run prettier

This commit is contained in:
Aminda Suomalainen 2023-02-21 17:54:39 +02:00
parent 314b0996af
commit 19994e3286
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
24 changed files with 238 additions and 232 deletions

View File

@ -12,6 +12,6 @@ authors:
family-names: Suomalainen family-names: Suomalainen
email: suomalainen+git@mikaela.info email: suomalainen+git@mikaela.info
- given-names: git shortlog -sne - given-names: git shortlog -sne
repository-code: 'https://gitea.blesmrt.net/Mikaela/shell-things' repository-code: "https://gitea.blesmrt.net/Mikaela/shell-things"
abstract: dotfiles abstract: dotfiles
license: BSD-3-Clause license: BSD-3-Clause

View File

@ -1,13 +1,12 @@
Config files that I wish to have everywhere. You could probably call this Config files that I wish to have everywhere. You could probably call this
repository as dotfiles, but historical reasons... repository as dotfiles, but historical reasons...
Directories explained # Directories explained
=====================
* .mikaela — files that most likely aren't suitable for places where other - .mikaela — files that most likely aren't suitable for places where other
people than me have access too people than me have access too
* Windows — files releated to Windows - Windows — files releated to Windows
* conf — config files like .tmux.conf - conf — config files like .tmux.conf
* etc — /etc/ - etc — /etc/
* gpg — GNU Privacy Guard config files, ~/.gnupg/ - gpg — GNU Privacy Guard config files, ~/.gnupg/
* rc — bashrc, zshrc, vimrc and apparently \*init files… - rc — bashrc, zshrc, vimrc and apparently \*init files…

View File

@ -2,7 +2,7 @@
## WARNING ## WARNING
* READ FIRST: [Microsoft: Installing Windows 11 on devices that don't meet minimum system requirements](https://support.microsoft.com/windows/installing-windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1) - READ FIRST: [Microsoft: Installing Windows 11 on devices that don't meet minimum system requirements](https://support.microsoft.com/windows/installing-windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1)
This is not supported by Microsoft, most of the methods listed here didn't This is not supported by Microsoft, most of the methods listed here didn't
work for me on the first system I updated, Windows is not my primary operating work for me on the first system I updated, Windows is not my primary operating
@ -14,19 +14,19 @@ affect me.
Sedric, Tassu and Zaldaryn have no TPM or currently supported CPU, while Sedric, Tassu and Zaldaryn have no TPM or currently supported CPU, while
the health check app says they are only two to six years old. the health check app says they are only two to six years old.
* https://github.com/AveYo/MediaCreationTool.bat - https://github.com/AveYo/MediaCreationTool.bat
## Registry files here ## Registry files here
I think the first method is likely the best, but I cannot rule these working I think the first method is likely the best, but I cannot rule these working
on another system out yet. They didn't work on my first system tried. on another system out yet. They didn't work on my first system tried.
* `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft - `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
recommendation and the only one that should be used. If after reboot recommendation and the only one that should be used. If after reboot
nothing happens, maybe try the rest rebooting every failure. nothing happens, maybe try the rest rebooting every failure.
* https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e - https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
* `01-LabConfig.reg` - widely reported to work - `01-LabConfig.reg` - widely reported to work
* `01-Setup.reg` - ^ - `01-Setup.reg` - ^
* `02-DevRing.reg` - after joining the Insider program, this should enforce - `02-DevRing.reg` - after joining the Insider program, this should enforce
joining to Dev ring which should offer Windows 11 instantly. It may be joining to Dev ring which should offer Windows 11 instantly. It may be
advisable to leave after successful update. advisable to leave after successful update.

