mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-11-22 03:09:22 +01:00
run prettier
This commit is contained in:
parent
314b0996af
commit
19994e3286
@ -12,6 +12,6 @@ authors:
|
||||
family-names: Suomalainen
|
||||
email: suomalainen+git@mikaela.info
|
||||
- given-names: git shortlog -sne
|
||||
repository-code: 'https://gitea.blesmrt.net/Mikaela/shell-things'
|
||||
repository-code: "https://gitea.blesmrt.net/Mikaela/shell-things"
|
||||
abstract: dotfiles
|
||||
license: BSD-3-Clause
|
||||
|
15
README.md
15
README.md
@ -1,13 +1,12 @@
|
||||
Config files that I wish to have everywhere. You could probably call this
|
||||
repository as dotfiles, but historical reasons...
|
||||
|
||||
Directories explained
|
||||
=====================
|
||||
# Directories explained
|
||||
|
||||
* .mikaela — files that most likely aren't suitable for places where other
|
||||
- .mikaela — files that most likely aren't suitable for places where other
|
||||
people than me have access too
|
||||
* Windows — files releated to Windows
|
||||
* conf — config files like .tmux.conf
|
||||
* etc — /etc/
|
||||
* gpg — GNU Privacy Guard config files, ~/.gnupg/
|
||||
* rc — bashrc, zshrc, vimrc and apparently \*init files…
|
||||
- Windows — files releated to Windows
|
||||
- conf — config files like .tmux.conf
|
||||
- etc — /etc/
|
||||
- gpg — GNU Privacy Guard config files, ~/.gnupg/
|
||||
- rc — bashrc, zshrc, vimrc and apparently \*init files…
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
## WARNING
|
||||
|
||||
* READ FIRST: [Microsoft: Installing Windows 11 on devices that don't meet minimum system requirements](https://support.microsoft.com/windows/installing-windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1)
|
||||
- READ FIRST: [Microsoft: Installing Windows 11 on devices that don't meet minimum system requirements](https://support.microsoft.com/windows/installing-windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1)
|
||||
|
||||
This is not supported by Microsoft, most of the methods listed here didn't
|
||||
work for me on the first system I updated, Windows is not my primary operating
|
||||
@ -14,19 +14,19 @@ affect me.
|
||||
Sedric, Tassu and Zaldaryn have no TPM or currently supported CPU, while
|
||||
the health check app says they are only two to six years old.
|
||||
|
||||
* https://github.com/AveYo/MediaCreationTool.bat
|
||||
- https://github.com/AveYo/MediaCreationTool.bat
|
||||
|
||||
## Registry files here
|
||||
|
||||
I think the first method is likely the best, but I cannot rule these working
|
||||
on another system out yet. They didn't work on my first system tried.
|
||||
|
||||
* `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
|
||||
- `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
|
||||
recommendation and the only one that should be used. If after reboot
|
||||
nothing happens, maybe try the rest rebooting every failure.
|
||||
* https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
|
||||
* `01-LabConfig.reg` - widely reported to work
|
||||
* `01-Setup.reg` - ^
|
||||
* `02-DevRing.reg` - after joining the Insider program, this should enforce
|
||||
- https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
|
||||
- `01-LabConfig.reg` - widely reported to work
|
||||
- `01-Setup.reg` - ^
|
||||
- `02-DevRing.reg` - after joining the Insider program, this should enforce
|
||||
joining to Dev ring which should offer Windows 11 instantly. It may be
|
||||
advisable to leave after successful update.
|
||||
|
@ -2,25 +2,25 @@
|
||||
|
||||
Requires Windows 11.
|
||||
|
||||
* `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
|
||||
- `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
|
||||
didn't seem to work for me or it allowed me to set the DNS server to not
|
||||
use DoH.
|
||||
|
||||
* `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
|
||||
- `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
|
||||
that Windows 11 isn't shipping by default, currently:
|
||||
* Adguard
|
||||
* Cloudflare antimalware
|
||||
* DNS0 (& Zero)
|
||||
* Mullvad
|
||||
* Mullvad Adblock
|
||||
* Quad9 ECS (Windows 11 defaults include Quad9 default)
|
||||
- Adguard
|
||||
- Cloudflare antimalware
|
||||
- DNS0 (& Zero)
|
||||
- Mullvad
|
||||
- Mullvad Adblock
|
||||
- Quad9 ECS (Windows 11 defaults include Quad9 default)
|
||||
|
||||
## Configuration
|
||||
|
||||
Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
|
||||
HTTPS can be enabled for:
|
||||
|
||||
* All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
|
||||
* Same place for Ethernet etc.
