run prettier

This commit is contained in:
Aminda Suomalainen 2023-02-21 17:54:39 +02:00
parent 314b0996af
commit 19994e3286
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
24 changed files with 238 additions and 232 deletions

View File

@ -12,6 +12,6 @@ authors:
family-names: Suomalainen
email: suomalainen+git@mikaela.info
- given-names: git shortlog -sne
repository-code: 'https://gitea.blesmrt.net/Mikaela/shell-things'
repository-code: "https://gitea.blesmrt.net/Mikaela/shell-things"
abstract: dotfiles
license: BSD-3-Clause

View File

@ -1,13 +1,12 @@
Config files that I wish to have everywhere. You could probably call this
repository as dotfiles, but historical reasons...
Directories explained
=====================
# Directories explained
* .mikaela — files that most likely aren't suitable for places where other
- .mikaela — files that most likely aren't suitable for places where other
people than me have access too
* Windows — files releated to Windows
* conf — config files like .tmux.conf
* etc — /etc/
* gpg — GNU Privacy Guard config files, ~/.gnupg/
* rc — bashrc, zshrc, vimrc and apparently \*init files…
- Windows — files releated to Windows
- conf — config files like .tmux.conf
- etc — /etc/
- gpg — GNU Privacy Guard config files, ~/.gnupg/
- rc — bashrc, zshrc, vimrc and apparently \*init files…

View File

@ -2,7 +2,7 @@
## WARNING
* READ FIRST: [Microsoft: Installing Windows 11 on devices that don't meet minimum system requirements](https://support.microsoft.com/windows/installing-windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1)
- READ FIRST: [Microsoft: Installing Windows 11 on devices that don't meet minimum system requirements](https://support.microsoft.com/windows/installing-windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1)
This is not supported by Microsoft, most of the methods listed here didn't
work for me on the first system I updated, Windows is not my primary operating
@ -14,19 +14,19 @@ affect me.
Sedric, Tassu and Zaldaryn have no TPM or currently supported CPU, while
the health check app says they are only two to six years old.
* https://github.com/AveYo/MediaCreationTool.bat
- https://github.com/AveYo/MediaCreationTool.bat
## Registry files here
I think the first method is likely the best, but I cannot rule these working
on another system out yet. They didn't work on my first system tried.
* `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
- `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
recommendation and the only one that should be used. If after reboot
nothing happens, maybe try the rest rebooting every failure.
* https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
* `01-LabConfig.reg` - widely reported to work
* `01-Setup.reg` - ^
* `02-DevRing.reg` - after joining the Insider program, this should enforce
- https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
- `01-LabConfig.reg` - widely reported to work
- `01-Setup.reg` - ^
- `02-DevRing.reg` - after joining the Insider program, this should enforce
joining to Dev ring which should offer Windows 11 instantly. It may be
advisable to leave after successful update.

View File

@ -2,25 +2,25 @@
Requires Windows 11.
* `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
- `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
didn't seem to work for me or it allowed me to set the DNS server to not
use DoH.
* `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
- `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
that Windows 11 isn't shipping by default, currently:
* Adguard
* Cloudflare antimalware
* DNS0 (& Zero)
* Mullvad
* Mullvad Adblock
* Quad9 ECS (Windows 11 defaults include Quad9 default)
- Adguard
- Cloudflare antimalware
- DNS0 (& Zero)
- Mullvad
- Mullvad Adblock
- Quad9 ECS (Windows 11 defaults include Quad9 default)
## Configuration
Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
HTTPS can be enabled for:
* All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
* Same place for Ethernet etc.
* Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
* Note: if the all networks one is configured, there is a warning about it not being used.
- All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
- Same place for Ethernet etc.
- Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
- Note: if the all networks one is configured, there is a warning about it not being used.

View File

@ -1,8 +1,8 @@
Some kind of explaining for [IPv6.reg](IPv6.reg) like
[Windows.reg](Windows.reg) which includes this file has.
* Resolve IPv6 even without native connectivity.
* Enable Teredo
* As EnterpriseClient so it also works when joined into domain.
* Use `teredo.trex.fi` as Teredo server. This should be replaced with
- Resolve IPv6 even without native connectivity.
- Enable Teredo
- As EnterpriseClient so it also works when joined into domain.
- Use `teredo.trex.fi` as Teredo server. This should be replaced with
something that is as near as possible.