View File

@ -2,25 +2,25 @@
Requires Windows 11. Requires Windows 11.
* `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it - `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
didn't seem to work for me or it allowed me to set the DNS server to not didn't seem to work for me or it allowed me to set the DNS server to not
use DoH. use DoH.
* `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses - `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
that Windows 11 isn't shipping by default, currently: that Windows 11 isn't shipping by default, currently:
* Adguard - Adguard
* Cloudflare antimalware - Cloudflare antimalware
* DNS0 (& Zero) - DNS0 (& Zero)
* Mullvad - Mullvad
* Mullvad Adblock - Mullvad Adblock
* Quad9 ECS (Windows 11 defaults include Quad9 default) - Quad9 ECS (Windows 11 defaults include Quad9 default)
## Configuration ## Configuration
Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
HTTPS can be enabled for: HTTPS can be enabled for:
* All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit` - All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
* Same place for Ethernet etc. - Same place for Ethernet etc.
* Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit` - Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
* Note: if the all networks one is configured, there is a warning about it not being used. - Note: if the all networks one is configured, there is a warning about it not being used.

View File

@ -1,8 +1,8 @@
Some kind of explaining for [IPv6.reg](IPv6.reg) like Some kind of explaining for [IPv6.reg](IPv6.reg) like
[Windows.reg](Windows.reg) which includes this file has. [Windows.reg](Windows.reg) which includes this file has.
* Resolve IPv6 even without native connectivity. - Resolve IPv6 even without native connectivity.
* Enable Teredo - Enable Teredo
* As EnterpriseClient so it also works when joined into domain. - As EnterpriseClient so it also works when joined into domain.
* Use `teredo.trex.fi` as Teredo server. This should be replaced with - Use `teredo.trex.fi` as Teredo server. This should be replaced with
something that is as near as possible. something that is as near as possible.