|
||||
* Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
|
||||
* Note: if the all networks one is configured, there is a warning about it not being used.
|
||||
- All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
|
||||
- Same place for Ethernet etc.
|
||||
- Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
|
||||
- Note: if the all networks one is configured, there is a warning about it not being used.
|
||||
|
@ -1,8 +1,8 @@
|
||||
Some kind of explaining for [IPv6.reg](IPv6.reg) like
|
||||
[Windows.reg](Windows.reg) which includes this file has.
|
||||
|
||||
* Resolve IPv6 even without native connectivity.
|
||||
* Enable Teredo
|
||||
* As EnterpriseClient so it also works when joined into domain.
|
||||
* Use `teredo.trex.fi` as Teredo server. This should be replaced with
|
||||
- Resolve IPv6 even without native connectivity.
|
||||
- Enable Teredo
|
||||
- As EnterpriseClient so it also works when joined into domain.
|
||||
- Use `teredo.trex.fi` as Teredo server. This should be replaced with
|
||||
something that is as near as possible.
|
||||
|
@ -7,11 +7,11 @@ Windows Registry Editor Version 5.00
|
||||
"ConsentPromptBehaviorUser"=dword:00000001
|
||||
```
|
||||
|
||||
* Make the file Windows Registry Editor script
|
||||
* Ask admins for password/PIN in UAC
|
||||
* 2 would ask for yes or no, 0 disable entirely (don't do that).
|
||||
* prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
|
||||
* The other option (1) doesn't even give them UAC prompt so you must
|
||||
- Make the file Windows Registry Editor script
|
||||
- Ask admins for password/PIN in UAC
|
||||
- 2 would ask for yes or no, 0 disable entirely (don't do that).
|
||||
- prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
|
||||
- The other option (1) doesn't even give them UAC prompt so you must
|
||||
always login as admin to do anything.
|
||||
|
||||
```
|
||||
@ -24,13 +24,13 @@ Windows Registry Editor Version 5.00
|
||||
"EnableFirstLogonAnimation"=dword:00000000
|
||||
```
|
||||
|
||||
* Display the user list.
|
||||
* Allows shutdown without being logged in
|
||||
* Allows undocking without logging in
|
||||
* Shows verbose information on login (starting service...)
|
||||
* Shows output of startup scripts
|
||||
* Shows output of shutdown scripts
|
||||
* Disables the first logon animation on Windows 8 and newer
|
||||
- Display the user list.
|
||||
- Allows shutdown without being logged in
|
||||
- Allows undocking without logging in
|
||||
- Shows verbose information on login (starting service...)
|
||||
- Shows output of startup scripts
|
||||
- Shows output of shutdown scripts
|
||||
- Disables the first logon animation on Windows 8 and newer
|
||||
|
||||
```
|
||||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation]
|
||||
@ -38,8 +38,8 @@ Windows Registry Editor Version 5.00
|
||||
"RealTimeIsUniversal"=qword:00000001
|
||||
```
|
||||
|
||||
* Sets hardware clock to UTC time (doesn't affect system clock!)
|
||||
* qword for 64-bit, dword for 32-bit systems. The actual reg file has
|
||||
- Sets hardware clock to UTC time (doesn't affect system clock!)
|
||||
- qword for 64-bit, dword for 32-bit systems. The actual reg file has
|
||||
only qword as I haven't seen 32-bit Windowses lately.
|
||||
|
||||
```
|
||||
@ -47,7 +47,7 @@ Windows Registry Editor Version 5.00
|
||||
"AddrConfigControl"=dword:00000000
|
||||
```
|
||||
|
||||
* be able to resolve IPv6 even when connection isn't native.
|
||||
- be able to resolve IPv6 even when connection isn't native.
|
||||
|
||||
```
|
||||
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition]
|
||||
@ -56,13 +56,13 @@ Windows Registry Editor Version 5.00
|
||||
"Teredo_ServerName"="teredo.trex.fi"
|
||||
```
|
||||
|
||||
* Enable Teredo
|
||||
* Enable Teredo even when joined to domain.