View File

@ -7,11 +7,11 @@ Windows Registry Editor Version 5.00
"ConsentPromptBehaviorUser"=dword:00000001
```
* Make the file Windows Registry Editor script
* Ask admins for password/PIN in UAC
* 2 would ask for yes or no, 0 disable entirely (don't do that).
* prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
* The other option (1) doesn't even give them UAC prompt so you must
- Make the file Windows Registry Editor script
- Ask admins for password/PIN in UAC
- 2 would ask for yes or no, 0 disable entirely (don't do that).
- prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
- The other option (1) doesn't even give them UAC prompt so you must
always login as admin to do anything.
```
@ -24,13 +24,13 @@ Windows Registry Editor Version 5.00
"EnableFirstLogonAnimation"=dword:00000000
```
* Display the user list.
* Allows shutdown without being logged in
* Allows undocking without logging in
* Shows verbose information on login (starting service...)
* Shows output of startup scripts
* Shows output of shutdown scripts
* Disables the first logon animation on Windows 8 and newer
- Display the user list.
- Allows shutdown without being logged in
- Allows undocking without logging in
- Shows verbose information on login (starting service...)
- Shows output of startup scripts
- Shows output of shutdown scripts
- Disables the first logon animation on Windows 8 and newer
```
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation]
@ -38,8 +38,8 @@ Windows Registry Editor Version 5.00
"RealTimeIsUniversal"=qword:00000001
```
* Sets hardware clock to UTC time (doesn't affect system clock!)
* qword for 64-bit, dword for 32-bit systems. The actual reg file has
- Sets hardware clock to UTC time (doesn't affect system clock!)
- qword for 64-bit, dword for 32-bit systems. The actual reg file has
only qword as I haven't seen 32-bit Windowses lately.
```
@ -47,7 +47,7 @@ Windows Registry Editor Version 5.00
"AddrConfigControl"=dword:00000000
```
* be able to resolve IPv6 even when connection isn't native.
- be able to resolve IPv6 even when connection isn't native.
```
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition]
@ -56,13 +56,13 @@ Windows Registry Editor Version 5.00
"Teredo_ServerName"="teredo.trex.fi"
```
* Enable Teredo
* Enable Teredo even when joined to domain.
* Use `teredo.trex.fi` as Teredo server as it's in Finland where I am.
- Enable Teredo
- Enable Teredo even when joined to domain.
- Use `teredo.trex.fi` as Teredo server as it's in Finland where I am.
```
[HKEY_USERS\.DEFAULT\Control Panel\Keyboard]
"InitialKeyboardIndicators"="2147483650"
```
* Enable numlock on boot.
- Enable numlock on boot.

View File

@ -6,33 +6,32 @@ w32tm /resync
w32tm /query /peers
```
* The list is space separated NTP servers, while I think Windows uses SNTP instead
- The list is space separated NTP servers, while I think Windows uses SNTP instead
of NTP.
* `/resync` may sync current time, but is also required for the GUI
- `/resync` may sync current time, but is also required for the GUI
(Windows + I, Date & time) and following command to get aware of peers.
* Shows where time is synced from and statistics.
* There is also `net time` to sync, I am unsure of the differences while
- Shows where time is synced from and statistics.
- There is also `net time` to sync, I am unsure of the differences while
that may be blocked while the second keeps working. It may also not
show all the peers, just the primary one, while `w32tm` is more verbose
and has all of them.
* As Windows doesn't support NTS and probably won't in near future, there is
- As Windows doesn't support NTS and probably won't in near future, there is
no point in listing distant foreign servers.
## Variations
Variations of the timeserver setting command to be kept at hand
### DNA
*Including Moi*
_Including Moi_
```
w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp.dnainternet.fi time.mikes.fi time1.mikes.fi time2.mikes.fi time3.mikes.fi pool.ntp.org"
```
* https://www.dna.fi/liikennerajoitukset