View File

@ -7,11 +7,11 @@ Windows Registry Editor Version 5.00
"ConsentPromptBehaviorUser"=dword:00000001 "ConsentPromptBehaviorUser"=dword:00000001
``` ```
* Make the file Windows Registry Editor script - Make the file Windows Registry Editor script
* Ask admins for password/PIN in UAC - Ask admins for password/PIN in UAC
* 2 would ask for yes or no, 0 disable entirely (don't do that). - 2 would ask for yes or no, 0 disable entirely (don't do that).
* prompt standard users for username and password. 2021-12-19: I don't understand this or the line below. - prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
* The other option (1) doesn't even give them UAC prompt so you must - The other option (1) doesn't even give them UAC prompt so you must
always login as admin to do anything. always login as admin to do anything.
``` ```
@ -24,13 +24,13 @@ Windows Registry Editor Version 5.00
"EnableFirstLogonAnimation"=dword:00000000 "EnableFirstLogonAnimation"=dword:00000000
``` ```
* Display the user list. - Display the user list.
* Allows shutdown without being logged in - Allows shutdown without being logged in
* Allows undocking without logging in - Allows undocking without logging in
* Shows verbose information on login (starting service...) - Shows verbose information on login (starting service...)
* Shows output of startup scripts - Shows output of startup scripts
* Shows output of shutdown scripts - Shows output of shutdown scripts
* Disables the first logon animation on Windows 8 and newer - Disables the first logon animation on Windows 8 and newer
``` ```
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation]
@ -38,8 +38,8 @@ Windows Registry Editor Version 5.00
"RealTimeIsUniversal"=qword:00000001 "RealTimeIsUniversal"=qword:00000001
``` ```
* Sets hardware clock to UTC time (doesn't affect system clock!) - Sets hardware clock to UTC time (doesn't affect system clock!)
* qword for 64-bit, dword for 32-bit systems. The actual reg file has - qword for 64-bit, dword for 32-bit systems. The actual reg file has
only qword as I haven't seen 32-bit Windowses lately. only qword as I haven't seen 32-bit Windowses lately.
``` ```
@ -47,7 +47,7 @@ Windows Registry Editor Version 5.00
"AddrConfigControl"=dword:00000000 "AddrConfigControl"=dword:00000000
``` ```
* be able to resolve IPv6 even when connection isn't native. - be able to resolve IPv6 even when connection isn't native.
``` ```
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition]
@ -56,13 +56,13 @@ Windows Registry Editor Version 5.00
"Teredo_ServerName"="teredo.trex.fi" "Teredo_ServerName"="teredo.trex.fi"
``` ```
* Enable Teredo - Enable Teredo
* Enable Teredo even when joined to domain. - Enable Teredo even when joined to domain.
* Use `teredo.trex.fi` as Teredo server as it's in Finland where I am. - Use `teredo.trex.fi` as Teredo server as it's in Finland where I am.
``` ```
[HKEY_USERS\.DEFAULT\Control Panel\Keyboard] [HKEY_USERS\.DEFAULT\Control Panel\Keyboard]
"InitialKeyboardIndicators"="2147483650" "InitialKeyboardIndicators"="2147483650"
``` ```
* Enable numlock on boot. - Enable numlock on boot.

View File

@ -6,33 +6,32 @@ w32tm /resync
w32tm /query /peers w32tm /query /peers
``` ```
* The list is space separated NTP servers, while I think Windows uses SNTP instead - The list is space separated NTP servers, while I think Windows uses SNTP instead
of NTP. of NTP.
* `/resync` may sync current time, but is also required for the GUI - `/resync` may sync current time, but is also required for the GUI
(Windows + I, Date & time) and following command to get aware of peers. (Windows + I, Date & time) and following command to get aware of peers.
* Shows where time is synced from and statistics. - Shows where time is synced from and statistics.
* There is also `net time` to sync, I am unsure of the differences while - There is also `net time` to sync, I am unsure of the differences while
that may be blocked while the second keeps working. It may also not that may be blocked while the second keeps working. It may also not
show all the peers, just the primary one, while `w32tm` is more verbose show all the peers, just the primary one, while `w32tm` is more verbose
and has all of them. and has all of them.
* As Windows doesn't support NTS and probably won't in near future, there is - As Windows doesn't support NTS and probably won't in near future, there is
no point in listing distant foreign servers. no point in listing distant foreign servers.
## Variations ## Variations
Variations of the timeserver setting command to be kept at hand Variations of the timeserver setting command to be kept at hand
### DNA ### DNA
*Including Moi* _Including Moi_
``` ```
w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp.dnainternet.fi time.mikes.fi time1.mikes.fi time2.mikes.fi time3.mikes.fi pool.ntp.org" w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp.dnainternet.fi time.mikes.fi time1.mikes.fi time2.mikes.fi time3.mikes.fi pool.ntp.org"
``` ```
* https://www.dna.fi/liikennerajoitukset - https://www.dna.fi/liikennerajoitukset