|
||||
* Use `teredo.trex.fi` as Teredo server as it's in Finland where I am.
|
||||
- Enable Teredo
|
||||
- Enable Teredo even when joined to domain.
|
||||
- Use `teredo.trex.fi` as Teredo server as it's in Finland where I am.
|
||||
|
||||
```
|
||||
[HKEY_USERS\.DEFAULT\Control Panel\Keyboard]
|
||||
"InitialKeyboardIndicators"="2147483650"
|
||||
```
|
||||
|
||||
* Enable numlock on boot.
|
||||
- Enable numlock on boot.
|
||||
|
@ -6,33 +6,32 @@ w32tm /resync
|
||||
w32tm /query /peers
|
||||
```
|
||||
|
||||
* The list is space separated NTP servers, while I think Windows uses SNTP instead
|
||||
- The list is space separated NTP servers, while I think Windows uses SNTP instead
|
||||
of NTP.
|
||||
* `/resync` may sync current time, but is also required for the GUI
|
||||
- `/resync` may sync current time, but is also required for the GUI
|
||||
(Windows + I, Date & time) and following command to get aware of peers.
|
||||
* Shows where time is synced from and statistics.
|
||||
* There is also `net time` to sync, I am unsure of the differences while
|
||||
- Shows where time is synced from and statistics.
|
||||
- There is also `net time` to sync, I am unsure of the differences while
|
||||
that may be blocked while the second keeps working. It may also not
|
||||
show all the peers, just the primary one, while `w32tm` is more verbose
|
||||
and has all of them.
|
||||
* As Windows doesn't support NTS and probably won't in near future, there is
|
||||
- As Windows doesn't support NTS and probably won't in near future, there is
|
||||
no point in listing distant foreign servers.
|
||||
|
||||
|
||||
## Variations
|
||||
|
||||
Variations of the timeserver setting command to be kept at hand
|
||||
|
||||
### DNA
|
||||
|
||||
*Including Moi*
|
||||
_Including Moi_
|
||||
|
||||
```
|
||||
w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp.dnainternet.fi time.mikes.fi time1.mikes.fi time2.mikes.fi time3.mikes.fi pool.ntp.org"
|
||||
```
|
||||
|
||||
* https://www.dna.fi/liikennerajoitukset
|
||||
* https://asiakaspalvelu.moi.fi/hc/fi/articles/360029789832-Mitk%C3%A4-ovat-Moin-palvelinosoitteet-
|
||||
- https://www.dna.fi/liikennerajoitukset
|
||||
- https://asiakaspalvelu.moi.fi/hc/fi/articles/360029789832-Mitk%C3%A4-ovat-Moin-palvelinosoitteet-
|
||||
|
||||
### Elisa
|
||||
|
||||
@ -40,22 +39,22 @@ w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp.dna
|
||||
w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp1.kolumbus.fi ntp2.kolumbus.fi ntp.saunalahti.fi time.mikes.fi time1.mikes.fi time2.mikes.fi time3.mikes.fi pool.ntp.org"
|
||||
```
|
||||
|
||||
* https://elisa.fi/asiakaspalvelu/ohje/tiedonsiirtoportit-porttiohjaukset-palvelimet/
|
||||
- https://elisa.fi/asiakaspalvelu/ohje/tiedonsiirtoportit-porttiohjaukset-palvelimet/
|
||||
|
||||
## Information about servers
|
||||
|
||||
* https://www.cloudflare.com/time/
|
||||
* https://www.netnod.se/nts/network-time-security
|
||||
* https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
|
||||
* https://www.ntppool.org/use.html
|
||||
* Also mentions the syntax for multiple servers, but considering this Elisa
|
||||
- https://www.cloudflare.com/time/
|
||||
- https://www.netnod.se/nts/network-time-security
|
||||
- https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
|
||||
- https://www.ntppool.org/use.html
|
||||
- Also mentions the syntax for multiple servers, but considering this Elisa
|
||||
list has so many servers I am only picking one pool address just in case
|
||||
the others somehow fail.