* https://asiakaspalvelu.moi.fi/hc/fi/articles/360029789832-Mitk%C3%A4-ovat-Moin-palvelinosoitteet-
- https://www.dna.fi/liikennerajoitukset
- https://asiakaspalvelu.moi.fi/hc/fi/articles/360029789832-Mitk%C3%A4-ovat-Moin-palvelinosoitteet-
### Elisa
@ -40,22 +39,22 @@ w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp.dna
w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp1.kolumbus.fi ntp2.kolumbus.fi ntp.saunalahti.fi time.mikes.fi time1.mikes.fi time2.mikes.fi time3.mikes.fi pool.ntp.org"
```
* https://elisa.fi/asiakaspalvelu/ohje/tiedonsiirtoportit-porttiohjaukset-palvelimet/
- https://elisa.fi/asiakaspalvelu/ohje/tiedonsiirtoportit-porttiohjaukset-palvelimet/
## Information about servers
* https://www.cloudflare.com/time/
* https://www.netnod.se/nts/network-time-security
* https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
* https://www.ntppool.org/use.html
* Also mentions the syntax for multiple servers, but considering this Elisa
- https://www.cloudflare.com/time/
- https://www.netnod.se/nts/network-time-security
- https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
- https://www.ntppool.org/use.html
- Also mentions the syntax for multiple servers, but considering this Elisa
list has so many servers I am only picking one pool address just in case
the others somehow fail.
## Additional reading
* Above links
* https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
* this file might not exist without this post, while it doesn't mention
- Above links
- https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
- this file might not exist without this post, while it doesn't mention
multiple servers, uses `time.windows.com` and I am yet to actually touch
NTP on Windows Server environment.

View File

@ -21,11 +21,11 @@ Apparently Adwaita must be set to dark theme in `gnome-control-center`
Using the same apps and `gnome-tweaks` (as there are probably a lot of
methods setting fonts):
* User-interface text: Noto Serif Regular 10
* Document text: Noto Serif Regular 11
* Monospace text: Noto Sans Mono Regular 10
* Legacy window title text: Noto Serif Bold 11
* Apparently this means "apps that don't use client-side decorations"
- User-interface text: Noto Serif Regular 10
- Document text: Noto Serif Regular 11
- Monospace text: Noto Sans Mono Regular 10
- Legacy window title text: Noto Serif Bold 11
- Apparently this means "apps that don't use client-side decorations"
The number behind is obviously the number and it's based on what were the
defaults before I touched them so I am hoping GNOME knows what they are
@ -41,10 +41,10 @@ have trouble handling it, e.g. mpv (makes Ä and Ö and Å all Å) and Firefox
Other font settings in GNOME-Tweak:
* Hinting: *a bit*
* for no particular reason
* Antialiasing: *Subpixel (for LCD-displays)*
* I have no idea where there are "standard grayscale" displays that aren't
- Hinting: _a bit_
- for no particular reason
- Antialiasing: _Subpixel (for LCD-displays)_
- I have no idea where there are "standard grayscale" displays that aren't
LCD.
### Screen mirroring
@ -53,9 +53,9 @@ Other font settings in GNOME-Tweak:
Workarounds:
* Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
* Do something weird with OBS
* Use a dedicated application that don't seem to be in Fedora repos, flatpak
- Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
- Do something weird with OBS
- Use a dedicated application that don't seem to be in Fedora repos, flatpak
or snap.
* [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
* [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)
- [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
- [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)

View File

@ -4,24 +4,24 @@
Thus this `README.md` is not read, even if I happened to carelessly
copy-paste it in.
* `autostart-communication.conf` - chat/communication apps I am expected to have
- `autostart-communication.conf` - chat/communication apps I am expected to have
open or at least check at times
* `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
* `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