* https://asiakaspalvelu.moi.fi/hc/fi/articles/360029789832-Mitk%C3%A4-ovat-Moin-palvelinosoitteet- - https://asiakaspalvelu.moi.fi/hc/fi/articles/360029789832-Mitk%C3%A4-ovat-Moin-palvelinosoitteet-
### Elisa ### Elisa
@ -40,22 +39,22 @@ w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp.dna
w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp1.kolumbus.fi ntp2.kolumbus.fi ntp.saunalahti.fi time.mikes.fi time1.mikes.fi time2.mikes.fi time3.mikes.fi pool.ntp.org" w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp1.kolumbus.fi ntp2.kolumbus.fi ntp.saunalahti.fi time.mikes.fi time1.mikes.fi time2.mikes.fi time3.mikes.fi pool.ntp.org"
``` ```
* https://elisa.fi/asiakaspalvelu/ohje/tiedonsiirtoportit-porttiohjaukset-palvelimet/ - https://elisa.fi/asiakaspalvelu/ohje/tiedonsiirtoportit-porttiohjaukset-palvelimet/
## Information about servers ## Information about servers
* https://www.cloudflare.com/time/ - https://www.cloudflare.com/time/
* https://www.netnod.se/nts/network-time-security - https://www.netnod.se/nts/network-time-security
* https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen - https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
* https://www.ntppool.org/use.html - https://www.ntppool.org/use.html
* Also mentions the syntax for multiple servers, but considering this Elisa - Also mentions the syntax for multiple servers, but considering this Elisa
list has so many servers I am only picking one pool address just in case list has so many servers I am only picking one pool address just in case
the others somehow fail. the others somehow fail.
## Additional reading ## Additional reading
* Above links - Above links
* https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/ - https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
* this file might not exist without this post, while it doesn't mention - this file might not exist without this post, while it doesn't mention
multiple servers, uses `time.windows.com` and I am yet to actually touch multiple servers, uses `time.windows.com` and I am yet to actually touch
NTP on Windows Server environment. NTP on Windows Server environment.

View File

@ -21,11 +21,11 @@ Apparently Adwaita must be set to dark theme in `gnome-control-center`
Using the same apps and `gnome-tweaks` (as there are probably a lot of Using the same apps and `gnome-tweaks` (as there are probably a lot of
methods setting fonts): methods setting fonts):
* User-interface text: Noto Serif Regular 10 - User-interface text: Noto Serif Regular 10
* Document text: Noto Serif Regular 11 - Document text: Noto Serif Regular 11
* Monospace text: Noto Sans Mono Regular 10 - Monospace text: Noto Sans Mono Regular 10
* Legacy window title text: Noto Serif Bold 11 - Legacy window title text: Noto Serif Bold 11
* Apparently this means "apps that don't use client-side decorations" - Apparently this means "apps that don't use client-side decorations"
The number behind is obviously the number and it's based on what were the The number behind is obviously the number and it's based on what were the
defaults before I touched them so I am hoping GNOME knows what they are defaults before I touched them so I am hoping GNOME knows what they are
@ -41,10 +41,10 @@ have trouble handling it, e.g. mpv (makes Ä and Ö and Å all Å) and Firefox
Other font settings in GNOME-Tweak: Other font settings in GNOME-Tweak:
* Hinting: *a bit* - Hinting: _a bit_
* for no particular reason - for no particular reason
* Antialiasing: *Subpixel (for LCD-displays)* - Antialiasing: _Subpixel (for LCD-displays)_
* I have no idea where there are "standard grayscale" displays that aren't - I have no idea where there are "standard grayscale" displays that aren't
LCD. LCD.
### Screen mirroring ### Screen mirroring
@ -53,9 +53,9 @@ Other font settings in GNOME-Tweak:
Workarounds: Workarounds:
* Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash)) - Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
* Do something weird with OBS - Do something weird with OBS
* Use a dedicated application that don't seem to be in Fedora repos, flatpak - Use a dedicated application that don't seem to be in Fedora repos, flatpak
or snap. or snap.
* [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror) - [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
* [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror) - [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)

View File

@ -4,24 +4,24 @@
Thus this `README.md` is not read, even if I happened to carelessly Thus this `README.md` is not read, even if I happened to carelessly
copy-paste it in. copy-paste it in.
* `autostart-communication.conf` - chat/communication apps I am expected to have - `autostart-communication.conf` - chat/communication apps I am expected to have
open or at least check at times open or at least check at times
* `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key - `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
* `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc. - `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
* `grimshot.conf` - screenshotting keybinds using `grimshot` - `grimshot.conf` - screenshotting keybinds using `grimshot`