|
||||
|
||||
## Additional reading
|
||||
|
||||
* Above links
|
||||
* https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
|
||||
* this file might not exist without this post, while it doesn't mention
|
||||
- Above links
|
||||
- https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
|
||||
- this file might not exist without this post, while it doesn't mention
|
||||
multiple servers, uses `time.windows.com` and I am yet to actually touch
|
||||
NTP on Windows Server environment.
|
||||
|
@ -21,11 +21,11 @@ Apparently Adwaita must be set to dark theme in `gnome-control-center`
|
||||
Using the same apps and `gnome-tweaks` (as there are probably a lot of
|
||||
methods setting fonts):
|
||||
|
||||
* User-interface text: Noto Serif Regular 10
|
||||
* Document text: Noto Serif Regular 11
|
||||
* Monospace text: Noto Sans Mono Regular 10
|
||||
* Legacy window title text: Noto Serif Bold 11
|
||||
* Apparently this means "apps that don't use client-side decorations"
|
||||
- User-interface text: Noto Serif Regular 10
|
||||
- Document text: Noto Serif Regular 11
|
||||
- Monospace text: Noto Sans Mono Regular 10
|
||||
- Legacy window title text: Noto Serif Bold 11
|
||||
- Apparently this means "apps that don't use client-side decorations"
|
||||
|
||||
The number behind is obviously the number and it's based on what were the
|
||||
defaults before I touched them so I am hoping GNOME knows what they are
|
||||
@ -41,10 +41,10 @@ have trouble handling it, e.g. mpv (makes Ä and Ö and Å all Å) and Firefox
|
||||
|
||||
Other font settings in GNOME-Tweak:
|
||||
|
||||
* Hinting: *a bit*
|
||||
* for no particular reason
|
||||
* Antialiasing: *Subpixel (for LCD-displays)*
|
||||
* I have no idea where there are "standard grayscale" displays that aren't
|
||||
- Hinting: _a bit_
|
||||
- for no particular reason
|
||||
- Antialiasing: _Subpixel (for LCD-displays)_
|
||||
- I have no idea where there are "standard grayscale" displays that aren't
|
||||
LCD.
|
||||
|
||||
### Screen mirroring
|
||||
@ -53,9 +53,9 @@ Other font settings in GNOME-Tweak:
|
||||
|
||||
Workarounds:
|
||||
|
||||
* Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
|
||||
* Do something weird with OBS
|
||||
* Use a dedicated application that don't seem to be in Fedora repos, flatpak
|
||||
- Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
|
||||
- Do something weird with OBS
|
||||
- Use a dedicated application that don't seem to be in Fedora repos, flatpak
|
||||
or snap.
|
||||
* [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
|
||||
* [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)
|
||||
- [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
|
||||
- [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)
|
||||
|
@ -4,24 +4,24 @@
|
||||
Thus this `README.md` is not read, even if I happened to carelessly
|
||||
copy-paste it in.
|
||||
|
||||
* `autostart-communication.conf` - chat/communication apps I am expected to have
|
||||
- `autostart-communication.conf` - chat/communication apps I am expected to have
|
||||
open or at least check at times
|
||||
* `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
|
||||
* `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
|
||||
* `grimshot.conf` - screenshotting keybinds using `grimshot`
|
||||
* `i3-selenized-dark.conf` - selenized dark colour scheme
|
||||
* `keyboard.conf` - keyboard configuration
|
||||
* `media.conf` - media key configuration and autostarts related to it
|
||||
* `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
|
||||
- `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
|
||||
- `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
|
||||
- `grimshot.conf` - screenshotting keybinds using `grimshot`
|
||||
- `i3-selenized-dark.conf` - selenized dark colour scheme
|
||||
- `keyboard.conf` - keyboard configuration
|
||||
- `media.conf` - media key configuration and autostarts related to it
|
||||
- `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
|
||||
profile to `flat`
|
||||
* `README.md` - you are currently reading this :wink:
|
||||
* `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
|
||||
* `swaybar.conf` - `swaybar` configuration
|
||||
* `swayidle.conf` - `swayidle` configuration/autostart
|
||||
* `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
|
||||
- `README.md` - you are currently reading this :wink:
|
||||
- `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
|
||||
- `swaybar.conf` - `swaybar` configuration
|
||||
- `swayidle.conf` - `swayidle` configuration/autostart
|
||||
- `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
|
||||
I happen to visit for longer period of time
|
||||
* `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
|
||||
* `zz-floating.conf` - configures windows that should float. For some reason
|
||||
- `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
|
||||
- `zz-floating.conf` - configures windows that should float. For some reason
|
||||
that is inherited from my `i3` config, it tells to put float rules above the
|
||||
last line, so it should be read last and `z` is the last letter of English
|
||||
alphabet so it will hopefully be read last.