* `grimshot.conf` - screenshotting keybinds using `grimshot`
* `i3-selenized-dark.conf` - selenized dark colour scheme
* `keyboard.conf` - keyboard configuration
* `media.conf` - media key configuration and autostarts related to it
* `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
- `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
- `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
- `grimshot.conf` - screenshotting keybinds using `grimshot`
- `i3-selenized-dark.conf` - selenized dark colour scheme
- `keyboard.conf` - keyboard configuration
- `media.conf` - media key configuration and autostarts related to it
- `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
profile to `flat`
* `README.md` - you are currently reading this :wink:
* `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
* `swaybar.conf` - `swaybar` configuration
* `swayidle.conf` - `swayidle` configuration/autostart
* `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
- `README.md` - you are currently reading this :wink:
- `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
- `swaybar.conf` - `swaybar` configuration
- `swayidle.conf` - `swayidle` configuration/autostart
- `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
I happen to visit for longer period of time
* `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
* `zz-floating.conf` - configures windows that should float. For some reason
- `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
- `zz-floating.conf` - configures windows that should float. For some reason
that is inherited from my `i3` config, it tells to put float rules above the
last line, so it should be read last and `z` is the last letter of English
alphabet so it will hopefully be read last.

View File

@ -2,7 +2,17 @@
"layer": "top",
"position": "left",
"modules-left": ["sway/workspaces", "sway/mode"],
"modules-right": ["cpu", "memory", "battery", "pulseaudio", "sway/language", "network", "bluetooth", "tray", "clock"],
"modules-right": [
"cpu",
"memory",
"battery",
"pulseaudio",
"sway/language",
"network",
"bluetooth",
"tray",
"clock"
],
"sway/window": {
"max-length": 50
},
@ -12,7 +22,7 @@
"memory": {
"format": "RAM {percentage}%"
},
"bluetooth": {
"bluetooth": {
"format": "BT {status}",
"format-connected": "BT {device_alias}",
"format-connected-battery": "BT {device_alias} {device_battery_percentage}%"
@ -33,7 +43,7 @@
"format": "KBD {short} {variant}",
"on-click": "swaymsg input type:keyboard xkb_switch_layout next"
},
"network": {
"network": {
//"interface": "wlan0",
"format": "{ifname}",
"format-wifi": "{frequency}G {signalStrength}% {essid}",
@ -44,7 +54,7 @@
"tooltip-format-ethernet": "{ifname} up",
"tooltip-format-disconnected": "Disconnected",
"max-length": 50
},
},
"clock": {
"format": "{:%a. %d.\n%b.\n%Y-%j\n%G-W%V-%u\n%F\n%H.%M.%S}"
}

View File

@ -30,11 +30,13 @@ tooltip label {
}
#workspaces button.focused {
background: #64727D;
background: #64727d;
border-bottom: 3px solid white;
}
#mode, #clock, #battery {
#mode,
#clock,
#battery {
padding: 0 10px;
}

View File

@ -25,23 +25,22 @@ assume that means 2.
Note: -N uses names specified in config instead of reverse name lookupping
then.
* `chrony -N activity` - what sources are doing
* `chrony -N authdata` - can show that server uses NTS
* `chrony -N ntpdata` - a lot of data on the servers
* `chronyc offline` - offline mode
* `chronyc online` - reconnects servers
* `chrony -N sources` - used timeservers and their statuses
* `chrony -N tracking` - local status (stratum and own clock etc.)
- `chrony -N activity` - what sources are doing
- `chrony -N authdata` - can show that server uses NTS
- `chrony -N ntpdata` - a lot of data on the servers
- `chronyc offline` - offline mode
- `chronyc online` - reconnects servers
- `chrony -N sources` - used timeservers and their statuses
- `chrony -N tracking` - local status (stratum and own clock etc.)
### nmap
Checking that something is an NTP server? Needs root:
```
nmap -sU -p 123 --script=ntp-info 192.168.0.1
```
Checking that something has NTS?
```