* `i3-selenized-dark.conf` - selenized dark colour scheme - `i3-selenized-dark.conf` - selenized dark colour scheme
* `keyboard.conf` - keyboard configuration - `keyboard.conf` - keyboard configuration
* `media.conf` - media key configuration and autostarts related to it - `media.conf` - media key configuration and autostarts related to it
* `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration - `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
profile to `flat` profile to `flat`
* `README.md` - you are currently reading this :wink: - `README.md` - you are currently reading this :wink:
* `sedric.conf` - configuration specific to my laptop hostnamed `sedric` - `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
* `swaybar.conf` - `swaybar` configuration - `swaybar.conf` - `swaybar` configuration
* `swayidle.conf` - `swayidle` configuration/autostart - `swayidle.conf` - `swayidle` configuration/autostart
* `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when - `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
I happen to visit for longer period of time I happen to visit for longer period of time
* `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood - `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
* `zz-floating.conf` - configures windows that should float. For some reason - `zz-floating.conf` - configures windows that should float. For some reason
that is inherited from my `i3` config, it tells to put float rules above the that is inherited from my `i3` config, it tells to put float rules above the
last line, so it should be read last and `z` is the last letter of English last line, so it should be read last and `z` is the last letter of English
alphabet so it will hopefully be read last. alphabet so it will hopefully be read last.

View File

@ -2,7 +2,17 @@
"layer": "top", "layer": "top",
"position": "left", "position": "left",
"modules-left": ["sway/workspaces", "sway/mode"], "modules-left": ["sway/workspaces", "sway/mode"],
"modules-right": ["cpu", "memory", "battery", "pulseaudio", "sway/language", "network", "bluetooth", "tray", "clock"], "modules-right": [
"cpu",
"memory",
"battery",
"pulseaudio",
"sway/language",
"network",
"bluetooth",
"tray",
"clock"
],
"sway/window": { "sway/window": {
"max-length": 50 "max-length": 50
}, },
@ -12,7 +22,7 @@
"memory": { "memory": {
"format": "RAM {percentage}%" "format": "RAM {percentage}%"
}, },
"bluetooth": { "bluetooth": {
"format": "BT {status}", "format": "BT {status}",
"format-connected": "BT {device_alias}", "format-connected": "BT {device_alias}",
"format-connected-battery": "BT {device_alias} {device_battery_percentage}%" "format-connected-battery": "BT {device_alias} {device_battery_percentage}%"
@ -33,7 +43,7 @@
"format": "KBD {short} {variant}", "format": "KBD {short} {variant}",
"on-click": "swaymsg input type:keyboard xkb_switch_layout next" "on-click": "swaymsg input type:keyboard xkb_switch_layout next"
}, },
"network": { "network": {
//"interface": "wlan0", //"interface": "wlan0",
"format": "{ifname}", "format": "{ifname}",
"format-wifi": "{frequency}G {signalStrength}% {essid}", "format-wifi": "{frequency}G {signalStrength}% {essid}",
@ -44,7 +54,7 @@
"tooltip-format-ethernet": "{ifname} up", "tooltip-format-ethernet": "{ifname} up",
"tooltip-format-disconnected": "Disconnected", "tooltip-format-disconnected": "Disconnected",
"max-length": 50 "max-length": 50
}, },
"clock": { "clock": {
"format": "{:%a. %d.\n%b.\n%Y-%j\n%G-W%V-%u\n%F\n%H.%M.%S}" "format": "{:%a. %d.\n%b.\n%Y-%j\n%G-W%V-%u\n%F\n%H.%M.%S}"
} }

View File

@ -30,11 +30,13 @@ tooltip label {
} }
#workspaces button.focused { #workspaces button.focused {
background: #64727D; background: #64727d;
border-bottom: 3px solid white; border-bottom: 3px solid white;
} }
#mode, #clock, #battery { #mode,
#clock,
#battery {
padding: 0 10px; padding: 0 10px;
} }

View File

@ -25,23 +25,22 @@ assume that means 2.
Note: -N uses names specified in config instead of reverse name lookupping Note: -N uses names specified in config instead of reverse name lookupping
then. then.
* `chrony -N activity` - what sources are doing - `chrony -N activity` - what sources are doing
* `chrony -N authdata` - can show that server uses NTS - `chrony -N authdata` - can show that server uses NTS
* `chrony -N ntpdata` - a lot of data on the servers - `chrony -N ntpdata` - a lot of data on the servers
* `chronyc offline` - offline mode - `chronyc offline` - offline mode
* `chronyc online` - reconnects servers - `chronyc online` - reconnects servers
* `chrony -N sources` - used timeservers and their statuses - `chrony -N sources` - used timeservers and their statuses
* `chrony -N tracking` - local status (stratum and own clock etc.) - `chrony -N tracking` - local status (stratum and own clock etc.)
### nmap ### nmap
Checking that something is an NTP server? Needs root: Checking that something is an NTP server? Needs root:
``` ```
nmap -sU -p 123 --script=ntp-info 192.168.0.1 nmap -sU -p 123 --script=ntp-info 192.168.0.1
``` ```
Checking that something has NTS? Checking that something has NTS?
``` ```