|
||||
|
@ -2,7 +2,17 @@
|
||||
"layer": "top",
|
||||
"position": "left",
|
||||
"modules-left": ["sway/workspaces", "sway/mode"],
|
||||
"modules-right": ["cpu", "memory", "battery", "pulseaudio", "sway/language", "network", "bluetooth", "tray", "clock"],
|
||||
"modules-right": [
|
||||
"cpu",
|
||||
"memory",
|
||||
"battery",
|
||||
"pulseaudio",
|
||||
"sway/language",
|
||||
"network",
|
||||
"bluetooth",
|
||||
"tray",
|
||||
"clock"
|
||||
],
|
||||
"sway/window": {
|
||||
"max-length": 50
|
||||
},
|
||||
@ -12,7 +22,7 @@
|
||||
"memory": {
|
||||
"format": "RAM {percentage}%"
|
||||
},
|
||||
"bluetooth": {
|
||||
"bluetooth": {
|
||||
"format": "BT {status}",
|
||||
"format-connected": "BT {device_alias}",
|
||||
"format-connected-battery": "BT {device_alias} {device_battery_percentage}%"
|
||||
@ -33,7 +43,7 @@
|
||||
"format": "KBD {short} {variant}",
|
||||
"on-click": "swaymsg input type:keyboard xkb_switch_layout next"
|
||||
},
|
||||
"network": {
|
||||
"network": {
|
||||
//"interface": "wlan0",
|
||||
"format": "{ifname}",
|
||||
"format-wifi": "{frequency}G {signalStrength}% {essid}",
|
||||
@ -44,7 +54,7 @@
|
||||
"tooltip-format-ethernet": "{ifname} up",
|
||||
"tooltip-format-disconnected": "Disconnected",
|
||||
"max-length": 50
|
||||
},
|
||||
},
|
||||
"clock": {
|
||||
"format": "{:%a. %d.\n%b.\n%Y-%j\n%G-W%V-%u\n%F\n%H.%M.%S}"
|
||||
}
|
||||
|
@ -30,11 +30,13 @@ tooltip label {
|
||||
}
|
||||
|
||||
#workspaces button.focused {
|
||||
background: #64727D;
|
||||
background: #64727d;
|
||||
border-bottom: 3px solid white;
|
||||
}
|
||||
|
||||
#mode, #clock, #battery {
|
||||
#mode,
|
||||
#clock,
|
||||
#battery {
|
||||
padding: 0 10px;
|
||||
}
|
||||
|
||||
|
@ -25,23 +25,22 @@ assume that means 2.
|
||||
Note: -N uses names specified in config instead of reverse name lookupping
|
||||
then.
|
||||
|
||||
* `chrony -N activity` - what sources are doing
|
||||
* `chrony -N authdata` - can show that server uses NTS
|
||||
* `chrony -N ntpdata` - a lot of data on the servers
|
||||
* `chronyc offline` - offline mode
|
||||
* `chronyc online` - reconnects servers
|
||||
* `chrony -N sources` - used timeservers and their statuses
|
||||
* `chrony -N tracking` - local status (stratum and own clock etc.)
|
||||
|
||||
- `chrony -N activity` - what sources are doing
|
||||
- `chrony -N authdata` - can show that server uses NTS
|
||||
- `chrony -N ntpdata` - a lot of data on the servers
|
||||
- `chronyc offline` - offline mode
|
||||
- `chronyc online` - reconnects servers
|
||||
- `chrony -N sources` - used timeservers and their statuses
|
||||
- `chrony -N tracking` - local status (stratum and own clock etc.)
|
||||
|
||||
### nmap
|
||||
|
||||
|
||||
Checking that something is an NTP server? Needs root:
|
||||
|
||||
```
|
||||
nmap -sU -p 123 --script=ntp-info 192.168.0.1
|
||||
```
|
||||
|
||||
Checking that something has NTS?
