, + }, "format": "BAT {capacity}%" }, "sway/language": { "format": "KBD {short} {variant}", "on-click": "swaymsg input type:keyboard xkb_switch_layout next" }, -"network": { - //"interface": "wlan0", - "format": "{ifname}", - "format-wifi": "{frequency}G {signalStrength}% {essid}", - "format-ethernet": "{ifname} up", - "format-disconnected": "", - "tooltip-format": "{ifname}", - "tooltip-format-wifi": "{frequency}G {signalStrength}% {essid}", - "tooltip-format-ethernet": "{ifname} up", - "tooltip-format-disconnected": "Disconnected", - "max-length": 50 -}, + "network": { + //"interface": "wlan0", + "format": "{ifname}", + "format-wifi": "{frequency}G {signalStrength}% {essid}", + "format-ethernet": "{ifname} up", + "format-disconnected": "", + "tooltip-format": "{ifname}", + "tooltip-format-wifi": "{frequency}G {signalStrength}% {essid}", + "tooltip-format-ethernet": "{ifname} up", + "tooltip-format-disconnected": "Disconnected", + "max-length": 50 + }, "clock": { "format": "{:%a. %d.\n%b.\n%Y-%j\n%G-W%V-%u\n%F\n%H.%M.%S}" } diff --git a/conf/waybar/style.css b/conf/waybar/style.css index 08776a76..6b8230ff 100644 --- a/conf/waybar/style.css +++ b/conf/waybar/style.css @@ -1,75 +1,77 @@ /* https://github.com/jan-warchol/selenized/blob/master/other-apps/wofi/selenized-dark.css */ * { - border: none; - border-radius: 0; - font-family: Noto Sans Mono Regular, monospace; - font-size: 10px; - min-height: 0; + border: none; + border-radius: 0; + font-family: Noto Sans Mono Regular, monospace; + font-size: 10px; + min-height: 0; } window#waybar { - background: #103c48; - border-bottom: 3px solid rgba(100, 114, 125, 0.5); - color: white; + background: #103c48; + border-bottom: 3px solid rgba(100, 114, 125, 0.5); + color: white; } tooltip { - background: rgba(43, 48, 59, 0.5); - border: 1px solid rgba(100, 114, 125, 0.5); + background: rgba(43, 48, 59, 0.5); + border: 1px solid rgba(100, 114, 125, 0.5); } tooltip label { - color: white; + color: white; } #workspaces button { - padding: 0 5px; - background: #103c48; - color: white; - border-bottom: 3px solid #103c48; + padding: 0 5px; + background: #103c48; + color: white; + border-bottom: 3px solid #103c48; } #workspaces button.focused { - background: #64727D; - border-bottom: 3px solid white; + background: #64727d; + border-bottom: 3px solid white; } -#mode, #clock, #battery { - padding: 0 10px; +#mode, +#clock, +#battery { + padding: 0 10px; } #mode { - background: #103c48; - border-bottom: 3px solid white; + background: #103c48; + border-bottom: 3px solid white; } #clock { - background-color: #103c48; + background-color: #103c48; } #battery { - background-color: #103c48; - color: white; + background-color: #103c48; + color: white; } #battery.charging { - color: white; - background-color: #103c48; + color: white; + background-color: #103c48; } @keyframes blink { - to { - background-color: #103c48; - color: white; - } + to { + background-color: #103c48; + color: white; + } } #battery.warning:not(.charging) { - background: #f53c3c; - color: white; - animation-name: blink; - animation-duration: 0.5s; - animation-timing-function: linear; - animation-iteration-count: infinite; - animation-direction: alternate; + background: #f53c3c; + color: white; + animation-name: blink; + animation-duration: 0.5s; + animation-timing-function: linear; + animation-iteration-count: infinite; + animation-direction: alternate; } diff --git a/etc/chrony/README.md b/etc/chrony/README.md index 1615028b..9cf00ea1 100644 --- a/etc/chrony/README.md +++ b/etc/chrony/README.md @@ -25,23 +25,22 @@ assume that means 2. Note: -N uses names specified in config instead of reverse name lookupping then. -* `chrony -N activity` - what sources are doing -* `chrony -N authdata` - can show that server uses NTS -* `chrony -N ntpdata` - a lot of data on the servers -* `chronyc offline` - offline mode -* `chronyc online` - reconnects servers -* `chrony -N sources` - used timeservers and their statuses -* `chrony -N tracking` - local status (stratum and own clock etc.) - +- `chrony -N activity` - what sources are doing +- `chrony -N authdata` - can show that server uses NTS +- `chrony -N ntpdata` - a lot of data on the servers +- `chronyc offline` - offline mode +- `chronyc online` - reconnects servers +- `chrony -N sources` - used timeservers and their statuses +- `chrony -N tracking` - local status (stratum and own clock etc.) ### nmap - Checking that something is an NTP