View File

@ -12,6 +12,6 @@ but that way you must trust DNSSEC, CloudFlare and wherever the CNAME
points to who may not have DNSSEC. If you are using this file points to who may not have DNSSEC. If you are using this file
(you shouldn't), you are already trusting me. (you shouldn't), you are already trusting me.
[dnscrypt-proxy]:https://github.com/jedisct1/dnscrypt-proxy [dnscrypt-proxy]: https://github.com/jedisct1/dnscrypt-proxy
[Hyperboria]:https://hyperboria.net/ [hyperboria]: https://hyperboria.net/
[Yggdrasil]:https://yggdrasil-network.github.io/ [yggdrasil]: https://yggdrasil-network.github.io/

View File

@ -1,25 +1,24 @@
Useful nginx files that I will probably need and which I will forget if I Useful nginx files that I will probably need and which I will forget if I
cannot read them from here. cannot read them from here.
* * * * * ---
## FUTURE WARNING ## FUTURE WARNING
These files may age badly, so here are some hopefully timeless pointers: These files may age badly, so here are some hopefully timeless pointers:
* Generate the config file with https://ssl-config.mozilla.org/ (and if - Generate the config file with https://ssl-config.mozilla.org/ (and if
time eats it, try https://github.com/mozilla/ssl-config-generator/ in time eats it, try https://github.com/mozilla/ssl-config-generator/ in
hope of finding where it is now. hope of finding where it is now. \* Name it 00-something so it will be the first file read and make
* Name it 00-something so it will be the first file read and make
everything a different file. everything a different file.
* If using my acmesh-ssl.bash script, the files to fill should be like: - If using my acmesh-ssl.bash script, the files to fill should be like:
(the script runs `$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"`) (the script runs `$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"`)
* `ssl_certificate`, `ssl_trusted_certificate` are `cert.pem` - `ssl_certificate`, `ssl_trusted_certificate` are `cert.pem`
* `ssl_certificate_key` is `key.pem` - `ssl_certificate_key` is `key.pem`
The header syntax is following, ***THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP*** The header syntax is following, **_THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP_**
``` ```
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
@ -33,12 +32,12 @@ The CSP comes from `HEAD "http://[::]:9000/#/chan-1"` to figure out what
TheLounge would be setting without a reverse proxy in front of it. `HEAD` is TheLounge would be setting without a reverse proxy in front of it. `HEAD` is
in Debian package `libwww-perl` in Debian package `libwww-perl`
* Refer to tester tools to see if the configuration is fine: - Refer to tester tools to see if the configuration is fine:
* https://observatory.mozilla.org/ - https://observatory.mozilla.org/
* https://securityheaders.com/ - https://securityheaders.com/
* https://www.ssllabs.com/ssltest/ - https://www.ssllabs.com/ssltest/
* * * * * ---
## Arch ## Arch

View File

@ -7,11 +7,11 @@ marking the headset as "Pro-audio" in pavucontrol Settings tab and adjusting
one from `alsamixer` is enough to fix it. one from `alsamixer` is enough to fix it.
In `alsamixer` having it as pro-audio exposes the sound card in F6 known as In `alsamixer` having it as pro-audio exposes the sound card in F6 known as
*Logitech USB Headset* and there I see two siliders, *Headphone* and *Mic*, _Logitech USB Headset_ and there I see two siliders, _Headphone_ and _Mic_,
*Headphone* can apparently be 100 and *Mic* muted when not in use to avoid _Headphone_ can apparently be 100 and _Mic_ muted when not in use to avoid
it echoing back. it echoing back.
* * * * * ---
The old pulseaudio fix for less than 20 % volume being unhearable is editing The old pulseaudio fix for less than 20 % volume being unhearable is editing
`alsa-monitor.conf` and uncommenting `api.alsa.ignore-dB = true` `alsa-monitor.conf` and uncommenting `api.alsa.ignore-dB = true`
@ -32,10 +32,10 @@ don't exist by default anymore, they need to be copied and edited separately
See also: See also:
* https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220 - https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
* marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207 - marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
## Bluetooth ## Bluetooth
* https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html - https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
* https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html - https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html