|
||||
|
||||
```
|
||||
|
@ -12,6 +12,6 @@ but that way you must trust DNSSEC, CloudFlare and wherever the CNAME
|
||||
points to who may not have DNSSEC. If you are using this file
|
||||
(you shouldn't), you are already trusting me.
|
||||
|
||||
[dnscrypt-proxy]:https://github.com/jedisct1/dnscrypt-proxy
|
||||
[Hyperboria]:https://hyperboria.net/
|
||||
[Yggdrasil]:https://yggdrasil-network.github.io/
|
||||
[dnscrypt-proxy]: https://github.com/jedisct1/dnscrypt-proxy
|
||||
[hyperboria]: https://hyperboria.net/
|
||||
[yggdrasil]: https://yggdrasil-network.github.io/
|
||||
|
@ -1,25 +1,24 @@
|
||||
Useful nginx files that I will probably need and which I will forget if I
|
||||
cannot read them from here.
|
||||
|
||||
* * * * *
|
||||
---
|
||||
|
||||
## FUTURE WARNING
|
||||
|
||||
These files may age badly, so here are some hopefully timeless pointers:
|
||||
|
||||
* Generate the config file with https://ssl-config.mozilla.org/ (and if
|
||||
- Generate the config file with https://ssl-config.mozilla.org/ (and if
|
||||
time eats it, try https://github.com/mozilla/ssl-config-generator/ in
|
||||
hope of finding where it is now.
|
||||
* Name it 00-something so it will be the first file read and make
|
||||
hope of finding where it is now. \* Name it 00-something so it will be the first file read and make
|
||||
everything a different file.
|
||||
* If using my acmesh-ssl.bash script, the files to fill should be like:
|
||||
- If using my acmesh-ssl.bash script, the files to fill should be like:
|
||||
|
||||
(the script runs `$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"`)
|
||||
|
||||
* `ssl_certificate`, `ssl_trusted_certificate` are `cert.pem`
|
||||
* `ssl_certificate_key` is `key.pem`
|
||||
- `ssl_certificate`, `ssl_trusted_certificate` are `cert.pem`
|
||||
- `ssl_certificate_key` is `key.pem`
|
||||
|
||||
The header syntax is following, ***THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP***
|
||||
The header syntax is following, **_THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP_**
|
||||
|
||||
```
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
|
||||
@ -33,12 +32,12 @@ The CSP comes from `HEAD "http://[::]:9000/#/chan-1"` to figure out what
|
||||
TheLounge would be setting without a reverse proxy in front of it. `HEAD` is
|
||||
in Debian package `libwww-perl`
|
||||
|
||||
* Refer to tester tools to see if the configuration is fine:
|
||||
* https://observatory.mozilla.org/
|
||||
* https://securityheaders.com/
|
||||
* https://www.ssllabs.com/ssltest/
|
||||
- Refer to tester tools to see if the configuration is fine:
|
||||
- https://observatory.mozilla.org/
|
||||
- https://securityheaders.com/
|
||||
- https://www.ssllabs.com/ssltest/
|
||||
|
||||
* * * * *
|
||||
---
|
||||
|
||||
## Arch
|
||||
|
||||
|
@ -7,11 +7,11 @@ marking the headset as "Pro-audio" in pavucontrol Settings tab and adjusting
|
||||
one from `alsamixer` is enough to fix it.
|
||||
|
||||
In `alsamixer` having it as pro-audio exposes the sound card in F6 known as
|
||||
*Logitech USB Headset* and there I see two siliders, *Headphone* and *Mic*,
|
||||
*Headphone* can apparently be 100 and *Mic* muted when not in use to avoid
|
||||
_Logitech USB Headset_ and there I see two siliders, _Headphone_ and _Mic_,
|
||||
_Headphone_ can apparently be 100 and _Mic_ muted when not in use to avoid
|
||||
it echoing back.
|
||||
|
||||
* * * * *
|
||||
---
|
||||
|
||||
The old pulseaudio fix for less than 20 % volume being unhearable is editing
|
||||
`alsa-monitor.conf` and uncommenting `api.alsa.ignore-dB = true`
|
||||
@ -32,10 +32,10 @@ don't exist by default anymore, they need to be copied and edited separately
|
||||
|
||||
See also:
|
||||
|
||||
* https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
|
||||
* marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
|
||||
- https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
|
||||
- marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
|
||||
|
||||
## Bluetooth
|
||||
|
||||
* https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
|
||||
* https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
|
||||
- https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
|
||||
- https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
|
||||
|
@ -1,7 +1,7 @@
|
||||
Central configuration for PKCS#11 plugin using software and smartcards.