View File

@ -12,6 +12,6 @@ but that way you must trust DNSSEC, CloudFlare and wherever the CNAME
points to who may not have DNSSEC. If you are using this file
(you shouldn't), you are already trusting me.
[dnscrypt-proxy]:https://github.com/jedisct1/dnscrypt-proxy
[Hyperboria]:https://hyperboria.net/
[Yggdrasil]:https://yggdrasil-network.github.io/
[dnscrypt-proxy]: https://github.com/jedisct1/dnscrypt-proxy
[hyperboria]: https://hyperboria.net/
[yggdrasil]: https://yggdrasil-network.github.io/

View File

@ -1,25 +1,24 @@
Useful nginx files that I will probably need and which I will forget if I
cannot read them from here.
* * * * *
---
## FUTURE WARNING
These files may age badly, so here are some hopefully timeless pointers:
* Generate the config file with https://ssl-config.mozilla.org/ (and if
- Generate the config file with https://ssl-config.mozilla.org/ (and if
time eats it, try https://github.com/mozilla/ssl-config-generator/ in
hope of finding where it is now.
* Name it 00-something so it will be the first file read and make
hope of finding where it is now. \* Name it 00-something so it will be the first file read and make
everything a different file.
* If using my acmesh-ssl.bash script, the files to fill should be like:
- If using my acmesh-ssl.bash script, the files to fill should be like:
(the script runs `$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"`)
* `ssl_certificate`, `ssl_trusted_certificate` are `cert.pem`
* `ssl_certificate_key` is `key.pem`
- `ssl_certificate`, `ssl_trusted_certificate` are `cert.pem`
- `ssl_certificate_key` is `key.pem`
The header syntax is following, ***THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP***
The header syntax is following, **_THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP_**
```
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
@ -33,12 +32,12 @@ The CSP comes from `HEAD "http://[::]:9000/#/chan-1"` to figure out what
TheLounge would be setting without a reverse proxy in front of it. `HEAD` is
in Debian package `libwww-perl`
* Refer to tester tools to see if the configuration is fine:
* https://observatory.mozilla.org/
* https://securityheaders.com/
* https://www.ssllabs.com/ssltest/
- Refer to tester tools to see if the configuration is fine:
- https://observatory.mozilla.org/
- https://securityheaders.com/
- https://www.ssllabs.com/ssltest/
* * * * *
---
## Arch

View File

@ -7,11 +7,11 @@ marking the headset as "Pro-audio" in pavucontrol Settings tab and adjusting
one from `alsamixer` is enough to fix it.
In `alsamixer` having it as pro-audio exposes the sound card in F6 known as
*Logitech USB Headset* and there I see two siliders, *Headphone* and *Mic*,
*Headphone* can apparently be 100 and *Mic* muted when not in use to avoid
_Logitech USB Headset_ and there I see two siliders, _Headphone_ and _Mic_,
_Headphone_ can apparently be 100 and _Mic_ muted when not in use to avoid
it echoing back.
* * * * *
---
The old pulseaudio fix for less than 20 % volume being unhearable is editing
`alsa-monitor.conf` and uncommenting `api.alsa.ignore-dB = true`
@ -32,10 +32,10 @@ don't exist by default anymore, they need to be copied and edited separately
See also:
* https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
* marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
- https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
- marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
## Bluetooth
* https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
* https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
- https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
- https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html

View File

@ -1,7 +1,7 @@
Central configuration for PKCS#11 plugin using software and smartcards.
* https://digisaatio.fi/wiki/P11-kit
* https://www.systutorials.com/docs/linux/man/5-pkcs11.conf/
- https://digisaatio.fi/wiki/P11-kit
- https://www.systutorials.com/docs/linux/man/5-pkcs11.conf/
Remember also [my FINEID notes in the gist/ repo](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/fineid)

View File

@ -1,6 +1,6 @@
sshd_config should include something like
Include /etc/ssh/sshd_config.d/*.conf
Include /etc/ssh/sshd_config.d/\*.conf
NOTE: This became supported only at OpenSSHd 8.2 on 2020-02-14.
https://www.openssh.com/txt/release-8.2

View File

@ -11,24 +11,24 @@ sudo systemctl restart systemd-resolved
## Files explained
* `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
- `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
systemd-resolved doesn't handle it properly), enables opportunistic DoT and
caching.
* `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
captive portals are a concern, `DNSOverTLS=no`.
* `README.md` - you are reading it right now.
- `README.md` - you are reading it right now.
## General commentary
* Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
- Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
at the time of writing this README.md, the current version is Ubuntu 20.04.0)
(systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in
v243 (big improvements in v244).
* TODO: find out when SNI became supported, I have just spotted it in the
- TODO: find out when SNI became supported, I have just spotted it in the
fine manual in 2020-06-??.
* Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
- Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