View File

@ -1,7 +1,7 @@
Central configuration for PKCS#11 plugin using software and smartcards. Central configuration for PKCS#11 plugin using software and smartcards.
* https://digisaatio.fi/wiki/P11-kit - https://digisaatio.fi/wiki/P11-kit
* https://www.systutorials.com/docs/linux/man/5-pkcs11.conf/ - https://www.systutorials.com/docs/linux/man/5-pkcs11.conf/
Remember also [my FINEID notes in the gist/ repo](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/fineid) Remember also [my FINEID notes in the gist/ repo](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/fineid)

View File

@ -1,6 +1,6 @@
sshd_config should include something like sshd_config should include something like
Include /etc/ssh/sshd_config.d/*.conf Include /etc/ssh/sshd_config.d/\*.conf
NOTE: This became supported only at OpenSSHd 8.2 on 2020-02-14. NOTE: This became supported only at OpenSSHd 8.2 on 2020-02-14.
https://www.openssh.com/txt/release-8.2 https://www.openssh.com/txt/release-8.2

View File

@ -11,24 +11,24 @@ sudo systemctl restart systemd-resolved
## Files explained ## Files explained
* `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as - `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
systemd-resolved doesn't handle it properly), enables opportunistic DoT and systemd-resolved doesn't handle it properly), enables opportunistic DoT and
caching. caching.
* `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If - `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
captive portals are a concern, `DNSOverTLS=no`. captive portals are a concern, `DNSOverTLS=no`.
* `README.md` - you are reading it right now. - `README.md` - you are reading it right now.
## General commentary ## General commentary
* Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however - Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
at the time of writing this README.md, the current version is Ubuntu 20.04.0) at the time of writing this README.md, the current version is Ubuntu 20.04.0)
(systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in (systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in
v243 (big improvements in v244). v243 (big improvements in v244).
* TODO: find out when SNI became supported, I have just spotted it in the - TODO: find out when SNI became supported, I have just spotted it in the
fine manual in 2020-06-??. fine manual in 2020-06-??.
* Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd - Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
without which I wouldn't have got this right. without which I wouldn't have got this right.
* DNSSEC may not work if the system is down for a long time and not updated. - DNSSEC may not work if the system is down for a long time and not updated.
Thus `allow-downgrade` may be better for non-tech people, even with the Thus `allow-downgrade` may be better for non-tech people, even with the
potential downgrade attack. There are also captive portals, affecting potential downgrade attack. There are also captive portals, affecting
`DNSOverTLS`. Both take `yes` or `no` or their own special option, `DNSOverTLS`. Both take `yes` or `no` or their own special option,
@ -36,7 +36,7 @@ sudo systemctl restart systemd-resolved
Other links I have found important and my files are based on: Other links I have found important and my files are based on:
* https://wiki.archlinux.org/index.php/Systemd-resolved - https://wiki.archlinux.org/index.php/Systemd-resolved
* Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867 - Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
* request for strict DOT: https://github.com/systemd/systemd/issues/10755 - request for strict DOT: https://github.com/systemd/systemd/issues/10755
* vulnerable to MITM: https://github.com/systemd/systemd/issues/9397 - vulnerable to MITM: https://github.com/systemd/systemd/issues/9397

View File

@ -3,13 +3,13 @@ subdirectories. The sudirectories won't exist in the real
`/etc/systemd/system` unless they end `.wants` or `.d` or something similar `/etc/systemd/system` unless they end `.wants` or `.d` or something similar
and I forget to update this README file if that happens. and I forget to update this README file if that happens.
* reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector - reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
but uses https instead of http, because there is no reason I would want but uses https instead of http, because there is no reason I would want
someone to see what I download. someone to see what I download.