|
||||
|
||||
* https://digisaatio.fi/wiki/P11-kit
|
||||
* https://www.systutorials.com/docs/linux/man/5-pkcs11.conf/
|
||||
- https://digisaatio.fi/wiki/P11-kit
|
||||
- https://www.systutorials.com/docs/linux/man/5-pkcs11.conf/
|
||||
|
||||
Remember also [my FINEID notes in the gist/ repo](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/fineid)
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
sshd_config should include something like
|
||||
|
||||
Include /etc/ssh/sshd_config.d/*.conf
|
||||
Include /etc/ssh/sshd_config.d/\*.conf
|
||||
|
||||
NOTE: This became supported only at OpenSSHd 8.2 on 2020-02-14.
|
||||
https://www.openssh.com/txt/release-8.2
|
||||
|
@ -11,24 +11,24 @@ sudo systemctl restart systemd-resolved
|
||||
|
||||
## Files explained
|
||||
|
||||
* `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
|
||||
- `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
|
||||
systemd-resolved doesn't handle it properly), enables opportunistic DoT and
|
||||
caching.
|
||||
* `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
|
||||
- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
|
||||
captive portals are a concern, `DNSOverTLS=no`.
|
||||
* `README.md` - you are reading it right now.
|
||||
- `README.md` - you are reading it right now.
|
||||
|
||||
## General commentary
|
||||
|
||||
* Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
|
||||
- Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
|
||||
at the time of writing this README.md, the current version is Ubuntu 20.04.0)
|
||||
(systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in
|
||||
v243 (big improvements in v244).
|
||||
* TODO: find out when SNI became supported, I have just spotted it in the
|
||||
- TODO: find out when SNI became supported, I have just spotted it in the
|
||||
fine manual in 2020-06-??.
|
||||
* Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
|
||||
- Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
|
||||
without which I wouldn't have got this right.
|
||||
* DNSSEC may not work if the system is down for a long time and not updated.
|
||||
- DNSSEC may not work if the system is down for a long time and not updated.
|
||||
Thus `allow-downgrade` may be better for non-tech people, even with the
|
||||
potential downgrade attack. There are also captive portals, affecting
|
||||
`DNSOverTLS`. Both take `yes` or `no` or their own special option,
|
||||
@ -36,7 +36,7 @@ sudo systemctl restart systemd-resolved
|
||||
|
||||
Other links I have found important and my files are based on:
|
||||
|
||||
* https://wiki.archlinux.org/index.php/Systemd-resolved
|
||||
* Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
|
||||
* request for strict DOT: https://github.com/systemd/systemd/issues/10755
|
||||
* vulnerable to MITM: https://github.com/systemd/systemd/issues/9397
|
||||
- https://wiki.archlinux.org/index.php/Systemd-resolved
|
||||
- Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
|
||||
- request for strict DOT: https://github.com/systemd/systemd/issues/10755
|
||||
- vulnerable to MITM: https://github.com/systemd/systemd/issues/9397
|
||||
|
@ -3,13 +3,13 @@ subdirectories. The sudirectories won't exist in the real
|
||||
`/etc/systemd/system` unless they end `.wants` or `.d` or something similar
|
||||
and I forget to update this README file if that happens.
|
||||
|
||||
* reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
|
||||
- reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
|
||||
but uses https instead of http, because there is no reason I would want
|
||||
someone to see what I download.
|
||||
|
||||
## Worth reading
|
||||
|
||||
* Waiting for network devices to have IP address (**I only use this for
|
||||
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
|
||||
* systemctl enable NetworkManager-wait-online.service
|
||||
* systemctl enable systemd-networkd-wait-online.service
|
||||
- Waiting for network devices to have IP address (**I only use this for
|
||||
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
|
||||
_ systemctl enable NetworkManager-wait-online.service
|
||||
_ systemctl enable systemd-networkd-wait-online.service
|
||||
|
@ -1,9 +1,8 @@
|
||||
The IPv6 files are copied from
|
||||
https://www.reddit.com/r/raspberry_pi/comments/14vcpz/rpi_as_an_ipv6_router_using_a_sixxs_tunnel_and/
|
||||
and they are here because they were my biggest difficulty with having Arch
|
||||
on Pi as IPv6 router.