server? Needs root: ``` nmap -sU -p 123 --script=ntp-info 192.168.0.1 ``` + Checking that something has NTS? ``` diff --git a/etc/dnscrypt-proxy/README.md b/etc/dnscrypt-proxy/README.md index e2e20277..30a2b40c 100644 --- a/etc/dnscrypt-proxy/README.md +++ b/etc/dnscrypt-proxy/README.md @@ -12,6 +12,6 @@ but that way you must trust DNSSEC, CloudFlare and wherever the CNAME points to who may not have DNSSEC. If you are using this file (you shouldn't), you are already trusting me. -[dnscrypt-proxy]:https://github.com/jedisct1/dnscrypt-proxy -[Hyperboria]:https://hyperboria.net/ -[Yggdrasil]:https://yggdrasil-network.github.io/ +[dnscrypt-proxy]: https://github.com/jedisct1/dnscrypt-proxy +[hyperboria]: https://hyperboria.net/ +[yggdrasil]: https://yggdrasil-network.github.io/ diff --git a/etc/nginx/README.md b/etc/nginx/README.md index 35c593c8..c869eb4e 100644 --- a/etc/nginx/README.md +++ b/etc/nginx/README.md @@ -1,25 +1,24 @@ Useful nginx files that I will probably need and which I will forget if I cannot read them from here. -* * * * * +--- ## FUTURE WARNING These files may age badly, so here are some hopefully timeless pointers: -* Generate the config file with https://ssl-config.mozilla.org/ (and if +- Generate the config file with https://ssl-config.mozilla.org/ (and if time eats it, try https://github.com/mozilla/ssl-config-generator/ in - hope of finding where it is now. - * Name it 00-something so it will be the first file read and make - everything a different file. -* If using my acmesh-ssl.bash script, the files to fill should be like: + hope of finding where it is now. \* Name it 00-something so it will be the first file read and make + everything a different file. +- If using my acmesh-ssl.bash script, the files to fill should be like: (the script runs `$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"`) -* `ssl_certificate`, `ssl_trusted_certificate` are `cert.pem` -* `ssl_certificate_key` is `key.pem` +- `ssl_certificate`, `ssl_trusted_certificate` are `cert.pem` +- `ssl_certificate_key` is `key.pem` -The header syntax is following, ***THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP*** +The header syntax is following, **_THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP_** ``` add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; @@ -33,12 +32,12 @@ The CSP comes from `HEAD "http://[::]:9000/#/chan-1"` to figure out what TheLounge would be setting without a reverse proxy in front of it. `HEAD` is in Debian package `libwww-perl` -* Refer to tester tools to see if the configuration is fine: - * https://observatory.mozilla.org/ - * https://securityheaders.com/ - * https://www.ssllabs.com/ssltest/ +- Refer to tester tools to see if the configuration is fine: + - https://observatory.mozilla.org/ + - https://securityheaders.com/ + - https://www.ssllabs.com/ssltest/ -* * * * * +--- ## Arch diff --git a/etc/pipewire/media-session.d/README.md b/etc/pipewire/media-session.d/README.md index 6a64f8b7..bf4f88ac 100644 --- a/etc/pipewire/media-session.d/README.md +++ b/etc/pipewire/media-session.d/README.md @@ -7,11 +7,11 @@ marking the headset as "Pro-audio" in pavucontrol Settings tab and adjusting one from `alsamixer` is enough to fix it. In `alsamixer` having it as pro-audio exposes the sound card in F6 known as -*Logitech USB Headset* and there I see two siliders, *Headphone* and *Mic*, -*Headphone* can apparently be 100 and *Mic* muted when not in use to avoid +_Logitech USB Headset_ and there I see two siliders, _Headphone_ and _Mic_, +_Headphone_ can apparently be 100 and _Mic_ muted when not in use to avoid it echoing back. -* * * * * +--- The old pulseaudio fix for less than 20 % volume being unhearable is editing `alsa-monitor.conf` and uncommenting `api.alsa.ignore-dB = true` @@ -32,10 +32,10 @@ don't exist by default anymore, they need to be copied and edited separately See also: -* https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220 - * marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207 +- https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220 + - marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207 ## Bluetooth -* https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html - * https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html +- https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html + - https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html diff --git a/etc/pkcs11/modules/README.md