## Worth reading ## Worth reading
* Waiting for network devices to have IP address (**I only use this for - Waiting for network devices to have IP address (**I only use this for
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
* systemctl enable NetworkManager-wait-online.service _ systemctl enable NetworkManager-wait-online.service
* systemctl enable systemd-networkd-wait-online.service _ systemctl enable systemd-networkd-wait-online.service

View File

@ -1,9 +1,8 @@
The IPv6 files are copied from The IPv6 files are copied from
https://www.reddit.com/r/raspberry_pi/comments/14vcpz/rpi_as_an_ipv6_router_using_a_sixxs_tunnel_and/ https://www.reddit.com/r/raspberry_pi/comments/14vcpz/rpi_as_an_ipv6_router_using_a_sixxs_tunnel_and/
and they are here because they were my biggest difficulty with having Arch and they are here because they were my biggest difficulty with having Arch
on Pi as IPv6 router. on Pi as IPv6 router. \* Also helpful
* Also helpful https://wiki.archlinux.org/index.php/IPv6_tunnel_broker_setup
https://wiki.archlinux.org/index.php/IPv6_tunnel_broker_setup
Miredo.service again is edited from what Arch & Debian ship so it starts Miredo.service again is edited from what Arch & Debian ship so it starts
after there is already network connectivity and Unbound is running after there is already network connectivity and Unbound is running

View File

@ -2,5 +2,5 @@ Services in this directory are meant for my Jolla Phone which runs
Sailfish OS. It doesn't have cron, so I tried the nearest equivalent Sailfish OS. It doesn't have cron, so I tried the nearest equivalent
that is there out-of-box, systemd timers. that is there out-of-box, systemd timers.
* aliendalvik-stopper again stops android support hourly so it won't waste - aliendalvik-stopper again stops android support hourly so it won't waste
battery. battery.

View File

@ -1,10 +1,9 @@
System-wide autostart files # System-wide autostart files
===========================
*Note: this directory is also being used as `~/.local/share/applications` _Note: this directory is also being used as `~/.local/share/applications`
which populates the app menu, my autostart is thankfully not this which populates the app menu, my autostart is thankfully not this
populated.* populated._
* redshift - app that changes screen temperature along the sun - redshift - app that changes screen temperature along the sun
* telegramdesktop - IM app, based on telegram-desktop package - telegramdesktop - IM app, based on telegram-desktop package
* com.wire.WireDesktop - Wire flatpak based on the flatpak of the same name - com.wire.WireDesktop - Wire flatpak based on the flatpak of the same name

View File

@ -6,8 +6,8 @@ as the links below.
## Additional repositories ## Additional repositories
* Begin by `sudo fedora-third-party enable` - Begin by `sudo fedora-third-party enable`
* https://github.com/yggdrasil-network/yggdrasil-network.github.io/issues/127#issuecomment-766520311 - https://github.com/yggdrasil-network/yggdrasil-network.github.io/issues/127#issuecomment-766520311
* https://www.insynchq.com/ - https://www.insynchq.com/
* https://keybase.io/docs/the_app/install_linux - https://keybase.io/docs/the_app/install_linux
* https://rpmfusion.org/Configuration - https://rpmfusion.org/Configuration

View File

@ -5,15 +5,15 @@ NetworkManager.
Notes: Notes:
* `git commit`ing the same SSID with different capitalisations breaks - `git commit`ing the same SSID with different capitalisations breaks
Windows and more common macOS setups due to their filesystems being Windows and more common macOS setups due to their filesystems being
case-insensitive. case-insensitive.
* `Settings.AutoConnect=true` is unnecessary as it defaults to true - `Settings.AutoConnect=true` is unnecessary as it defaults to true
according to `man iwd.network`. according to `man iwd.network`.
* `IPv6.Enabled=true` defauls to true being also unnecessary. - `IPv6.Enabled=true` defauls to true being also unnecessary.
* `private-home-sample.psk` has a comment on MAC address override and sends - `private-home-sample.psk` has a comment on MAC address override and sends
hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
address and doesn't send hostname. address and doesn't send hostname.
* The `.open` networks always randomize MAC address too. If a network is - The `.open` networks always randomize MAC address too. If a network is
private and needs MAC address for captive portal override or something, private and needs MAC address for captive portal override or something,
`private-home-sample.psk` should be adjusted from. `private-home-sample.psk` should be adjusted from.