without which I wouldn't have got this right.
* DNSSEC may not work if the system is down for a long time and not updated.
- DNSSEC may not work if the system is down for a long time and not updated.
Thus `allow-downgrade` may be better for non-tech people, even with the
potential downgrade attack. There are also captive portals, affecting
`DNSOverTLS`. Both take `yes` or `no` or their own special option,
@ -36,7 +36,7 @@ sudo systemctl restart systemd-resolved
Other links I have found important and my files are based on:
* https://wiki.archlinux.org/index.php/Systemd-resolved
* Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
* request for strict DOT: https://github.com/systemd/systemd/issues/10755
* vulnerable to MITM: https://github.com/systemd/systemd/issues/9397
- https://wiki.archlinux.org/index.php/Systemd-resolved
- Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
- request for strict DOT: https://github.com/systemd/systemd/issues/10755
- vulnerable to MITM: https://github.com/systemd/systemd/issues/9397

View File

@ -3,13 +3,13 @@ subdirectories. The sudirectories won't exist in the real
`/etc/systemd/system` unless they end `.wants` or `.d` or something similar
and I forget to update this README file if that happens.
* reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
- reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
but uses https instead of http, because there is no reason I would want
someone to see what I download.
## Worth reading
* Waiting for network devices to have IP address (**I only use this for
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
* systemctl enable NetworkManager-wait-online.service
* systemctl enable systemd-networkd-wait-online.service
- Waiting for network devices to have IP address (**I only use this for
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
_ systemctl enable NetworkManager-wait-online.service
_ systemctl enable systemd-networkd-wait-online.service

View File

@ -1,9 +1,8 @@
The IPv6 files are copied from
https://www.reddit.com/r/raspberry_pi/comments/14vcpz/rpi_as_an_ipv6_router_using_a_sixxs_tunnel_and/
and they are here because they were my biggest difficulty with having Arch
on Pi as IPv6 router.
* Also helpful
https://wiki.archlinux.org/index.php/IPv6_tunnel_broker_setup
on Pi as IPv6 router. \* Also helpful
https://wiki.archlinux.org/index.php/IPv6_tunnel_broker_setup
Miredo.service again is edited from what Arch & Debian ship so it starts
after there is already network connectivity and Unbound is running

View File

@ -2,5 +2,5 @@ Services in this directory are meant for my Jolla Phone which runs
Sailfish OS. It doesn't have cron, so I tried the nearest equivalent
that is there out-of-box, systemd timers.
* aliendalvik-stopper again stops android support hourly so it won't waste
- aliendalvik-stopper again stops android support hourly so it won't waste
battery.

View File

@ -1,10 +1,9 @@
System-wide autostart files
===========================
# System-wide autostart files
*Note: this directory is also being used as `~/.local/share/applications`
which populates the app menu, my autostart is thankfully not this
populated.*
_Note: this directory is also being used as `~/.local/share/applications`
which populates the app menu, my autostart is thankfully not this
populated._
* redshift - app that changes screen temperature along the sun
* telegramdesktop - IM app, based on telegram-desktop package
* com.wire.WireDesktop - Wire flatpak based on the flatpak of the same name
- redshift - app that changes screen temperature along the sun
- telegramdesktop - IM app, based on telegram-desktop package
- com.wire.WireDesktop - Wire flatpak based on the flatpak of the same name

View File

@ -6,8 +6,8 @@ as the links below.
## Additional repositories
* Begin by `sudo fedora-third-party enable`
* https://github.com/yggdrasil-network/yggdrasil-network.github.io/issues/127#issuecomment-766520311
* https://www.insynchq.com/
* https://keybase.io/docs/the_app/install_linux
* https://rpmfusion.org/Configuration
- Begin by `sudo fedora-third-party enable`
- https://github.com/yggdrasil-network/yggdrasil-network.github.io/issues/127#issuecomment-766520311
- https://www.insynchq.com/
- https://keybase.io/docs/the_app/install_linux
- https://rpmfusion.org/Configuration

View File

@ -5,15 +5,15 @@ NetworkManager.
Notes:
* `git commit`ing the same SSID with different capitalisations breaks
- `git commit`ing the same SSID with different capitalisations breaks
Windows and more common macOS setups due to their filesystems being
case-insensitive.
* `Settings.AutoConnect=true` is unnecessary as it defaults to true
- `Settings.AutoConnect=true` is unnecessary as it defaults to true
according to `man iwd.network`.
* `IPv6.Enabled=true` defauls to true being also unnecessary.
* `private-home-sample.psk` has a comment on MAC address override and sends
- `IPv6.Enabled=true` defauls to true being also unnecessary.
- `private-home-sample.psk` has a comment on MAC address override and sends
hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
address and doesn't send hostname.
* The `.open` networks always randomize MAC address too. If a network is
- The `.open` networks always randomize MAC address too. If a network is
private and needs MAC address for captive portal override or something,
`private-home-sample.psk` should be adjusted from.