b/etc/pkcs11/modules/README.md index af92a224..a25a0680 100644 --- a/etc/pkcs11/modules/README.md +++ b/etc/pkcs11/modules/README.md @@ -1,7 +1,7 @@ Central configuration for PKCS#11 plugin using software and smartcards. -* https://digisaatio.fi/wiki/P11-kit -* https://www.systutorials.com/docs/linux/man/5-pkcs11.conf/ +- https://digisaatio.fi/wiki/P11-kit +- https://www.systutorials.com/docs/linux/man/5-pkcs11.conf/ Remember also [my FINEID notes in the gist/ repo](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/fineid) diff --git a/etc/ssh/sshd_config.d/README.md b/etc/ssh/sshd_config.d/README.md index d8704f69..fb2e88a3 100644 --- a/etc/ssh/sshd_config.d/README.md +++ b/etc/ssh/sshd_config.d/README.md @@ -1,6 +1,6 @@ sshd_config should include something like -Include /etc/ssh/sshd_config.d/*.conf +Include /etc/ssh/sshd_config.d/\*.conf NOTE: This became supported only at OpenSSHd 8.2 on 2020-02-14. https://www.openssh.com/txt/release-8.2 diff --git a/etc/systemd/resolved.conf.d/README.md b/etc/systemd/resolved.conf.d/README.md index 1fdd63e5..16e9c781 100644 --- a/etc/systemd/resolved.conf.d/README.md +++ b/etc/systemd/resolved.conf.d/README.md @@ -11,24 +11,24 @@ sudo systemctl restart systemd-resolved ## Files explained -* `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as +- `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as systemd-resolved doesn't handle it properly), enables opportunistic DoT and caching. -* `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If +- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If captive portals are a concern, `DNSOverTLS=no`. -* `README.md` - you are reading it right now. +- `README.md` - you are reading it right now. ## General commentary -* Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however +- Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however at the time of writing this README.md, the current version is Ubuntu 20.04.0) (systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in v243 (big improvements in v244). - * TODO: find out when SNI became supported, I have just spotted it in the + - TODO: find out when SNI became supported, I have just spotted it in the fine manual in 2020-06-??. -* Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd +- Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd without which I wouldn't have got this right. -* DNSSEC may not work if the system is down for a long time and not updated. +- DNSSEC may not work if the system is down for a long time and not updated. Thus `allow-downgrade` may be better for non-tech people, even with the potential downgrade attack. There are also captive portals, affecting `DNSOverTLS`. Both take `yes` or `no` or their own special option, @@ -36,7 +36,7 @@ sudo systemctl restart systemd-resolved Other links I have found important and my files are based on: -* https://wiki.archlinux.org/index.php/Systemd-resolved - * Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867 -* request for strict DOT: https://github.com/systemd/systemd/issues/10755 -* vulnerable to MITM: https://github.com/systemd/systemd/issues/9397 +- https://wiki.archlinux.org/index.php/Systemd-resolved + - Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867 +- request for strict DOT: https://github.com/systemd/systemd/issues/10755 +- vulnerable to MITM: https://github.com/systemd/systemd/issues/9397 diff --git a/etc/systemd/system/README.md b/etc/systemd/system/README.md index a3a937bf..a28c3b8d 100644 --- a/etc/systemd/system/README.md +++ b/etc/systemd/system/README.md @@ -3,13 +3,13 @@ subdirectories. The sudirectories won't exist in the real `/etc/systemd/system` unless they end `.wants` or `.d` or something similar and I forget to update this README file if that happens. -* reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector +- reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector but uses https instead of http, because there is no reason I would want someone to see what I download. ## Worth reading -* Waiting for network devices to have IP address (**I only use this for -cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme - * systemctl enable NetworkManager-wait-online.service - * systemctl enable systemd-networkd-wait-online.service +- Waiting for network devices to have IP address (**I only use this for + cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme + _ systemctl enable NetworkManager-wait-online.service + _ systemctl enable systemd-networkd-wait-online.service diff --git a/etc/systemd/system/ipv6/README.md b/etc/systemd/system/ipv6/README.md index 03904876..d3c11804 100644 --- a/etc/systemd/system/ipv6/README.md +++ b/etc/systemd/system/ipv6/README.md @@ -1,9 +1,8 @@ The IPv6 files are copied from https://www.reddit.com/r/raspberry_pi/comments/14vcpz/rpi_as_an_ipv6_router_using_a_sixxs_tunnel_and/ and they are here because they were my biggest difficulty with having Arch -on Pi as IPv6 router. - * Also helpful - https://wiki.archlinux.org/index.php/IPv6_tunnel_broker_setup +on Pi as IPv6 router. \* Also helpful +https://wiki.archlinux.org/index.php/IPv6_tunnel_broker_setup Miredo.service again is edited from what Arch & Debian ship so it starts after there is already network connectivity and Unbound is running diff --git a/etc/systemd/system/sailfish/README.md b/etc/systemd/system/sailfish/README.md index d8ab279c..75114e4c 100644 --- a/etc/systemd/system/sailfish/README.md +++ b/etc/systemd/system/sailfish/README.md @@ -2,5 +2,5 @@ Services in this directory are meant for my Jolla Phone which runs Sailfish OS. It doesn't have cron, so I tried the nearest equivalent that is there out-of-box, systemd timers. -* aliendalvik-stopper again stops android support hourly so it won't waste +- aliendalvik-stopper again stops android support hourly so it won't waste battery. diff --git a/etc/xdg/autostart/README.md b/etc/xdg/autostart/README.md index bb5ac426..359d2377 100644 --- a/etc/xdg/autostart/README.md +++ b/etc/xdg/autostart/README.md @@ -1,10 +1,9 @@ -System-wide autostart files -=========================== +# System-wide autostart files -*Note: this directory is also being used as `~/.local/share/applications` - which populates the app menu, my autostart is thankfully not this - populated.* +_Note: this directory is also being used as `~/.local/share/applications` +which populates the app menu, my autostart is thankfully not this +populated._ -* redshift - app that changes screen temperature along the sun -* telegramdesktop - IM app, based on telegram-desktop package -* com.wire.WireDesktop - Wire flatpak based on the flatpak of the same name +- redshift - app that changes screen temperature along the sun +- telegramdesktop - IM app, based on telegram-desktop package +- com.wire.WireDesktop - Wire flatpak based on the flatpak of the same name diff --git a/etc/yum.repos.d/README.md b/etc/yum.repos.d/README.md index bca72f35..c80318f8 100644 --- a/etc/yum.repos.d/README.md +++ b/etc/yum.repos.d/README.md @@ -6,8 +6,8 @@ as the links below. ## Additional repositories -* Begin by `sudo fedora-third-party enable` -* https://github.com/yggdrasil-network/yggdrasil-network.github.io/issues/127#issuecomment-766520311 -* https://www.insynchq.com/ -* https://keybase.io/docs/the_app/install_linux -* https://rpmfusion.org/Configuration +- Begin by `sudo fedora-third-party enable` +- https://github.com/yggdrasil-network/yggdrasil-network.github.io/issues/127#issuecomment-766520311 +- https://www.insynchq.com/ +- https://keybase.io/docs/the_app/install_linux +- https://rpmfusion.org/Configuration diff --git a/var/lib/iwd/README.md b/var/lib/iwd/README.md index d0568f2d..5bf2c5f3 100644 --- a/var/lib/iwd/README.md +++ b/var/lib/iwd/README.md @@ -5,15 +5,15 @@ NetworkManager. Notes: -* `git commit`ing the same SSID with different capitalisations breaks +- `git commit`ing the same SSID with different capitalisations breaks Windows and more common macOS setups due to their filesystems being case-insensitive. -* `Settings.AutoConnect=true` is unnecessary as it defaults to true +- `Settings.AutoConnect=true` is unnecessary as it defaults to true according to `man iwd.network`. -* `IPv6.Enabled=true` defauls to true being also unnecessary. -* `private-home-sample.psk` has a comment on MAC address override and sends - hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC - address and doesn't send hostname. -* The `.open` networks always randomize MAC address too. If a network is +- `IPv6.Enabled=true` defauls to true being also unnecessary. +- `private-home-sample.psk` has a comment on MAC address override and sends + hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC + address and doesn't send hostname. +- The `.open` networks always randomize MAC address too. If a network is private and needs MAC address for captive portal override or something, `private-home-sample.psk` should be adjusted from.