|
||||
* Also helpful
|
||||
https://wiki.archlinux.org/index.php/IPv6_tunnel_broker_setup
|
||||
on Pi as IPv6 router. \* Also helpful
|
||||
https://wiki.archlinux.org/index.php/IPv6_tunnel_broker_setup
|
||||
|
||||
Miredo.service again is edited from what Arch & Debian ship so it starts
|
||||
after there is already network connectivity and Unbound is running
|
||||
|
@ -2,5 +2,5 @@ Services in this directory are meant for my Jolla Phone which runs
|
||||
Sailfish OS. It doesn't have cron, so I tried the nearest equivalent
|
||||
that is there out-of-box, systemd timers.
|
||||
|
||||
* aliendalvik-stopper again stops android support hourly so it won't waste
|
||||
- aliendalvik-stopper again stops android support hourly so it won't waste
|
||||
battery.
|
||||
|
@ -1,10 +1,9 @@
|
||||
System-wide autostart files
|
||||
===========================
|
||||
# System-wide autostart files
|
||||
|
||||
*Note: this directory is also being used as `~/.local/share/applications`
|
||||
which populates the app menu, my autostart is thankfully not this
|
||||
populated.*
|
||||
_Note: this directory is also being used as `~/.local/share/applications`
|
||||
which populates the app menu, my autostart is thankfully not this
|
||||
populated._
|
||||
|
||||
* redshift - app that changes screen temperature along the sun
|
||||
* telegramdesktop - IM app, based on telegram-desktop package
|
||||
* com.wire.WireDesktop - Wire flatpak based on the flatpak of the same name
|
||||
- redshift - app that changes screen temperature along the sun
|
||||
- telegramdesktop - IM app, based on telegram-desktop package
|
||||
- com.wire.WireDesktop - Wire flatpak based on the flatpak of the same name
|
||||
|
@ -6,8 +6,8 @@ as the links below.
|
||||
|
||||
## Additional repositories
|
||||
|
||||
* Begin by `sudo fedora-third-party enable`
|
||||
* https://github.com/yggdrasil-network/yggdrasil-network.github.io/issues/127#issuecomment-766520311
|
||||
* https://www.insynchq.com/
|
||||
* https://keybase.io/docs/the_app/install_linux
|
||||
* https://rpmfusion.org/Configuration
|
||||
- Begin by `sudo fedora-third-party enable`
|
||||
- https://github.com/yggdrasil-network/yggdrasil-network.github.io/issues/127#issuecomment-766520311
|
||||
- https://www.insynchq.com/
|
||||
- https://keybase.io/docs/the_app/install_linux
|
||||
- https://rpmfusion.org/Configuration
|
||||
|
@ -5,15 +5,15 @@ NetworkManager.
|
||||
|
||||
Notes:
|
||||
|
||||
* `git commit`ing the same SSID with different capitalisations breaks
|
||||
- `git commit`ing the same SSID with different capitalisations breaks
|
||||
Windows and more common macOS setups due to their filesystems being
|
||||
case-insensitive.
|
||||
* `Settings.AutoConnect=true` is unnecessary as it defaults to true
|
||||
- `Settings.AutoConnect=true` is unnecessary as it defaults to true
|
||||
according to `man iwd.network`.
|
||||
* `IPv6.Enabled=true` defauls to true being also unnecessary.
|
||||
* `private-home-sample.psk` has a comment on MAC address override and sends
|
||||
- `IPv6.Enabled=true` defauls to true being also unnecessary.
|
||||
- `private-home-sample.psk` has a comment on MAC address override and sends
|
||||
hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
|
||||
address and doesn't send hostname.
|
||||
* The `.open` networks always randomize MAC address too. If a network is
|
||||
- The `.open` networks always randomize MAC address too. If a network is
|
||||
private and needs MAC address for captive portal override or something,
|
||||
`private-home-sample.psk` should be adjusted from.
|
||||
|
Loading…
Reference in New Issue
Block a user